Tweet
Title: Cybersecurity Meets Aviation Regulation
Description:
Software development for aviation is highly regulated, and process driven. The current processes, as defined in DO-178C and related standards, originate from a history of designing and testing mechanical components. In the past you designed a part and once installed it only had to be monitored for physical condition. It was assumed that maintenance procedures would be able to identify which components are in flight condition and which are not. But now that there are USB ports and iPads in the cockpit, do these previous assumptions remain valid? How can we ensure that flight systems are not compromised after being installed? What can be done to help ensure aviation systems are secure?
There are 4 primary areas of concern on a modern aircraft:
- Maintenance interfaces - What is necessary to ensure that software communicating with the aircraft is correct and operates in a secure manner?
- Passenger interfaces - What is necessary to ensure that systems passengers interact with cannot interfere with the aircraft operation?
- Crew accessible interfaces - What is necessary to ensure that the crew cannot accidentally connect a malicious device to flight systems?
- Pre-flight software validation - Is there a procedure that could be used to ensure that the software running on aircraft systems is 100% correct and unmodified?
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.
=====
Discord: https://discord.com/channels/7082082...94164209057793
Speaker(s): Aaron Cornelius, Tim Brom
Location: Aerospace Vlg
Discord: https://discord.com/channels/7082082...93044363444264
Event starts: 2020-08-09 15:00 (03:00 PM) PDT (UTC -07:00)
Event ends: 2020-08-09 16:00 (04:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-06T21:17 (UTC).
Description:
Software development for aviation is highly regulated, and process driven. The current processes, as defined in DO-178C and related standards, originate from a history of designing and testing mechanical components. In the past you designed a part and once installed it only had to be monitored for physical condition. It was assumed that maintenance procedures would be able to identify which components are in flight condition and which are not. But now that there are USB ports and iPads in the cockpit, do these previous assumptions remain valid? How can we ensure that flight systems are not compromised after being installed? What can be done to help ensure aviation systems are secure?
There are 4 primary areas of concern on a modern aircraft:
- Maintenance interfaces - What is necessary to ensure that software communicating with the aircraft is correct and operates in a secure manner?
- Passenger interfaces - What is necessary to ensure that systems passengers interact with cannot interfere with the aircraft operation?
- Crew accessible interfaces - What is necessary to ensure that the crew cannot accidentally connect a malicious device to flight systems?
- Pre-flight software validation - Is there a procedure that could be used to ensure that the software running on aircraft systems is 100% correct and unmodified?
This event will be coordinated on the DEF CON Discord server, in channel #av-aviation-text.
=====
Discord: https://discord.com/channels/7082082...94164209057793
Speaker(s): Aaron Cornelius, Tim Brom
Location: Aerospace Vlg
Discord: https://discord.com/channels/7082082...93044363444264
Event starts: 2020-08-09 15:00 (03:00 PM) PDT (UTC -07:00)
Event ends: 2020-08-09 16:00 (04:00 PM) PDT (UTC -07:00)
For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-06T21:17 (UTC).