You are here

Standalone Non-Invasive Sensing of Cyber Intrusions in FADEC for Critical Aircraft System Protection

Description:

TECHNOLOGY AREA(S): Air Platform 

OBJECTIVE: Develop a standalone cyber intrusion detection system prototype for real-time, non-invasive detection of cyber intrusions (i.e., malware, backdoor algorithms, overloads, anomalies, etc.) in aircraft Full Authority Digital Engine Control (FADEC) system. 

DESCRIPTION: Historically, aircraft and turbine engines are in manned, protected environments and under constant monitoring, except when they are in the process of updating controls software. This legacy view of protection, which can be thought of as “perimeter isolation” or “fence-and-gate”, are impractical as aircraft and engines are increasingly integrated and interact with other subsystems. Perhaps the least secure example of interactions with other systems occurs during maintenance, when onboard systems must be connected with external diagnostic equipment. Modern aircraft systems are very sophisticated and must often interact with external systems. Frequently, these external systems are located at unmanned and/or unmonitored installations. Security of these sites often literally consists of just a fence and lock. Such security is easily subverted by a well-informed intruder who can gain undetected physical access. Consequently, we must consider that these external systems can be corrupted by hostile intruders. Extending perimeter security may be impractical, if not impossible. Furthermore, it is entirely possible that a trusted insider can become an adversary, which raises the risk of danger to the aircraft control system as well as the equipment under its control. This SBIR effort is envisioning the development and prototyping of a real-time identification of cyber vulnerabilities and reliable classification capability of cyber intrusions with six sigma accuracy. The prototype shall also provide the required signal pathways and mitigation strategies to counter or defeat a positively identified intrusion. Any proposed signal processing and classification architecture has to be implemented in a low-resource environment. The prototype should not interfere with normal FADEC or any other aircraft control system operation. In particular, the prototype can not cause any electromagnetic interference (EMI) through transmission or conduction of radio frequency energy that might interfere with aircraft communications, navigation and other critical operational systems. The prototype cannot produce any electromagnetic clutter or emissions that can be picked up by an adversary. The proposed approach must not add excessive overheads to the software architecture employed in the current FADEC design or future distributed engine control. Solutions that can also provide independent verification of the state of the engine through monitoring of FADEC analog or digital inputs such as engine speed, temperature, vibrations, etc. with minimal overhead is highly sought after. The control systems of the future must address both security and safety issues. Integrating propulsion systems with thermal management and power systems requires distributed data bus architectures and hierarchical controls. There is a need and plans to design next generation controls with secure, fail-safe, data bus architectures and protocols that verify and replace communicated data with at least two (2) levels of redundancy. 

PHASE I: Working with the FADEC owner, identify cyber susceptibilities. Determine mitigation strategies for identified susceptibilities. Design breadboard system capable of meeting objectives. Utilize modeling and simulation to show system capability to perform, while not interfering, with representative system operations. 

PHASE II: Build breadboard system and test within laboratory. Take learning from and develop/build a working prototype. Test prototype at or near relevant environment. 

PHASE III: Work with a specific engine/aircraft program office to meet criteria necessary to field/transition this product to their specific system. 

REFERENCES: 

1: The United States Department of Defense MIL-STD-1553B defines the mechanical, electrical, and functional characteristics of a serial data bus.

2: United States General Accounting Office, Critical Infrastructure Protection: Challenges in Securing Control Systems, GAO-04-140T, October 2003. Available at www.gao.gov/new.items/d04140t.pdf (June 2005).

3: United States Department of Commerce, National Institute of Standards and Technology 2016 Annual Report 800-195, September 2017. Available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-195.pdf (September 2017).

KEYWORDS: Cyber, FADEC, 1553 Databus, Engine Controller 

CONTACT(S): 

Lt Alton Micah Vaughan (AFRL/RYWA) 

(937) 713-8044 

alton.vaughan.2@us.af.mil 

US Flag An Official Website of the United States Government