In terms of electronic and software architecture, a long-range aircraft, whether it is an Airbus or a Boeing, uses many highly sophisticated systems to control a wide range of components that ensure the safety of the aircraft and its passengers. However, it is not necessary for cyber hackers to take complete control of a flying aircraft in order to cause serious concern or enormous financial damages.
During a flight, any significant doubt in the pilots’ minds can cause a premature landing at the nearest airport. Therefore, even a small-scale yet visible interference can allow cyber hackers to make an aircraft dysfunctional.
“All you need to do is corrupt the fuel gauge and lead the pilots to believe that the tanks are less full than expected,” explains Nicolas Duguay, Director of Business Development at In-Sec-M, the Canadian cybersecurity industry cluster. “If someone were to transmit the same false data to a fleet of aircraft, air traffic would be greatly disrupted, costing hundreds of millions of dollars for all companies involved. Not to mention the public’s loss of confidence.”
To avoid such a scenario, aircraft manufacturers, who are huge consumers of hardware and software, must continually ensure that they strengthen their aircraft’s electronic systems with embedded cybersecurity, that is, protection built directly into the microprocessor which serves as a shield against intrusions.
In fact, both in the encryption of operations and in the protection of on-board systems, the integration of cybersecurity right from the microelectronic design stage is an indispensable factor. Additionally, the encrypted protection of air-to-ground communications remains paramount to prevent unwanted interventions.
However, the biggest threat to the aerospace industry does not really target flight operations. The main target is ground operations, and more specifically, those of the companies themselves.
“The topmost issue is the protection of intellectual property”, states Suzanne M. Benoît, CEO of Aero Montreal, a strategic forum that brings together the top executives of the Quebec aerospace sector. “Espionage and the theft of sensitive information, whether in terms of manufacturing processes, computer systems or materials used, can be extremely damaging to a company.”
Especially since major aerospace manufacturers work very closely with many independent companies, each playing its own role in the design, manufacture and operation of aircraft. Although efficient, this approach has an inherent weakness which has the property of multiplying.
“The aviation industry is very exposed by its very nature,” notes Nicolas Duguay. “In the manufacturing of an airplane, an enormous amount of information is exchanged at all levels between all partners, and each one has its own intellectual property to protect. Since the exchanges are frequent, the risks of them being intercepted are just as much so.”
However, since these companies are generally SMBs, their means of investing in cybersecurity are sometimes limited. This vast and diversified supply chain is therefore both a great ally and a great risk for aircraft manufacturers, as cyber hackers, sometimes working for state actors, tend to infiltrate the SMB partners and then seize the manufacturer’s industrial secrets, or sabotage their operations to cause very expensive delays.
Faced with this threat, Quebec companies active in the aerospace industry must ensure that they play their role by not being the weak link in the production chain.
Over the next three years, this task could be facilitated by the Quebec Cybersecurity Innovation Program (PICQ) established by the provincial government and managed by PROMPT, which supports research partnerships in technological innovation. The objective of the PICQ is to assist Quebec companies, in practical and financial terms, with the acceleration and strengthening of their cybersecurity. This is done, for example, through financial support in order to create or adapt cybersecurity solutions, or to obtain cybersecurity certifications.
“Aerospace is an area where the importance of cybersecurity reaches another level”, points out PICQ Director Maxime Clerk. “Many Quebec companies are active on the worldwide aerospace scene. As standards become more stringent in the aviation sector, they must not find themselves discarded because of cybersecurity that falls short of expectations. Hence the importance of these certifications.”
Some countries have already raised their cybersecurity requirements for aerospace companies in order to better protect the industry, intellectual property, confidential information, physical and computer engineering, as well as day-to-day and economic operations.
In this regard, Canada is not quite at the same level as the United States or the European Union in terms of cybersecurity certifications for the aerospace sector, but given the reality of the situation, it soon will be.
“Cyber attacks are not going to decrease and they are not going to go away, quite the contrary”, says Suzanne M. Benoît. “When it comes to cybersecurity, the requirements of aircraft manufacturers and governments will increase, therefore Quebec aerospace companies should get ahead in this area and not delay in doing so.”
“Being proactive will pay off more than being reactive”, adds Suzanne M. Benoît. “That’s a certainty.”