A decade later, still no cybersecurity fixes for NextGen aircraft tracking

A U.S. Air Force F-22 Raptor receives fuel from a KC-135 Stratotanker assigned to the 447th Air Expeditionary Group during a refueling mission over Syria, Dec. 1, 2017. (U.S. Air Force photo / Staff Sgt. Paul Labbe)

Share

Written by

With less than two years until a Federal Aviation Administration deadline to adopt next-generation aircraft-tracking technology, the Department of Defense has yet to fully address its security concerns about the technology’s effect on military systems, a new report says.

A Jan. 18 Government Accountability Office report details the decade-long DoD examination of how the FAA’s Next Generation Air Transportation System (NextGen) will affect air defense operations, particularly when it comes to the use of a real-time aircraft tracking system called Automatic Dependent Surveillance-Broadcast Out (ADS-B Out).

The FAA wants to leverage ADS-B Out as part of a nationwide radar systems upgrade, requiring all aircraft to implement the real-time tracking technology by Jan. 1 2020.

The DoD expressed concerns about ADS-B Out starting in 2008 because the technology uses global positioning satellites to provide real-time aircraft location and velocity data more accurately than legacy radar. Defense officials said the new tracking technology presented possible risks to military operations because of potential system vulnerabilities to electronic warfare and cyberattacks. Attackers could, for instance, expose the position of stealth aircraft, the officials said.

DoD and North American Aerospace Defense Command, or NORAD, officials also expressed concerns about FAA plans to shut down secondary surveillance radars as a cost-saving measure related to the ADS-B rollout, saying that the legacy radar network provides a backup system in case of ADS-B failure.

FAA officials addressed security concerns in 2010, agreeing to craft a memorandum of agreement with the Department of Homeland Security and the DoD to reconcile national defense requirements.

But despite diagnosing the security risks of the new system a decade ago, the report notes that the DoD has still yet to deploy any mitigation strategies.

FAA and DoD officials both acknowledged the vulnerabilities and stated that they have identified potential solutions to them, but the report notes that as of November 2017, no testing of the solutions has been conducted. Possibilities include “masking DOD aircraft
identifiers” and “seeking an exemption from installing ADS-B technology on select military aircraft (for example, fighter and bomber aircraft),” the GAO report says.

And while there is a draft memorandum of agreement for collaboration between the agencies, GAO officials noted that it focuses more on ADS-B installation rather than security mitigation.

Furthermore, delays have pushed the memorandum of agreement to a projected February 2018 completion, giving the agencies less than two years to address the concerns before ADS-B Out would go online.

“A significant amount of work will likely need to be accomplished between the eventual approval of the memorandum and implementation in a timely manner,” the report said.

The DoD has also failed to fully implement eight tasks it identified in 2007 to implement ADS-B Out to military aircraft. While it did establish a joint program and planning and development offices to direct administrative support for NextGen implementation, the agency still hasn’t fully crafted guidance, milestones, budget and other policy requirements and lacks progress reports on implementation.

GAO offered two recommendations:

  • That the Department of Transportation, which oversees FAA operations, and DoD approve mitigation solutions addressing the security concerns and incorporate them into the draft memorandum of agreement.
  • That the Secretary of Defense direct agency components to fully implement the tasks to assist NextGen installation.

DOT and DoD officials concurred with the first recommendation, saying that it had recently developed and was validating flight tracking mitigation solutions for military aircraft. Both agencies said they would approve solutions and incorporate them into the draft memorandum of understanding, which they expect to complete by February.

DoD officials partially concurred with the second recommendation, saying that the Secretary of the Air Force would review which of the 2007 tasks would facilitate implementation within 120 days. Officials added that the Policy Board for Federal Aviation would track task implementation steps in coordination with the department.

-In this Story-

air traffic control, Cybersecurity, Department of Defense (DOD), Department of Transportation, Federal Aviation Administration (FAA), GPS, Military, transportation
TwitterFacebookLinkedInRedditGoogle Gmail