Air traffic control (ATC) is collectively a set of regional, interconnected systems that perform numerous functions such as in-air flight separation and routing, on-ground traffic control, radar control, and runway lighting control, to name a few. Working together, the network of regional ATC systems provides comprehensive coverage for the nation’s airspace and allows travelers to safely enjoy commercial and private air travel. As such, the ATC network is a key transportation component of national critical infrastructure.
Advancing cyber threats
It’s very clear that the entire globe is enmeshed in an advanced and often treacherous cyber threat landscape today. Adversaries actively target organizations of all types. Exploits against critical infrastructures are spiking up rapidly. Globally, we are advancing toward hyper-connectivity in the Internet of Things (IoT) era—one in which previously isolated devices are now being connected to networks of all kinds. Organizations need ever-increasing amounts of data in order to perform analytics that enable adoption of new business models and innovative consumer services.
The interconnected network of ATC systems is part of this evolving IoT landscape, as airports around the globe look to modernize their critical functions. Air travelers are also part of this interconnected ecosystem, consuming data from the airlines and airports that depend on critical systems.
Various aspects of ATC interface with physical processes such as radar control and airport runway lighting. Without reliable radar and lighting, safe air travel wouldn’t actually be possible. Industrial control systems—and their components and networks—provide the ability to control these kinds of physical processes. If industrial control systems are disrupted or taken out of normal operation, ATC functions could be severely impacted.
Safeguarding high reliability, long lifecycles
Industrial control systems are designed for high reliability and extreme longevity. They have lifecycles typically measured in decades, which increases the need to protect and update them over an extended period of time, unlike most IT systems that might be easily retired in favor of more advanced features. Industrial control systems are also designed for use in harsh environments such as airports.
This longevity, combined with the increasing connectivity between corporate IT and control system networks, brings greater cyber risk with it. In addition, due to operational constraints, the opportunities to upgrade or patch industrial systems is often limited to infrequent outage or maintenance windows. Thus, protecting industrial environments is an especially challenging proposition, especially when compared with corporate IT.
Organizations that rely on industrial control systems—which include the transportation, utilities, manufacturing, oil & gas, chemical, mining, and government sectors—are increasingly targeted by malicious actors. Their motives may include competitive advantage, disruption of operations, political or reputational harm, and espionage. Malware used against industrial control systems is extremely advanced, and the adversaries behind such malware are very patient.
ATC functions are potentially attractive targets for some of these adversaries. Lessons learned from exploits seen in other sectors demonstrate that portable media, remote access, and interconnections between corporate IT and industrial networks are all-too-common threat vectors. Depending on their design, some ATC systems and networks can be at risk through these vectors as well.
Effective security solutions
For industrial security solutions to be effective, they should be designed and tailored specifically for these environments—as opposed to solutions designed for general purpose IT—so as not to impede normal critical operations. An industrial cyber exploit may, for example, seek to cause what is known as a Loss of Visibility (LoV) event. An adversary could initiate an LoV event against an ATC system to prevent its operators from obtaining accurate location information for in-flight or on-ground airplanes. So without accurate data, normal flight operations would be impeded and safety could be put at risk.
For the aviation industry CISO, or the equivalent level executive, implementing an effective security program strategy is key. Ensuring the continuous and safe operations of the ATC system and related networks is of prime importance. To combat today’s threat actors and the advanced cyber techniques they employ, there are several must-do’s for industrial security environments, including:
- Obtain executive-level visibility and support for the security program
- Hire and retain dedicated security personnel with the right skills
- Maintain robust separation from corporate IT environments
- Implement robust internal network segmentation
- Implement real-time cyber threat detection and response capability
- Maintain accurate asset inventories
- Enforce severe restrictions on portable media use
- Implement robust remote access controls
- Employ strict change control procedures
- Regularly evaluate third-party and supply chain security risks
Keeping Air travel Safe
Implementing these foundational steps—in addition to complying with regulatory requirements—will go a long way in securing the critical elements of ATC systems and help keep air travel safe. The most important success factor is understanding the distinctions between traditional corporate IT environments and their industrial counterparts. By understanding the critical functions that industrial systems support, effective security solutions can be deployed that ensure their continued operation.
Today’s aviation security leaders can build on this foundation to achieve higher levels of program maturity, enabling them to build proactive business cases for long-term investments with the necessary security capabilities. And our skies will be even safer as a result.
Jon Stanford is a Principal and the industrial security services leader in Cisco’s Security Solutions organization, focusing on critical infrastructure and industrial automation environments. A former federal CISO and corporate CTO, Jon serves a national and global client base, leveraging his more than twenty-five years of professional experience in public, private and Big-4 consulting leadership roles. He helps organizations achieve their enterprise governance, risk management, and compliance goals, and harmonize their IT and OT security programs. Jon is a frequent speaker and media contributor, and serves on the Industrial Control Systems Information Sharing and Analysis Center (ICS-ISAC) governing board. He holds a BS in computer information systems, the CISSP, CISM, CRISC and CGEIT certifications, and is a graduate of the Naval Postgraduate School Homeland Security Executive Leaders Program.