Protecting Systems In-Flight: Cybersecurity Evolves for the Connected Airline

For decades, traditional aircraft voice communications were based on analog technology with voice traveling over radio waves. In the 1970’s, digital data links were established for the flight crew to enable the transmission of short messages between aircraft and ground stations via radio or satellite. Today, with passengers on commercial aircraft connected by satellite and digital technologies to a variety of entertainment applications, the need to protect these systems from cyber threats has increased significantly over the last few years.

“For sure the landscape has changed,” says Sam Miller, Director of Product Cybersecurity for InFlyt Experience, Thales’ leading-edge connected in-flight entertainment system business.  “And although the entertainment system is not considered safety-critical, we are committed to making sure that aircraft systems are protected.  That’s why we work with the aircraft OEMs to ensure proper segregation and validation of systems end-to-end.”

 In 2015, consultant Chris Roberts told the FBI he had hacked airlines at least 15 times by connecting through entertainment systems. While his claims remain the subject of debate, they served to highlight the need for increased cybersecurity in the air – even if the likelihood of a down-level system intrusion is low.
 
“With the increase of data and personalization, there’s more to protect,” says Fred Schreiner, CTO of Thales InFlyt Experience. “We’ve always had to protect movie rights, but since the Chris Roberts claims, there’s been increased awareness among airlines and the public about cybersecurity, and we’ve continued to make significant investments.”
 
At any given time, more than a million airline passengers a day use Thales InFlyt Experience systems, installed across 75 partner airlines worldwide.  And more than ever, passengers want connectivity options through their own devices.  AVANT, Thales’ new state-of-the-art Android entertainment solution features a highly customizable passenger experience with the latest applications on the market, and allows connectivity on the ground and in the air. 

“With smart devices, airlines are trying to create a seamless journey and passengers want to have those connected capabilities at their fingertips,” says Schreiner.  “That’s what’s driving connectivity.  Flight crews have been connected for a long time, but now we’re talking about passengers wanting to be connected and have access to content in flight.”
 
Thales is working with airlines to explain what best practices are being implemented to secure their entertainment and connectivity systems. But passengers also have a role to play in their own security.  Passengers should adopt their own security best practices when using open WiFi networks on the aircraft– for example, using a VPN to secure their connection.  The same practices apply to when connecting to open WiFi networks on the ground.
 
Thales continues to work with its airline customers to provide cybersecurity, building on 40 years of experience providing critical information protection for large commercial enterprises and governments around the world. 
 
“Aircraft are becoming nodes in a network, and we have airborne, space and ground systems that process communications,” says Schreiner.  “There are more threat surfaces, even within the cabin between passenger devices, wireless access points and ground portals where users and operators access information.  These are more than just aluminum tubes that fly through the air, and their connectivity is creating additional opportunities for both passenger entertainment and cyber-threats.”
 
Today, 19 of the world’s 20 largest banks, four of the five largest energy companies and 27 NATO countries rely on Thales for risk assessment, penetration testing, key management, and encryption – many of the same tools and expertise are applied to protect Thales In-flight Entertainment and Connectivity Systems.