Cybersecurity: Inserting Protection at the Heart of the Aerospace Industry
By Dan Dumbacher|December 2020
Cybersecurity is an issue of growing prominence within the aerospace industry. It is becoming more and more essential to address cybersecurity on an ongoing basis in the mainstream of our core processes – from the design and development of new space systems to manufacturing and production to operations.
The aerospace industry is on a rapid growth trajectory, evidenced by boosts in private investments, new launch capabilities, and emerging commercial opportunities in low Earth orbit, to name a few. As we continue to drive this dynamic progress forward, we must aggressively protect it with strong cybersecurity practices.
Case in point – our growing satellite constellations. Without robust cybersecurity protocols, hackers could take control, shut them down, deny user access, or jam the signal. Such an invasion could cause major harm to infrastructure dependent on these satellites, such as electric grids, water systems, and transportation networks.
Historically, aerospace has been hesitant to embrace mainstream cybersecurity. The subject has not been emphasized in most undergraduate aerospace curricula nor consistently included in aerospace development and manufacturing processes. Rather, we have seen only small bursts of focus in both areas. We must move toward a more routinized approach from concept development to operations. This is a big task requiring engagement throughout the aerospace supply chain.
There are two real-world factors causing our industry to take a more serious approach to cybersecurity. The fear of an attack or breach of an aerospace company that results in revealing proprietary information always looms. We saw an example of this in late 2019, when ransomware infected a regional airline operator out of Alaska and interrupted operations.
Then there is the more subtle challenge – the emergence of new cybersecurity regulations on the aerospace industry. When similar regulations hit the power grid and commercial nuclear industries over the past decade, the effort of becoming compliant and staying in business under the new guidelines was costly and complex. These companies endured significant organizational stress adapting their people, processes, and technologies to the new regulations. Many incurred unexpected capital and consulting costs to satisfy new cyber audit requirements. The aerospace industry is primed for similar issues.
The DoD’s Cybersecurity Maturity Model Certification (CMMC) requires every company that does business with the federal government to comply with a certain level of cybersecurity requirements, based on work provided. Space Policy Directive 5 requires cybersecurity principles and practices currently applied to terrestrial systems be applied to space systems and integrated into every phase of the space system life cycle.
As a result, AIAA has spent the last year bringing cybersecurity front and center. We are committed to bringing you credible resources within four tracks for you to stay abreast of the latest developments.
Track 1 – Events. Cybersecurity content has been added to all AIAA forums. We are coordinating competitive online learning labs, such as hack-a-thons. The most recent one at 2020 ASCEND proved extremely insightful to all attendees. We are also hosting tabletop exercises to share information with senior executives about current trends, best practices, and how to develop their own robust protection programs.
Track 2 – Technical talks and presentations. In May, Matthew Scholl with the National Institute of Standards and Technology shared compelling insights on advancing cybersecurity in space on an episode of the biweekly AIAA Space Policy Pod. There are other examples of technical deep dives on this issue archived on our website.
Track 3 – Ongoing education. We will offer a new industry course by the third-quarter of 2021, designed to inform participants on the major issues regarding the nexus of aerospace and cybersecurity. Our Daily Launch newsletter now features several articles a day on the specific role of cybersecurity in the aerospace industry.
Track 4 – Engaging our members. The Aerospace Cybersecurity Working Group has been the driving force behind our increased focus on this topic. So far, they have pursued small projects, but we are empowering them with the resources and guidance they need to make real progress. Our Cybersecurity Steering Group includes senior AIAA members and outside experts who collectively engage and advise the Institute on what we should/should not be doing in terms of cybersecurity. Among their recommendations is partnering with organizations such as the Space Information Sharing and Analysis Center (ISAC). There are ISACs for nearly every major industry. They collect information from an industrial sector and share it with the government. AIAA already has a cooperation agreement with the Aviation ISAC, and will soon have one with the Space ISAC, which will open dialogue and cooperation around this topic.
Most recently, we commissioned a Cybersecurity Findings Report that measured AIAA members’ level of concern with cybersecurity. Nearly 75 percent of the members expressed strong interest in each of the tracks mentioned above. This report will soon be released on our website. These steps are just the beginning of our long-term commitment to cybersecurity in our industry.
Everyone in our industry is energized by our growing space economy and promising new aviation innovations. Let us protect that momentum. Join us in truly giving cybersecurity the attention it deserves. Take the time to begin or deepen your knowledge of this new emphasis on aerospace cybersecurity. We must act NOW! ★
Executive Director, AIAA