Rotor & Wing International
Found inFeature

How Will the US Military Secure ADS-B?

With a U.S. Government Accountability Office report noting the U.S. Defense Department has an “urgent need” regarding the FAA’s 2020 ADS-B Out mandate, concerns point to the tech’s potential to pose operational risk.

In January, the U.S. General Accountability Office (GAO) issued a stinging report bearing on ADS-B, the radar-replacing surveillance tool mandated to be equipped on certain aircraft in service by 2020.

Titled “Homeland Defense: Urgent Need for DOD and FAA to Address Risks and Improve Planning for Technology That Tracks Military Aircraft,” the critique has two central takeaways.

First, thousands of airframes of all capacities for military and civil, fixed- and rotory-wing will fail to comply with the FAA’s 2010 order requiring ADS-B equipage in most air corridors by the deadline. As of Feb. 1, the FAA said 43,642 aircraft were rule-compliant, with some 100,000 remaining, plus fewer than 10% of an estimated 10,000 helicopters.

Second, serious “security and operations risk” questions need addressing. Namely, the absence of a requirement that military airframes equipped with ADS-B, which broadcasts in the clear, include countermeasures against hackers, spies and terrorists, among others. (GAO did not distinguish military rotorcraft from fixed-wing platforms.)

“Clear air” means ADS-B’s 1090 MHz tracking and navigation messages, as well as computer-controlled ancillaries like the GPS unit and display screens, may be accessed by unauthorized people. The inferred vulnerabilities in the report are many and potentially grave.

ADS-B signals on the military side can include classified aircraft position data. On the commercial side, that could be sensitive, valuable financial data. Breaches of one or many aircraft simultaneously might compromise national security, privacy and physical safety in the air or on the ground.

Joe Kirschbaum, GAO’s director of defense capabilities and management, led a January study team that tracked and identified flaws in various ADS-B-fitted U.S. military aircraft. In a February interview, he underscored the inherent dangers both in the FAA’s and Defense Department’s foot-dragging on compliance and, particularly, the seeming dearth of ADS-B threat mitigation solutions for military aircraft. He called the glacial movement on both fronts “problematic.”

Firms like ACSS are supplying ADS-B.Photo courtesy of ACSS

The Pentagon, he told R&WI, has not ensured its FAA-mandated implementation of NextGen “is accompanied by effective security measures and capabilities.” At root the two agencies have been “ignoring the security goal in favor of the [2020 ADS-B] mandate compliance.” Consequently, “The more military aircraft … equipped with ADS-B without those security measures, the greater … the operation security risk to those aircraft and the national defense.”

The redacted version of the GAO’s latest report has little on specific threat vectors. But Kirschbaum said a key concern is that “as ADS-B is integrated into aircraft avionics, it will have the same kinds of potential vulnerabilities as many other internet-based technologies in terms of potentially being activated or de-activated remotely and without permission.”

That includes the vaunted U.S. F-22 warplane. Citing a 2015 RAND Corp. study commissioned by the U.S. Air Force, GAO said the stealthy Raptor was among aircraft vulnerable to cyberattack.

ADS-B also is susceptible to aggressive electronic warfare. Given that the FAA is planning to divest radars as ADS-B is phased in, Kirschbaum said, “homeland defense could … be at risk, since the North American Aerospace Defense Command [NORAD] relies on information from FAA radars to monitor air traffic.”

The overarching concern, he explained, is that “the entire premise of ADS-B is that the information is not encrypted and therefore available to all to ensure safer navigation and air traffic control. Unfortunately, flying unencrypted introduces the kinds of vulnerabilities we highlighted in our January report.” These include spoofing, jamming, ghosting and the like. Among other tactics are inserting fake “ghost” aircraft.

That is why ADS-B security integration decisions and potential solutions to the problem “should have been on the top of the priority list for all concerned from the beginning.” Now, “even greater effort and disruption will have to result to rectify the problem.”

It is the third time in recent years that GAO has examined ADS-B regulatory and security shortcomings.

In a 2015 GAO report, four cybersecurity experts said firewalls aimed at protecting ADS-B “could be hacked like any other software and circumvented.”

In 2008, GAO warned about increased risk of compromise for ADS-B versus standard Mode S transponders in military “sensitive missions.”

Kirschbaum does laud the FAA and Defense for pursuing new technologies like ADB-S that “hold promise for efficiency and effectiveness,” but he criticizes them for the “insufficient attention paid to the security impacts and effects.”

Bolstering GAO’s latest findings are results of simulated cyberattacks on avionics systems by others, including private labs, academics and lone-wolf hackers. One was undertaken in 2016 by a Department of Homeland Security (DHS) team involving a legacy Boeing 757 airliner; a DHS cybersecurity investigator hacked into it easily.

