Close
Open Search

HOW THE NSA SURVEILLANCE SCANDAL MIGHT AFFECT AVIATION

Wed, 01/01/2014 - 12:00 admin

Much has been written on the fallout from the Eric Snowden scandal that revealed the extent of the cyber surveillance activities of the National Security Agency (NSA) upon American citizens and throughout the world. Little has been written on how this could affect the global aviation industry. Make no mistake — the effects could be far reaching, especially as we have e-enabled aircraft entering service, and NextGen and other data-driven air traffic management systems coming online. These data-driven mechanisms become easier surveillance targets for not only the NSA, but anyone who knows how to do monitor the ever-increasing data streams.

Trust Has Been Shaken

Aviation is a globally-interconnected community that depends on a high degree of international cooperation in order to design, develop, manufacture and support products, and, then in turn, to be able to operate across borders to facilitate the flow of people and goods. This industry has much government oversight and depends upon government-provided services (air traffic management, weather services, processing passengers through customs, etc.), so is attuned to a ‘lack of privacy’ to a large degree. The fact that a government entity has been monitoring private communications is not, in itself, a significant cause for concern to this industry.

The heart of this scandal is how trust has been shaken by many who did not expect to be monitored in such a manner (for good reason), and this shaken trust will have far-reaching and long-term effects upon U.S. industry.

International Agreements Might Be Revisited

One of the many potential actions which might occur is having the international community revisit existing bilateral agreements pertaining to security issues upon which aviation and aerospace depend to facilitate business across borders. Such actions could result in either hampering perceived data gathering efforts or in segregating communications to avoid unwarranted surveillance.

Non-U.S. airlines, operators, OEMs/suppliers and MRO facilities might have reservations about having the NSA track their communications when they are not operating (or the products that they are supporting) outside of U.S. borders. It can be argued that most anyone who is involved with computer networking or communications is already aware of how many governments already have access to most aircraft operations information, but the general media has now made the international public aware of the extent of this surveillance. The perception of privacy was probably more acute to those in corporate jets. Traveling executives in foreign countries assumed that they had some degree of privacy in the cabin of a Gulfstream V; they now have to take increased measures to either limit sensitive communications while in flight (as they would when speaking over a cellphone on the ground). The reality is that there was little or no privacy to begin with, but this illusion has been shattered.

This might have negative implications to U.S.-based service providers who supply in-flight communications services and avionics products as well, due to the suspicion that these firms would be forced to cooperate with government authorities. While this might have always been the case, this is clearly more understood by the entire global customer base now. Hopefully any effects of this will only be short term. The FAA and U.S. aviation/aerospace industry groups will undoubtedly have to deal this in the coming years, and these conversations will not be pleasant ones.

What is Good for the Goose is Good for the Gander

The assumption is that if the NSA is performing such surveillance that many other countries are also doing the same already. How this affects the broadband services for aircraft remains to be seen. The newer communications service providers are combining voice and data over Internet protocol (IP) which is a widely understood mechanism for the cyber surveillance community. The use of IP creates easier opportunities to monitor aircraft communications by more entities (even encrypted data streams). Most satellite and cellular feeds are managed by data centers which use broadband telecommunications services to transmit information to their end customers, so it is possible for data to be intercepted ‘in the air’ or on terrestrial networks (which is much more likely, and probably easier than tracking thousands of flying aircraft moving at high speeds).

There will be entrepreneurs stepping forward to solve such problems whenever a problem presents itself. Some of these will be to give passengers a better assurance to keep their conversations more private by providing tougher encryption (which takes the NSA a bit longer to crack a message, thus rendering the gathered information less useful with the passage of time). You can imagine how a few technology startups will jump into the fray to provide internationally-traveling executives (who are in the midst of a terse negotiation and would not want the possibility of a competitor listening in) with a means to protect their privacy when flying over the Atlantic Ocean. Perhaps SecureCall (note to self: copyright this name) will develop an encryption key that is refreshed every 15 minutes and provides its customers with some degree of security. There is recent product announced from a company that provides a ‘USB condom’ so that when you plug in a smartphone or tablet into a recharging port on an airplane or an airport (or any other place into which you should not stick an unprotected charger), it is secured. The USB condom will shield against “juice jacking,” where a seemingly harmless charging station is used to steal data or harm a device (or insert a virus onto a smartphone at an airport, and hope that the infected device is connected while in flight, thus providing easier access to critical aircraft systems). Such unscrupulous devices do exist outside of James Bond movies and they serve as very real means of stealing information directly from a target.

