C. Warren Axelrod

Aviation Security

The loss of the Malaysia Airlines Boeing 777 flight MH370 has raised general interest in the issue of aircraft system security in addition to the usual focus on aircraft safety. While I did spend some time on the security of avionics in my book “Engineering Safe and Secure Software Systems” (Artech House, 2012), in fact the entire book considers this very issue, namely, the security of safety-critical systems such as those that control aircraft.

There are a number of books that address airplane security specifically, one being “Aviation Security Engineering: A Holistic Approach,” by Kolle, Markarian and Tarter (Artech House, 2011). “Security” in this book refers to both physical and cyber security. It should be noted, however, that cyber security is mentioned in only two out of 300 pages, with the rest of the book covers physical security. Also, there is practically no mention of avionics software systems. If you want to dive more deeply into the software side, you really need to read “Avionics: Elements, Software and Functions,” edited by Cary R. Spitzer (CRC Press, 2007).

As a point of interest, for those interested in learning more about the Boeing 777’s systems, there is a whole chapter in Spitzer’s book devoted to the topic. It is by Gregg F. Bartley of the U.S. Federal Aviation Administration and has the intriguing title “Boeing B-777: Fly-By-Wire Flight Controls.” Bartley starts out by saying:

“Fly-By-Wire (FBW) primary flight controls have been used in military applications such as fighter airplanes for a number of years. It has been a rather recent development to employ them in a commercial transport application. The 777 is the first commercial transport manufactured by Boeing which employs a FBW primary flight control system.”

If you read Bartley’s chapter, you will likely be thinking about whether any aspect of the FBW system on MH370 could have contributed to the seemingly erratic behavior and subsequent loss of the airplane. There is nothing in the chapter that would give one excessive concern about the flight management systems running on Boeing 777s.

At this point, I think that it might be interesting to consider a short paragraph from page 6 of the Kolle book on a difference between security and safety, as follows:

“… security is continuous process and engagement. Security is not a one-shot solution. This is where the main difference with ‘safety’ lies. Safety risks or hazards are essentially constant in their nature, the laws of physics do not change over time. Once mitigated, one would not have to revisit it again. Thus ‘security monitoring’ is a prerequisite for assuring that any security state reached is maintained over time.”

Just prior to the above paragraph, the authors state that “security risk processes” gain “particular importance when new threats are emerging or (undetected) vulnerabilities have been identified.”

I agree with the assertion that security requires ongoing effort because the threat environment is dynamically changing, as are the systems themselves. However, I’m not sure about the statement that safety hazards are static with respect to hazards. After all, we are discovering new things that are hazardous to our health and wellbeing every day.

It all comes down to the same question … What do we need to do to ensure that safety-critical systems are secure? The simple answer … Much more than we do now. But how much security will be enough? Unfortunately we are still a long way from reaching a point where both safety and software security are fully considered within each stage of the development lifecycle. But we need to be moving in that direction if we want to ensure that safety-critical systems are also secure.

Post a Comment

Your email is never published nor shared. Required fields are marked *