Did you know that there's a flight simulator in the department's Robert Hooke Building? DPhil student Matt Smith describes how the computer scientist team is using it to evaluate flight crew response to cyber-attacks.

As system security researchers, we spend a lot of time on the outside of systems, looking in. This is particularly the case with our research into the security of avionic communications. Recent years have seen researchers in the department take an outsider look at vital systems such as ADS-B (Automatic Dependent Surveillance – Broadcast) and ACARS (Aircraft Communications Addressing and Reporting System), which are important in the smooth and safe operation of airspaces. We know a lot about how attackers might try to attack these systems, but we did not know how existing flight crew training would handle such attacks.

To investigate this, our team (Professor Ivan Martinovic as Principal Investigator, Martin Strohmeier and I) constructed a flight simulator using commercial and off-the-shelf components and software, and invited Airbus A320 pilots to take part in our experiments. As part of each session, a pilot flew scenarios in which we had simulated the effect of a cyber-attack on a different system that we consider to be technically possible and plausible.

The team carried out scenarios for three systems: glideslope, Traffic Collision Avoidance System (TCAS) and Ground Proximity Warning System (GPWS). Glideslope systems are part of the Instrument Landing System (ILS), which enables the autopilot to guide the aircraft to the runway at a predetermined angle and rate of descent – in situations where the aircraft uses auto-land capability, it relies on ILS to the point of touchdown. TCAS provides automatic resolution when aircraft become, or are about to become, too close, instructing each on how to separate themselves. GPWS is a top-level safety system which monitors a number of instruments to check whether the aircraft is getting too close to the ground.

Through this, we assessed two main parts of the response. Firstly, we could see which aspects of their training were called upon to handle different attacks, and the workload which such an attack added. Managing workload in the cockpit is crucial to keeping the aircraft safe, so attacks which significantly add to this are problematic. Next, we were able to measure the potential disruption of different attacks, both with regards to the level of trust the pilots had in the systems but also from a wider commercial and airspace system point-of-view.

Based on preliminary analysis, our research, which is funded by the Department Impact Fund, has demonstrated the need to work on security solutions to prevent these attacks happening. Each attack caused most pilots to have an increase in workload, as well as them having to carry out manoeuvers to resolve the problem. Typically, this would result in missed approaches or diversions, thus causing delay, passenger discomfort and inconvenience, and reputational harm to the airlines.

Beyond this, the work will inform future simulation-based experiments in aviation. The team will develop further simulations for pilots based on these results, as well as exploring other aspects of aviation which could benefit from cyber security simulations. More immediately, the results of the work are being shared with a number of industry bodies with the aim of understanding and acting on the data.

Research website: www.avsec-oxford.com

This article first appeared in the summer 2018 issue of Inspired Research.