HomeEngineering Cybersecurity for the Future Air Transportation System
Share
 

Engineering Cybersecurity for the Future Air Transportation System

Securing the nation's future air transportation system against cyber attack.

Tom FuhrmanThe Federal Aviation Administration is preparing for the Next Generation Air Transportation System (NextGen), a major modernization of the National Airspace System.  NextGen is a revolutionary multi-year transformation that will employ satellite positioning and Internet technology to improve the efficiency, safety, and capacity of air transportation. Because NextGen depends on the automated flow of information across a ground and airborne network, a major challenge in the engineering design and implementation of NextGen will be securing it against cyber attack.

Booz Allen Hamilton Senior Vice President Tom Fuhrman, an expert in cybersecurity, participated in a panel at the 54th annual Air Traffic Control Association (ATCA) conference, which brought together controllers, FAA officials, pilots, vendors, and other aviation professionals to focus on the most pressing air transportation issues of the day. boozallen.com talked with him about NextGen and Booz Allen’s system engineering and cybersecurity capabilities.

boozallen.com: The subject of the panel was cybersecurity and the Next Generation Air Transportation System. Can you give us a little background?

Fuhrman: In today’s air traffic control system, aircraft position is determined through a combination of ground-based radars and aircraft transponders, as it has been for decades. This data is displayed on radar screens in FAA facilities giving controllers a “top-down view” of aircraft in flight. Controllers monitor all of the air traffic on these displays and manage traffic flow and separation through radio contact with pilots.

NextGen will be a revolutionary change. Each aircraft will have a satellite receiver on board that determines the aircraft position at every moment, much like the GPS receivers in our automobiles today. That position will be broadcast to the ground and a common “top-down view” of the airspace—much like the radar screens of today—will be available in every cockpit. NextGen will have a much greater degree of automation than today’s system. It will move much of the in-flight decision making on trajectory and separation to the cockpit, and allow greater efficiency in all phases of flight, from pre-takeoff to post-landing.

boozallen.com: So the automation and openness creates the need for additional system security?

Fuhrman: Yes. The air traffic control backbone is going to look a lot like the Internet—it will be a large network using common technology and common platforms—and it will be vulnerable to the same kinds of threats, such as viruses or cyber attacks. Motivated cyber attackers must be thwarted because the safety and security of the air transportation system is at stake. And there is a wide and complicated range of cyber threats. For example, supply chain risk. How do we make sure we can trust the security of aviation equipment procured from offshore manufacturers when we don’t have control of the facility or process?

boozallen.com: How can these challenges be overcome?

Fuhrman:  Well the first step is to recognize that cyber security is an enterprise-wide system integration challenge, and it needs to be treated that way. Good engineering demands that systems be designed to operate under a wide range of conditions; good cyber engineering demands that they be designed to withstand deliberate attacks through cybersecurity gaps. We use the concept of “attack surface” in the cyber security business to describe the full set of security gaps that would allow an attack or a penetration to be successful. To minimize the attack surface, you start with the design, the architecture. Every node on the network, every communications link, every person in the system is a potential vulnerability. You design to minimize the attack surface and then you manage that attack surface in daily operations.

boozallen.com: How does Booz Allen address this issue?

Fuhrman: One of the tools of systems engineering is the “use case” methodology, which is a structured way of defining operational scenarios to help with requirements definition and design tradeoff analysis. We then flip the use case around—to be a misuse case, if you will—in which we examine the ways that computer vulnerabilities could be exploited, or that data flows could be disrupted. In this way we methodically consider the full range of cyber threats against each scenario.

boozallen.com: What capabilities does Booz Allen bring to the area of cybersecurity?

Fuhrman: As we’ve demonstrated on very large system engineering programs for clients such as NASA and the U.S. Air Force, our systems engineering and integration approach addresses cybersecurity from requirements identification to operations. We have experts in cybersecurity engineering, IT, and supply chain and logistics. We also have a great depth of aviation experience at Booz Allen—pilots, controllers, airspace managers, aerospace engineers, avionics designers. It’s critical to have the right “domain” expertise in house for every systems engineering effort.

Cyber Careers

Learn more about cyber opportunities and other careers with Booz Allen.

story posted November 13, 2009

 
Find us on Facebook. Watch us on YouTube. Visit Our LinkedIn Profile.
  • Copyright Booz Allen Hamilton Inc. All Rights Reserved
  • Legal Notice & Privacy Policy
  • Contact Us
  • Site Map