Robert Hickey told reporters afterward, “I [performed] a remote, non-cooperative penetration.” Without his touching the aircraft and with no one aboard it, Hickey managed to remotely “establish a presence on the aircraft’s systems,” he said. Hickey noted the incursion did not encompass ADS-B, per se, but illustrated gateways available to adversaries.

Some ADS-B hackers likewise claim success acquiring position and other data with $100 handheld “point-and-capture” devices aimed at aircraft overhead.

Reactions from Defense and the FAA to the GAO and DHS hacks vary. The Pentagon, mindful of information security protocols, has not commented on the latest GAO findings. Defense officials declined to address numbers of fixed- and rotary-wing military airframes fitted with ADS-B, or countermeasures recommended as adjuncts for it.

The Air Force, designated lead in FAA-Defense efforts to facilitate ADS-B implementation under the NextGen initiative, did not respond to questions on ADS-B security challenges identified by GAO’s study. Summing up the Pentagon’s position, an Army public affairs officer referred to the report’s appendix. Similar to the FAA’s official response, the perfunctory letter notes the Defense Department was doing its best to ensure mandate compliance, simplify FAA-Defense cooperation on the NextGen modernization plan and improve cyber risk-remediation strategies.

The FAA’s website, meanwhile, acknowledges that while ADS-B data can be received by “any aircraft, vehicle or ground station equipped to receive ADS-B,” no specific encryption is specified.

An FAA communications official, when asked why this standard tool was not recommended or required for military or other mandated aviation sectors, said the agency doesn’t view risks to ADS-B as more serious than the electronic spoofing or intentional jamming risk “associated with … radar systems employed to separate aircraft today.” Besides, the U.S. air traffic system relies upon “redundancies and independent backup capabilities” as safeguards, this source added.

Responding specifically to the aircraft hack by DHS, the FAA said in a statement, “We have reviewed the findings of the [DHS] report and determined that they do not represent a threat, regardless of aircraft type, to the safety of aircraft operations.” Moreover, during the past decade, the FAA said it has “developed stringent cybersecurity standards and security protocols.”

As to ADS-B safeguards for the civil rotory-wing sector, Christopher Martino, Helicopter Association International’s VP for operations said those issues remain unresolved. ADS-B signal reception by outsiders is a simple matter, he said, “and some fixed-wing and helicopter operators have concerns about reception security. The FAA continues to work this issue.” Martino concluded, “The overarching problem is the issues are very complex.”

Defense contractors are busy installing ADS-B equipage, including security features reflecting corrections to flaws GAO and others have turned up.

For the burgeoning helicopter market, several firms are engaged in supplying ADS-B. For example, L3 Vertex under a U.S. Navy contract has been providing ADS-B to about 100 TH-57 Sea Rangers, a military version of the commercial Bell Jet Ranger 206. Though mainly used for training, the Rangers also are employed for photo, chase and utility missions. Like all rotorcraft, they require DO-260B ADS-B-compliant transponders and GPS receivers.

Another player is ACSS, an ADS-B equipment supplier for all aircraft segments. Eric Baumert, VP of sales, said safeguards for military ADS-B systems “must be compliant to the DOD’s DFARS 252.204-7012, i.e., the ‘Safeguarding Covered Defense Information and Cyber Incident Reporting’” protocol. The radio frequency interface and respective avionics equipment interface also must meet all industry regulations and specifications.

The firm ensures its software is scanned for virus and malicious code before releasing it. Products also aren’t connected to any aircraft networks, so they “can’t be accessed by any external influences.” Such processes mitigate threats, he concluded.

Sample Threats

The most often discussed attacks on ADS-B are jamming and “spoofing” — inserting fake aircraft into its messages. There are others.

In a September 2017 commentary on security intelligence, Alan Sizemore, associate partner at IBM Global Security CoC, wrote that exploits could include distributed denial of service (DDoS) and man in the middle (MItM) operations. He offered chilling scenarios should current safeguards fail.

Alan Sizemore

“What if an attacker [executed] a DDoS attack? Could the ground station be overwhelmed with false packets, causing it to go off the air? Worse yet, the default behavior for a packet with a failed CRC (cyclic redundancy check) is to drop it.

“Could a MitM attack simply flood the ground station with malformed packets for each of the aircraft received in the previous broadcast packet? Would this make all the aircraft simply drop off the screen in the cockpit?”

A private pilot, while the FAA does not detail technical solutions, he said, involve “analytic geometry combined with a database of aircraft performance to calculate an aircraft’s previous position and compare it to the recently received packet.”

Regarding cryptographic solutions, they are unlikely to be employed any time soon. Aircraft systems, Sizemore concluded, do not have enough CPU power for encryption due to backward compatibility concerns with the installed base.” RWI