By Daniel Di Santo
[Standard Introduction] You're listening to inQuery, the podcast show run by the professional writing students here at York University. We're exploring the technology of today and creating the new ideas of tomorrow.
Hi there, my name is Daniel Di Santo and I am serious about aviation.
Is travelling on your mind? Maybe you’re thinking about going off somewhere on a nice vacation, or maybe you’re a frequent flyer for business trips. Whether you frequently fly intercontinental, or are just the average short-hop passenger- even if you hardly fly at all- if you have ever flown or plan to get on an airplane, there’s a new technology that affects you; I’m going to talk about something for pilots and passengers alike. We’re going to examine an emerging technology called NextGen which modernizes air travel, increases efficiency, and maybe, will eventually bring lower airfares. So, let’s get going.
Well, transport Canada doesn’t appear to be authorized to tell us about Nextgen. But what is this Nextgen that I’ve said is affecting you? That’s best explained by James H. Williams, author of a report entitled National Airspace System Security Cyber Architecture. So, to quote Williams, “NextGen is an umbrella term for the ongoing, wide-ranging transformation of the NAS." (An acronym for National Airspace System). "At its most basic level, NextGen represents an evolution from a ground-based system of air traffic control to a satellite based system of air traffic management.” So essentially we’re talking about data sharing.
Williams also mentions some pretty handy benefits that come with this system. To quote him again, he says that “when fully implemented, NextGen will allow more aircraft to fly safely closer together on more direct routes, reducing delays and providing unprecedented benefits for the environment and the economy through reductions in carbon emissions, fuel consumption, and noise” (Williams 3). And According to the National Oceanic and Atmospheric Administration, (I quote) “Weather accounts for 70% of all air traffic delays within the U.S. National Airspace System (NAS).” Now that’s not surprising, and it’s probably quite similar here in Canada. It can’t be that different here at all. You can check out their website by following the link in the transcript (http://www.nws.noaa.gov/nextgen/ng101.shtml). Additionally the Federal Aviation Administration of the United States has a basic overview of the system. Which you can find a link to in the transcript (https://www.faa.gov/air_traffic/briefing/).
You probably heard many times, over and over, that modern airplanes are mostly automated. So does automation and data sharing pose a risk? Robert G. Wood says it does. In 2009 he published a report titled A security Risk Analysis of the Data Communications Network Proposed in the Next Generation Air Traffic Control System. In his statement of the problem, the reason he published the report in the first place, he wrote (quote): “The NextGen system offers a wealth of improvements to national and international aviation safety, but may create unnecessary risks if the technologies used to implement the system do not include appropriate data and software security” (Wood 3). But why does that matter?
Well, what happens when an airplane’s raw data is shared over a network, extending beyond the airplane to satellites and ground facilities? What are the benefits when performance information is readily available for professionals on the ground? And most important: can various data be collected or manipulated by people with malicious intent? This means critical systems could even be controlled by your average (or not so average) hacker. Essentially, these systems are a more specialized version of your home computer. So this brings up what could very well be a life and death question: can a sleek, modern, NextGen airplane, which you might soon find yourself on, be hacked like your home computer as well?
Everyone is affected by the continual improvement of the internet. Faster connectivity speeds, wider sharing potential, and all those other benefits of the World Wide Web are experienced virtually by all. However, unless you are employed by the airline industry, you probably have not heard much about an emerging web based technology for sharing data between airplanes, satellites, and ground monitoring stations. In this episode we are going to clarify something called next generation technology, or NextGen, for short. It’s essentially data sharing for airplanes, and if it does its job, we could see lower airfares as a result of increased efficiency on the part of the airlines.
The basic premise is quite simple. It may sound daunting at first, but I’m not kidding, you don’t have to be an industry professional to understand what’s important about it. It’s all computer and network based, kind of like a combination of live-streaming (with the data) and online cloud storage (except what’s in the clouds is the airplane). It can benefit the industry, but we’re going to see: can it benefit you? Just like any computer, it comes with some concerning weaknesses, and that’s what we’re going to get into. If you still feel a bit confused by all this, you can check out the link in the transcript. We have lots of further reading which should clarify everything. (https://stephanie-bell-m08b.squarespace.com/blog-season1/5c7aacf8-be01-4cc1-860d-4e52637a5112).
We’re going to see what led to NextGen, how it works, and we’ll examine some risks, benefits, and contentions. But first, I’m sure you want to know why exactly I’m bringing up this rather technical topic. It may seem distant at first but it does affect you. The reason for this is best explained by some simple statistics. Last year, Statistics Canada published its annual count of air travel totals for the entire country. Just in 2014 alone, thirty million people embarked and disembarked at Canadian airports. Doubtlessly a great percentage of these people were Canadian residents. Maybe this included you. I know that I was among that thirty million a couple of times. And because NextGen technology is still being implemented, it affects more and more people by the day. It’s proliferating. For a familiar example, Air Canada currently owns and operates twenty-five Boeing Triple sevens, as well as its successor, the 787 Dreamliner (https://www.aircanada.com/en/about/fleet/). More Dreamliners are on order too, and they all make use of NextGen technology.