Stay tuned for more such products that might provide small amounts of cyber protection.

Islands of Unconnected Information

The greatest potential concern for the entire international community might be that countries or regions might feel the need to create differing (non-cooperative) air traffic and other mechanisms in order to address perceived U.S. government surveillance. Such a development would not only increase costs for airlines, operators, OEMs and repair stations (as well as business opportunities to some of these), but would create another layer of confusion onto the entire environment needlessly. Imagine if the EU forces anyone using SESAR to use a certain type of encryption scheme for all communications and the Middle Eastern countries create a competing scheme, etc. While the avionics vendors might welcome the opportunity to sell upgraded equipment, the business risk to support such diverging efforts might eventually drive the aviation-focused communications provider industry into the ground by increasing costs to the point where operators might balk at paying resulting prices. Each of these countries or regions would feel that they are being prudent in protecting their own interests, and in the short term, they would be — but the macro-economic effect could be devastating.

Another issue is how avionics or other aerospace products that contain software might face increased scrutiny in certification efforts from each and every country. The potential business risks and costs to suppliers to prove that their products cannot easily be tampered with or used for surveillance activities could be substantial. While some might see this as a retrofit business opportunity, this certainly complicates the already complicated aviation regulatory environment.

The matter of how the National Institute of Standards and Technology (NIST), in a very unusual move, is re-evaluating a set of its special publications because of concerns conveyed by the cryptography community that the NSA might have tainted the guidance. Aerospace and aviation have security standards which depend upon or reference NIST, and now that NIST strongly recommends that a key part of the guidance being re-evaluated “no longer be used” recently, this creates some havoc for all international (and domestic) endeavors. Cryptographers repeated concerns over the published guidance, specifically Special Publication 800-90A, which specifies techniques for the generation of random bits by applications using cryptography, after revelations that the NSA circumvented much of the encryption that shields Internet communications. Since newer aviation communications schemes are moving to IP methodology for moving large data sets (not to mention how wireless data eventually is communicated over IP networks on the ground), this is also an issue for our industry. Stay tuned for further developments on this in the next year.

The Full Effect of the NSA Scandal May Not Become Known for Many Years to Come

It is clearly too soon to understand what measure the world will take to protect itself from the NSA, but we can expect international cooperation to suffer at some point. U.S.-based system and product vendors might experience some short-term backlash, and this could shift some business to non-U.S. suppliers (where possible, that is), or quite possibly provide impetus for other countries to fund startups to design competing aviation (and other) products. Also in the near term, airlines and operators might put off avionics and broadband service upgrades until their countries’ regulatory authorities clarify increased security testing or assurances from vendors.

The U.S., and especially the FAA, will need to find ways to accommodate concerns from other countries in order to slowly move past this uproar and rebuild trust. Companies might experience continued fallout, lost business and increased costs for some time.

Hopefully our government will find a way to rebuild goodwill soon, and not affect the aviation business climate too much.   

John Pawlicki is CEO and principal of OPM Research. He also works with Information Tool Designers (ITD), where he consults to the DOT’s Volpe Center, handling various technology and cyber security projects for the FAA and DHS. He managed and deployed various products over the years, including the launch of CertiPath (with world’s first commercial PKI bridge). John has also been part of industry efforts at the ATA/A4A, AIA and other industry groups, and was involved in the effort to define and allow the use of electronic FAA 8130-3 forms, as well as in defining digital identities with PKI. His recent publication, ‘Aerospace Marketplaces Report’ which analyzed third-party sites that support the trading of aircraft parts is available on OPMResearch.com as a PDF download, or a printed book version is available on Amazon.com.

About D.O.M. Magazine

D.O.M. magazine is the premier magazine for aviation maintenance management professionals. Its management-focused editorial provides information maintenance managers need and want including business best practices, professional development, regulatory, quality management, legal issues and more. The digital version of D.O.M. magazine is available for free on all devices (iOS, Android, and Amazon Kindle).

Privacy Policy  |  Cookie Policy  |  GDPR Policy

More Info

Joe Escobar (jescobar@dommagazine.com)
Editorial Director
920-747-0195

Greg Napert (gnapert@dommagazine.com)
Publisher, Sales & Marketing
608-436-3376

Bob Graf (bgraf@dommagazine.com)
Director of Business, Sales & Marketing
608-774-4901

Powered by Drupal
Designed by Tews Interactive, Inc