Warning For Pilots To Counter Airborne Hacking

As the military helicopter lifts off the ground and heads skyward, the numbers on the altimeter suddenly stop ticking upward. The rumble of the helicopter’s engines fades and the chopper starts losing altitude. A second later, a dire warning flashes in red on a cockpit screen: “Cyber Anomaly.”

The helicopter is under attack, but not from missiles or guns. Seconds later, it smashes into the ground. But this pilot is not in a real helicopter, just a small simulator set up in a conference room of a high-rise office building in Virginia.

The pilot is in fact part of a Raytheon team that is building a new warning system it calls CADS (Cyber Anomaly Detection System) that tells pilots when their planes are being hacked, something the US military expects to happen in the battles of the future.

Speaking to DefenseOne, a  Raytheon spokesman said,  “Basically, we’re trying to give the pilot the information about what’s happening internally on his aircraft in real time.... we’re telling him what’s going on and allowing him to make decisions about what he needs to do to correct the problems.”

Inside most aircraft, important electronics are plugged into a serial data bus. The bus used in many U.S. military planes was developed in the 1970s and “still have not been updated for security,” according to Raytheon.

“You GPS talks on it, your fuel valve switches are on it, your autopilot is on it and other avionics systems all communicate over this bus,” Fry said. “What we found is as technology has increased and more and more [commercial] products are put in aircraft, there’s more of an attack surface for cyber threats to go onto the platform.”

Raytheon began developing this Cyber Anomaly Detection System three years ago after receiving “customer feedback” about “vulnerabilities in aviation platforms,” Raytheon is funding the project itself won’t say if the systems is deployed on U.S. military aircraft.

Pentagon officials have increasingly been talking about weapon cyber vulnerabilities and the need for companies “harden” their products. Hackers can get into military and commercial aircraft, vehicles, and even missiles and bombs by infecting them with malware, by plugging an infected cell phone into one of the aircraft’s USB ports, or even wirelessly. 

In the simulation the the helicopterwas injected with malicious code wirelessly from a tablet. The code caused the helicopter’s engines to shut down. While the pilot was able to disable the helicopter’s wireless receiver before hitting the ground, he was not able to stop its fall.

Raytheon says the technology could be used to detect cyber intrusions on drones, vehicles or even missiles and although its product can currently only detect attacks, new versions may be able to fight them off and repair the damage.

“In the future we’re looking more in that direction, but right now we’re starting with a passive system, so we won’t interfere with the bus......We’re just going to leave the human in the loop and leave the pilot in control and make him aware of his surroundings so that he can take the actions.” Raytheon's spokesman said.

Raytheon:           DefenseOne:       

You Might Also Read:

Aircraft Can Be Successfully Hacked In-Flight:

 

« Using Blockchain Against Counterfeit & Forgery
Serious Cyber Attacks In Singapore Reflect Poor Cyber Security »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CLUSIL

CLUSIL

CLUSIL is an association for the information security industry in Luxembourg.

Vaulto Technologies

Vaulto Technologies

Vaulto protects critical business processes that are conducted via the cellular network.

Database Cyber Security Guard

Database Cyber Security Guard

Database Cyber Security Guard (aka Don't Be Breached) informs Security Professionals and DBAs of Zero Day, Ransomware and Data Breach attacks within milli-seconds

Bangladesh Association of Software & Information Services (BASIS)

Bangladesh Association of Software & Information Services (BASIS)

BASIS is the national trade body for Software & IT Enabled Service industry of Bangladesh.

Navaio IT Security

Navaio IT Security

Navaio helps clients with IT Security related challenges with a primary focus on Identity and Access Management, Data Governance, User Awareness and Cyber Resilience Services.

Arkose Labs

Arkose Labs

Arkose Labs' Fraud and Abuse Platform combines Telemetry and adaptive Enforcement Challenges to break down the ROI of fraudsters and protect digital businesses.

GuardRails

GuardRails

GuardRails provides continuous security feedback that empowers developers to find, fix, and prevent vulnerabilities.

xorlab

xorlab

xorlab is a Swiss cybersecurity company providing specialized, machine-intelligent defense against highly engineered, sophisticated and targeted email attacks.

Advent One

Advent One

Advent One are recognised for solving intricate dilemmas, not only making technology work but building foundations that customers can grow upon in an effective and secure way.

IT Voice

IT Voice

IT Voice specializes in Managed IT and VoIP solutions. Our focus is simplifying the technology so our customers can stay focused on what they do best.

Nuke From Orbit

Nuke From Orbit

Nuke's mission is to put you back in control of your digital identity when your smartphone gets stolen.

AI EdgeLabs

AI EdgeLabs

AI EdgeLabs is a powerful and autonomous cybersecurity AI platform that helps security teams respond immediately to ongoing attacks and protect Edge/IoT infrastructures.

BeamSec

BeamSec

BeamSec is a cybersecurity solutions provider committed to addressing the human element of risk against the evolving landscape of email-based cyber threats.

SecuRedact

SecuRedact

SecuRedact is an AI-powered tool to detect and pseudonymize personal data in text and images. Fast, local, secure, and free to try.

Center for Technology Training (CTT)

Center for Technology Training (CTT)

CTT is a distinguished Computer Training School in Tampa. We specialize in offering comprehensive IT certification programs, including Cyber Security.

London School of Emerging Technology (LSET)

London School of Emerging Technology (LSET)

LSET's Cyber Security Unit is your premier destination for comprehensive cybersecurity education and training.