Up until the 21st century, the most frequent and convenient method of communicating with the ground was by radio (https://stephanie-bell-m08b.squarespace.com/blog-season1/062bbb25-c53e-405a-9e4e-57ba598123f6). Radar gave controllers information about speed altitude, and heading. If a pilot needed technical support in the air, they would radio the tower, which would in turn call the engineering department of the appropriate airline, and, then, information would be relayed through the radio. By the way, you can also check out additional information about how air traffic control developed over time, there’s a link in the transcript for that.
Does this sound too complicated? Too prone to mistakes and misunderstandings perhaps? That’s why airlines and pilots wanted something more comprehensive, something which could keep up with the rapidly advancing complexity of modern aircrafts. So they began to develop an interconnected, real-time data-sharing network, similar to what various militaries had already been using. Airline maintenance engineers now have real-time access to performance data streamed directly to them by an airplane’s computer. The built-in computer is the nucleus of the whole system, monitoring position, aiding navigation, and regulating critical aircraft systems like pressurization so the passengers can keep breathing, flight controls to steer the plane, fuel management to make the flight cost efficient, and so on.
I realize this new technology may sound unnerving to some, so now, as we take a glance at our first real-life example, I’m going to start out on a positive note. This is an instance where NextGen quite possibly saved lives.
It was early November 2010. Australia’s major airline, Qantas, was starting to use the massive and highly-advanced Airbus A380, which at that time was relatively new, and the first airbus to use NextGen. It was actually one of the first NextGen-integrated passenger airplanes in existence. So at that time they didn’t have many people who were familiar with this kind of technology, but fortunately Qantas did have a dedicated monitoring station on the ground.
Trained engineers specializing in the A380 were standing by, monitoring live-streamed data from various flights. This monitoring is standard for NextGen by the way, it wasn’t only happening when the system was new. Maybe that makes you feel better about the whole situation. But anyways, on that day, Qantas flight 32 was heading home towards Sydney, when, completely out of the blue, one engine suffered a sudden and jarring explosive failure, shooting out debris, cutting into fuel lines, maneuverability, and damaging a whole slew of critical systems. The airplane was still flying, but barely, and the situation was delicate; the crew immediately had to take care of a fuel leak, and extinguish an engine fire. Substantial damage had been done. By the way, if you want to watch how this whole thing played out, there is a link in the transcript to Air Crash Investigation, a popular TV show (https://www.youtube.com/watch?v=f7FkTKQ-QRY). They did an excellent re-enactment of it not too long ago.
Now this is where NextGen and ground monitoring came to the rescue. All the warnings, everything from degraded flight control to minor electrical failures, were visible to the guys on the ground and of course the pilots in the air too. The pilots worked through all the warnings, dealing with them one by one. Here’s a small spoiler alert, by the way, in case you didn’t already know: the long and short of it is that they managed to land. Afterwards, the investigation was greatly hastened by the fact that investigators could go back to a complete log of every single system failure that occurred.
They used this to pinpoint exactly where the source of the problem was, avoiding many laborious hours of extra work which would have included metallurgical science (the science of metals), looking for explosive residue, and every other meticulous tasks. I see a lot of potential for this kind of practical, technical-support approach to crisis management. In situations like this one, it can make all the difference to have a lifeline- a way to contact the experts who can help solve a complex problem. But this goes for all endeavours, really. Not just for aviation crisis management. Don’t we already use this strategy in so many ways? That’s why we have help lines for everything from bank accounts to medical care. That’s why we have email, Skype, even online chat. It’s about time airliners be endowed with this kind of ability.
And adding to this, using NextGen, it may even be possible to digitize aircraft maintenance, according to a 2013 study. The report is entitled Aviation Cyber–Physical Systems: Foundations for Future Aircraft and Air Transport. The authors are Krishna Sampigethaya, a Boeing employee working on NextGen integration, and Radha Poovendran, a professor and author at the University of Washington. I’m not going to get into it in full detail, but if you want to read more about their field of study you can look for something called CPS, or cyber-physical systems. According to them it’s basically “a tight integration of cyberspace with the physical world.” If you’re really interested you can find a link in the transcript for a huge concept map. It explains everything (http://cyberphysicalsystems.org/). Basically, what we’re looking at here is sensors that can be attached to various structural parts of an airplane, keeping engineers constantly informed and saving them from doing labour-intensive detailed checks which happen only at regular intervals. With this new technology we hope to nip problems in the bud, so to speak; to prevent them from happening because we’ll hopefully know about them before they become critical.
