This sponsored article was created by Insight magazine, the sponsored content division of MHM Publishing, on behalf of Astronautics.
In September 2022, the European Union Aviation Safety Agency (EASA) released new certification standards to help protect aircraft from cybersecurity threats.
It was a clear acknowledgement of one of the most pressing concerns in modern aviation: The need to protect avionics and other data systems from vulnerabilities that can arise from increased connectivity.
With malicious actors targeting aircraft every day, the need for protection is also rising.
“Hackers’ motivations go from simple curiosity — some just want to see if they can achieve access to an avionics system — to military and terrorist-level ambitions,” said David Jones, senior product line manager for aerospace cybersecurity at Astronautics Corporation of America.
“Even before the EASA cybersecurity standards were formally announced, Astronautics was actively engaged with many of our European customers in the cybersecurity arena, giving us a distinct advantage in enabling our customers to show full compliance with the new EASA cybersecurity requirements. We’re in a fortunate position to also stay ahead of the game. We knew we needed to be cutting edge when it comes to cybersecurity. While other companies play catch-up, we’re continuing to lead the way.”
Astronautics is a global leader in aircraft cybersecurity, with a clientele that includes operators in the military, emergency medical services, and law enforcement spaces. Its cybersecurity team is one of the best in the business, led by expert engineers and technicians with deep knowledge of the cybersecurity environment, data ecosystems, and emerging cyber threats.
The Astronautics team develops industry-leading threat-mitigation methodologies, secure hardware, and continuous scanning services to protect aircraft from potential disaster.
“At Astronautics, we define cybersecurity in terms of aircraft safety,” Jones said. “This goes far beyond the definitions you might find in an office IT department. Our commitment to cybersecurity is rooted in preventing malicious attacks that can lead to catastrophic situations. Astronautics excels in cyber threat identification, ranking and mitigation, but we’re also among the world’s best in providing other services that improve aircraft safety. These include cybersecurity certification for avionics, advanced toolset capabilities for detecting cyber threats, and continued airworthiness by monitoring avionics throughout their lifecycles.”
In March 2023, Astronautics achieved EASA’s recently released and stringent ED-203A certification for its AeroSync connectivity system on a business jet, demonstrating cybersecurity throughout the aircraft lifecycle.
Astronautics also recently worked with Lincoln Labs at the Massachusetts Institute of Technology to develop a cybersecurity threat detection and mitigation methodology for the U.S. This methodology was contracted through the U.S. Federal Aviation Administration (FAA).
The company has been active for several years in helping the aerospace and defense industry develop its thinking about cybersecurity risks and how to address them.
“Astronautics has been under continuous contact with the FAA for the last seven years,” Jones said. “We are well prepared to solve cybersecurity challenges and vulnerabilities for any avionics infrastructure in the world — in both civil and military applications.”
Astronautics began its systems-wide cybersecurity work in 2006, when it developed a network server system on the Airbus A400M fixed-wing military transporter. Its expertise has evolved and expanded ever since, encompassing helicopter platforms in the special mission space.
“Our cybersecurity methodology is well accepted and has been tested to mitigate numerous cybersecurity threats,” said Matthew Frei, director of connected aircraft solutions at Astronautics. “One of our key priorities as a company has been to recruit, train and retain a seasoned group of cybersecurity engineers. As a result, we can serve our customers better in an ever-changing environment.”
Astronautics products meet ED-203A, DO-356A and DoDI 8510.02 airworthiness security process specifications, and one of the company’s main services is helping customers achieve EASA cybersecurity certification.
All the company’s products — both hardware and software — are designed to be resilient and cyber-secure, meeting or exceeding EASA and FAA standards. After installation, Astronautics also continuously monitors for threats.
“We provide reports against any types of vulnerabilities that may exist,” said Josh Berrian, senior product line manager at Astronautics. “Then we propose mitigations through a package update, a commercial off-the-shelf [COTS] modification, or our own code to address those types of vulnerabilities … it is a constant lifecycle monitoring of the software that’s on board.”
One of Astronautics’ key offerings is the AeroSync product line, a secure aircraft data gateway.
AeroSync enables bi-directional communication across aircraft security domains, allowing flight crews to load data from the open world into the aircraft, while protecting avionics with segregated hardware and software architecture and multiple processing units.
This ensures the aircraft’s public domain data systems and onboard avionics systems are entirely separate and protected with firewall filtering and other security controls that halt and filter out malicious attacks.
“Imagine it as a toll bridge where someone’s stopping traffic, making sure it’s OK, and then allowing it to pass through,” Berrian said. “For all intents and purposes, this makes the system un-bypassable.”
In addition to this avionics protection, AeroSync is designed to appeal to passengers by providing continuous secure broadband connectivity during flight.
“As connectivity between the ground and the aircraft increases — both in the cockpit and in the cabin — so does the potential risk,” Jones said. “And as interconnectedness increases, there is more need to keep avionics protected from the outside world, while also protecting the integrity of digital data. This data informs the decision-making of flight and maintenance crews, as well as OEMs [original equipment manufacturers]. At the end of the day, cybersecurity is about flight safety. That’s the new standard, and we’re leading the way. Our advanced modeling and architecture analysis tools enable us to assist our partners and customers with their cybersecurity needs.”
