DEF CON Safe Mode Aerospace Village - Cornelius, Brown - Cybersecurity & Aviation Regulation

Software development for aviation is highly regulated, and process driven. The current processes, as defined in DO-178C and related standards, originate from a history of designing and testing mechanical components. In the past you designed a part and once installed it only had to be monitored for physical condition. It was assumed that maintenance procedures would be able to identify which components are in flight condition and which are not. But now that there are USB ports and iPads in the cockpit, do these previous assumptions remain valid? How can we ensure that flight systems are not compromised after being installed? What can be done to help ensure aviation systems are secure? There are 4 primary areas of concern on a modern aircraft: - Maintenance interfaces - What is necessary to ensure that software communicating with the aircraft is correct and operates in a secure manner? - Passenger interfaces - What is necessary to ensure that systems passengers interact with cannot interfere with the aircraft operation? - Crew accessible interfaces - What is necessary to ensure that the crew cannot accidentally connect a malicious device to flight systems? - Pre-flight software validation - Is there a procedure that could be used to ensure that the software running on aircraft systems is 100% correct and unmodified?