What happens with glass cockpits if there's a cyber attack

H

Hector Parra

Pre-takeoff checklist
Joined
Feb 20, 2022
Messages
184
Location
Montréal, Canada
Display Name
Display name:
Hector Parra
Hi folks. I've been designing a dream panel using hangarflying.com and after finishing it a thought came to my mind: What happens if there's a major cyber attack and all the screens turn blue mid flight? Not talking about a power blackout on your plane, but a software malfunction.

All the software that supports those screens seems to be hosted "in the cloud" so cyber attacks are always a possibility. Should we keep a steam gauge backup when upgrading panels? Even if you have redundant screens, they both seem to feed from the same sources: satellites, GPS, radars, etc.
cruz-garmin-115972476-5870-4044-9580-1832203cf243.png
 
No, the software for those things isn't hosted "in the cloud"; the software is stored on-board. The data comes from various sources. The maps and terrain are stored locally. Weather comes from XM or ASDB. Location is from GPS, those satellites are fairly independent from everything else. I doubt anything other than a sophisticated and coordinated attack would bring all that data down at the same time. If that all goes down at once, you've bigger concerns than just flying the plane.
 
Cap'n Jack said:
No, the software for those things isn't hosted "in the cloud"; the software is stored on-board. The data comes from various sources. The maps and terrain are stored locally. Weather comes from XM or ASDB. Location is from GPS, those satellites are fairly independent from everything else. I doubt anything other than a sophisticated and coordinated attack would bring all that data down at the same time. If that all goes down at once, you've bigger concerns than just flying the plane.
Click to expand...
Thanks Cap. Learned something new today (newbie here). Haha, completely agree with your last sentence.
 
I had the glass panel die mid flight in my sonex. The voltage regulator died and put AC into the panel which fried the screen. It was a bit of a non event. I did have a backup airspeed indicator but that was the only steam gauge. The plane kept flying like normal and I just found a close non towered airport on the sectional and landed there. You should learn to fly the plane without looking at the panel and always keep a hard copy sectional with you. If you do that then it doesnt matter if your screen suddenly turns blue. You just revert back to flying like you were taught during primary training. Now if you are in the clouds flying IFR then you probably want a full backup system of some sort. Those little dynon units they sell would work well.
 
kmacht said:
I had the glass panel die mid flight in my sonex. The voltage regulator died and put AC into the panel which fried the screen. It was a bit of a non event. I did have a backup airspeed indicator but that was the only steam gauge. The plane kept flying like normal and I just found a close non towered airport on the sectional and landed there. You should learn to fly the plane without looking at the panel and always keep a hard copy sectional with you. If you do that then it doesnt matter if your screen suddenly turns blue. You just revert back to flying like you were taught during primary training. Now if you are in the clouds flying IFR then you probably want a full backup system of some sort. Those little dynon units they sell would work well.
Click to expand...
Thanks. So it can still happen for reasons other than cyber attacks. I guess keeping the Altimeter, ASI and Turn indicator (at least) as gauge backups could be a good idea.
 
Same thing that happened on Y2K
 
EMP? or signal blocks are possible.

Possible to access your planes software via any means? Adsb?

To cause real damage one would need to gain access to autopilot and overwrite the software. Unsure if that is possible or not. If it was, it probably would have happened already. Maybe a mole in the airlines mx tech team could upload a virus and comm signal. Your GA airplane, probably not worth it to any hacker.
 
Rgbeard said:
Can you explain how you came to this conclusion?
Click to expand...
Was more based on ignorance. I read about a cyber attack to Garmin back on 2020 (their sports watch division, not the aviation one) and I thought that it could also extend to their aviation services. But as some had explained on the thread, this doesn't seem to be a possibility as most of the data sources are not on the cloud as I was thinking.
 
Gary Ward said:
lol
What a non event that was!! I was and still in the energy business, some people went off the deep end preparing for that.
Click to expand...
And that's why it was a non-event. My company (a fortune 500 company) spent millions searching code, finding coding errors and testing fixes. Had we not done that, we would have been down for weeks, if not months or more.

Then, a couple of years later, I began seeing the old coding practices popping up again.
 
JOhnH said:
And that's why it was a non-event. My company (a fortune 500 company) spent millions searching code, finding coding errors and testing fixes. Had we not done that, we would have been down for weeks, if not months or more.

Then, a couple of years later, I began seeing the old coding practices popping up again.
Click to expand...
Those folks that learn to code are the ones buying Carbon Cubs nowadays LOL. Job market is treating them well
 
Hector Parra said:
Was more based on ignorance. I read about a cyber attack to Garmin back on 2020 (their sports watch division, not the aviation one) and I thought that it could also extend to their aviation services. But as some had explained on the thread, this doesn't seem to be a possibility as most of the data sources are not on the cloud as I was thinking.
Click to expand...
An honest explanation where the poster took responsibility for what they posted?
Reported!
:)
A refreshing change!
 
Gary Ward said:
What is that??
Click to expand...
That's what "we" will use after we shut down all of your electronics.

OK... Actually funny. Went looking for a picture of a paper sectional - took me to Walmart. Really. And they wanted $24.11 for a sectional. Who The Fresh would actually go to Walmart and pay $24.11 for a stupid paper sectional?

JOhnH said:
My company (a fortune 500 company) spent millions searching code,
Click to expand...
And I spend lots of time filling out reports explaining how each of the hundreds of data files on my computer had data on temperatures, vehicle speeds or whatever it was that just happened to have numeric values in the range of a two digit year...
 
Cap'n Jack said:
No, the software for those things isn't hosted "in the cloud"; the software is stored on-board. The data comes from various sources.
Click to expand...

Were it so simple. Look at the SolarWinds supply chain exploit. Someone could corrupt the updates from Garmin or Avidyne. We all faithfully do our updates and go on our merry way. There is then code in the planes boxes that shuts them down, or does something else malicious, triggered by certain conditions (time on, altitudes, airspeeds etc).

Do I believe that GA is such a risk target? No, not really my worry (and I have plenty to go around) but don't think because a box isn't connected to the internet that it's immune from cyber threats.
 
Do garmin database updates include executable code? I thought they were just encoded data

The people who can answer that question are the ones who should know better, so I suppose i'm just musing aloud now. :)
 
schmookeeg said:
Do garmin database updates include executable code? I thought they were just encoded data

The people who can answer that question are the ones who should know better, so I suppose i'm just musing aloud now. :)
Click to expand...

Anything can be hidden anywhere and executed using something.:eek: It's mind boggling what we and others are capable of.
 
Gary Ward said:
lol
What a non event that was!! I was and still in the energy business, some people went off the deep end preparing for that.
Click to expand...
Have you considered the possibility that the preparations were the reason why it was a non-event? In the industry where I worked at the time, malfunctioning software could have had expensive consequences if we hadn't dealt with the issue.
 
Hector Parra said:
Was more based on ignorance. I read about a cyber attack to Garmin back on 2020 (their sports watch division, not the aviation one) and I thought that it could also extend to their aviation services. But as some had explained on the thread, this doesn't seem to be a possibility as most of the data sources are not on the cloud as I was thinking.
Click to expand...
The data sources may or may not be in the cloud, but navigation databases get downloaded to avionics every four weeks. For the Garmin equipment that I deal with, this occurs when I go out to the plane and insert an SD card, not via direct connection to the Internet.
 
Pugs said:
Were it so simple. Look at the SolarWinds supply chain exploit. Someone could corrupt the updates from Garmin or Avidyne. We all faithfully do our updates and go on our merry way. There is then code in the planes boxes that shuts them down, or does something else malicious, triggered by certain conditions (time on, altitudes, airspeeds etc).

Do I believe that GA is such a risk target? No, not really my worry (and I have plenty to go around) but don't think because a box isn't connected to the internet that it's immune from cyber threats.
Click to expand...
I think you're right, but the risk will be much more immediate for any avionics that have full-time direct connections to the Internet (if such a thing exists).
 
If everything shows the blue screen of death you should 1) loosen your shoulder belts, 2) pull your feet up and put them on the seat, 3) lean forward and down as far as needed, 4) kiss it goodbye ... or you could just Fly The Airplane! :D

I have a mechanical LRI (Lift Reserve Indicator) that would be useful, along with my compass, if it all turns off. I don't fly IFR so most of my flight information is by looking through the glass.
 
mandm said:
EMP? or signal blocks are possible.

Possible to access your planes software via any means? Adsb?

To cause real damage one would need to gain access to autopilot and overwrite the software. Unsure if that is possible or not. If it was, it probably would have happened already. Maybe a mole in the airlines mx tech team could upload a virus and comm signal. Your GA airplane, probably not worth it to any hacker.
Click to expand...
any reason to believe a EMP wouldn’t take all the screens out?
 
Most likely scenario would be China (or a huge solar flare) taking out the GPS & internet. Think about that :(
 
Those backup "steam" gauges are looking better by the minute!
 
Palmpilot said:
Have you considered the possibility that the preparations were the reason why it was a non-event? In the industry where I worked at the time, malfunctioning software could have had expensive consequences if we hadn't dealt with the issue.
Click to expand...

No I did not consider that much since I was not involved with computers other than what was in our office at the time. I bet your right.

My involvement was more with individuals who over reacted more on a personal level. Also I worked with groups of people who were extreme IMO.
 
I used to spend time in the cockpit of the Boeing C17 manipulating the controls during rigging. I was amazed that there were backup (steam gage) instruments such as artificial horizon, ADF, altimeter, airspeed etc. There was a lot of system redundancy on that plane. Lose the GPS? No problem.
 
Pugs said:
Were it so simple. Look at the SolarWinds supply chain exploit. