The FAA is currently upgrading the air traffic control system, opting to move from radar to GPS device. It is called the Next Generation Air Transportation System, a.k.a NextGen, and it is supposed to make things easier for air traffic controllers across the country, allowing more helicopters, planes, and one day drones to exist in the sky at the same time. However, there are some security experts that believe the system is highly insecure, vulnerable to malicious hackers.
The current system relies on radar communications, where air traffic controllers ping a plane causing a transponder built into the plane to respond, giving controllers the location and identifying information on that specific plane. If the skies are full of aircrafts, some will be denied access into certain airspace by controllers, forcing them to reroute mid-flight.
This has been the system relied upon for decades, but it can be inaccurate and slow. Add to that the fact radar ground stations take up a lot of real estate, that they can cost a fortune to maintain, and that pilots have the option to turn off the transponders installed in their planes, and you can see why they are making the move to GPS device. It is faster, more accurate, and solves crowded air space issues.
The GPS Solution
ADS-B, or automatic dependent surveillance-broadcast, is at the heart of the new system. Aircrafts will have a GPS device installed onboard, which will transmit signals identifying to controllers who they are along with their location.
NextGen will be phased in over an eight year period, and by 2020, each and every plane will be required to use ADS-B to access historically crowded areas of airspace here in the US. Unfortunately, the system is hackable, proven by Canadian hacker Brad Haines.
Haines, known online as RenderMan, was not doing anything malicious when he discovered the system was hackable. “All this research was to try to prove to myself that air travel was still safe…I basically failed at that.” He explains that ADS-B signals have an appearance similar to bits of computer code, which are unencrypted and unauthenticated. When Haines realized this, he knew signals could be spoofed in order to create “ghost planes” in airspace.
“The threats can be things like, if I can inject 50 extra flights onto an air traffic controller’s screen, they are not going to know what is going on,” he said. This won’t cause planes to plummet to earth, but it is still very dangerous. A real pilot could swerve to avoid a fake plane, or a host of these fake planes could shut down airspace around a busy airport completely. “If you could introduce enough chaos into the system – for even an hour – that hour will ripple through the entire world’s air traffic control,” he said. Other hackers, from France to Canada, have successfully hacked the system.
Up until now, there hasn’t been a response from the FAA. They have conducted their own security test, of which the results have not been released. They haven’t responded to the numerous successful hacks, nor have they responded to an Air Force paper by Maj. Donald L. McCallie, stating the system might put us “on a collision course with history.”
Initially, they released one paragraph in response, stating “An FAA ADS-B security action plan identified and mitigated risks and monitors the progress of corrective action. These risks are security sensitive and not publicly available.” However, they recently said that as they are slowly phasing in the NextGen system, there has never been a recorded instance of a ghost plane. They also said that the systems they have implemented would catch the spoofed plane, letting controllers know it is a fake signal before it can cause confusion. They would do this by authenticating that ADS-B receivers are receiving ADS-B messages, as well as using multilateration, where they track the location each ADS-B message is received, making sure the signal is authentic.
Haines’ hacking partner, Nick Foster, said “If the FAA is really using multilateration, that’s a great sign. But I still wonder if it would be possible to fool the system on the edges. I think the FAA should open it up and let us test it.” Experts agree, knowing this is crucial to assuring safety in the skies. Watch for a paper to be published by Capt. Domenic Magazu of the Air Force Institute of Technology in the Journal of Aviation and Aeropace Perspectives addressing this very issue.