Now just to be clear, I’m not saying that over-complexity is acceptable either, especially when you’re in a limited time situation like an impending air disaster. I’ll give you my personal take on this technology: NextGen can sometimes be described as what English students call a tragic flaw: some good quality which can also become the downfall of the hero. Because of the huge complexity of the A380’s systems, ground engineers were being bombarded with a shockingly large cascade of computerized warnings (you’ll see this if you watch the video). They saw so many, in fact, that at first they thought it was simply a mistake- they thought the computer was malfunctioning, sending out false warnings. Working through all the warnings and failure messages took almost an entire hour- for the flight crew in the air. That’s how extremely complicated airplanes have become.
Again, you could see this complexity as a bad thing, or as a good thing. I think it really depends on the nature of a given situation, and how much time you have at your disposal. The Qantas crew had a lot of time compared to some other cases, but I hate to think what would have happened in a situation where the plane was more severely damaged, perhaps. What if they didn’t have an hour to circle the airport and sort things out? Their situation, although stressful, was leisurely compared to some others. I’ll leave the rest of the imagining to you for this one. The NextGen system is far from optimized- but remember, at the time of this incident it was still quite new. I’m sure it really can make a life-saving difference. Other times it may very well be the tragic flaw of an airplane.
Now speaking of a flaw, I unfortunately have to tell you about a more serious yet equally intriguing example. Let’s now look at Malaysian airlines flight 370, which disappeared somewhat mysteriously in March of 2014. You’ve probably heard of this, it’s quite famous. They took off from Kuala Lumpur, destined for Beijing. But it never arrived. As we speak, the search is ongoing, and theories for its disappearance now abound. According to an April 22nd, 2015 article by Jonathan Vankin, who writes for Inquisitr, there’s a theory that the hackers were part of a shadowy group called the “Naikon,” and another theory that Russia organized the disappearance (http://www.inquisitr.com/2033010/malaysia-airlines-flight-mh370-hackers-plane/). Of course, not all news stories are credible, and I don’t endorse this one over another, since the investigation is still ongoing.
At this point you still have a lot of people, experts and amateurs alike, taking shots in the dark about what actually happened. The first rule of air safety investigations is to never jump to conclusions, no matter how likely they appear to be. So although this disaster occurred more than a year ago, nobody is yet sure of the reason for it. However, an element of mystery exists, because the plane’s satellite tracking system appeared to have been disabled. Combining that with cyber-attacks conducted on the Malaysian government the very next day, many of the theories are based on the assumption that the airplane’s systems were hacked. The particular plane in question, a Boeing Triple Seven, was integrated with NextGen
Back as early as 2005, a full five years before the Qantas incident, research was already being done regarding how the data network of an airplane could be accessed. According to a couple of people investigating the technical side of the issue, Thanthry and Pendse, there is a dual threat to network safety. In 2005 they came to the realization that (and I’m quoting them) “the security issues involved with airplane networks can be broadly classified into two categories: external and internal” (Thanthry & Pendse, 2005). So you already listened to me talk about how external breaches could be perpetrated by some shady, nebulous hacker, but now with this added dimension we have to think about an internal threat. What is that exactly? Is it the theory that a stowaway got into the electronics compartment of the Malaysian airlines jet and hacked from on-board the plane?
Well, it actually is physically possible- the “electronics bay”, as they call it, is large enough to fit a person- But there’s also an option which is not nearly as complicated, risky, or uncomfortable as the stowaway option. Apparently, it can be done from the comfort of business class. It’s a simple method.
When was the last time you found yourself on a really long flight with your phone almost dead? You probably looked for an outlet or a USB plug. Or maybe you wanted to listen to some of your music, so again, you connected to a USB. But did you know you could also hack the plane if you wanted to?
Writing for Wired online, Kim Zetter describes just such an incident in a May 5th, 2015 article entitled “Feds Say That Banned Researcher Commandeered a Plane” (http://www.wired.com/2015/05/feds-say-banned-researcher-commandeered-plane/). According to Zetter, it was a security researcher by the name of Chris Roberts, working for One World Labs, who accessed the Thrust Management Computer of an airplane through the in-flight entertainment system, apparently causing one engine to start revving faster for a few moments. Image what the pilots would have been thinking. According to the FBI, (quote) “he accessed the in-flight networks more than a dozen times… between 2011 and 2014.”
He did this by obtaining (quote) “physical access to the networks through the Seat Electronic Box, or SEB… and then used default IDs and passwords to gain access to the inflight entertainment system. Once on that network, he was able to gain access to other systems.” Thankfully it seems that his intentions were not malicious: he only did it to demonstrate security vulnerabilities.
And this was done on older Boeing and Airbus aircraft, through the in-flight entertainment system. This makes all modern airplanes vulnerable- not just the newer ones. Apparently, his goal was to make the airlines see that they have a serious problem. Was the message well received? Well, some said he should go to jail, some ridiculed his actions as a foolish endangerment of innocent people- which could be true- but over all, there seems to be agreement that he succeeded in highlighting a danger which everyone should be aware of.
Our culture of reliance on technology has created a culture of cyber-security. It is the reason we have controversial yet sometimes unheard-of laws like Bill C-13. Back on May the fourth of 2014, the National Post’s Justin Ling came out with an article entitled “How federal bill C-13 could give CSIS agents — or even Rob Ford — access to your personal online data” (http://news.nationalpost.com/news/canada/how-a-new-federal-bill-c-13-could-give-csis-agents-or-even-rob-ford-access-to-your-personal-online-data) .
Additionally, back in April of this year the Canadian government decided to spend 36.4 million dollars on cyber-security, according to Alex Boutilier’s April 22nd, 2015 article, for the Toronto Star (http://www.thestar.com/news/canada/2015/04/21/2015-budget-outlines-cyber-security-legislation.html). It’s all part of the Protection of Canada’s Vital Cyber Systems Act, which is intended to set various safety standards for non-government companies which operate what is termed “vital cyber systems”. Ruwantissa Abeyratne, who writes for the Journal of Transportation Security, said this about our culture: “Cyber Terrorism defines our times. It has brought seismic changes to the way we approach terrorism” (Ruwantissa 337).
So you’ve heard all about NextGen, how it came to be, where it’s going, and how extensive it is set to become. You’ve heard about the good and the bad aspects, the life-saving and the life-endangering. And now, I leave the decision with you. Is the system safe? How many benefits will it actually bring to us? Perhaps we also still have a lot of work to do. But who doesn’t want on-time flights and lower airfares? Thank you for listening! I wish you safe flights- and happy travels.
Abeyratne, Ruwantissa. (2011). Cyber terrorism and aviation—national and international responses. Journal of Transportation Security, 4, 337-349. doi: 10.1007/s12198-011-0074-3
“Air Traffic 101.” Federal Aviation Administration. FAA, n.d. Web. 29 November 2015.
Boutilier, Alex. “2015 budget outlines ‘cyber security’ legislation.” *Toronto Star*. Toronto Star Newspapers, 21 April 2015. Web. 26 November 2015.
“Cyber-Physical Systems.” Cyber-Physical Systems. UC Regents, 2012. Web. 27 November 2015. http://cyberphysicalsystems.org/.
Ling, Justin. “How federal bill C-13 could give CSIS agents — or even Rob Ford — access to your personal online data.” National Post. The National Post, 4 May 2014. Web. 24 November 2015.
“NextGen 101.” National Weather Service. NOAA, n.d. Web. 29 November 2015. http://www.nws.noaa.gov/nextgen/ng101.shtml.
"Our Fleet." Air Canada. Air Canada, n.d. Web. 23 November 2015.
“Performance Snapshots.” Federal Aviation Administration. FAA, n.d. Web. 29 November 2015.
Sampigethaya, Krishna & Poovendran, Radha. (2013). Aviation Cyber–Physical Systems: Foundations for Future Aircraft and Air Transport. *Proceedings of the IEEE*, 101. Retrieved from http://journals2.scholarsportal.info.ezproxy.library.yorku.ca/pdf/00189219/v101i0008/1834_acsfffaaat.xml
SingaporeVideos. “Air Crash Investigation Qantas 32 Titanic In The Sky.” Online video clip. YouTube. YouTube, 23 February 2014. Web. 23 November 2015.
"Air passenger traffic and flights." Statistics Canada. Statistics Canada, 2014. Web. 23 November 2015.
"Passengers enplaned and deplaned on selected services — Top 50 airports." Statistics Canada. Statistics Canada, 2014. Web. 23 November 2015.
Thanthry, N. & Pendse, R. (2005). Aviation Data Networks: Security Issues and Network Architecture. IEEE Aerospace and Electronic Systems Magazine, 20. 6. Retrieved from http://ieeexplore.ieee.org.ezproxy.library.yorku.ca/stamp/stamp.jsp?tp=&arnumber=1453803
Vankin, Jonathan. “Malaysia Airlines Flight MH370: Hackers Attacked After Plane Vanished — A Clue To Disappearance?” Inquisitr. The Inquisitr News, 22 April 2015. Web. 24 November 2015.
Williams, J.H. & Signore, T.L. (2011). *National Airspace System Security Cyber Architecture*. Retrieved from MITRE Corporation.
Wood, Robert G. (2009). *A Security Risk Analysis Of The Data Communications Network Proposed In The Nextgen Air Traffic Control System*. Retrieved from Shareok.org.
Zetter, Kim. "Feds Say That Banned Researcher Commandeered a Plane." Wired. Conde Nast Digital, 15 May 2015. Web. 25 Nov. 2015.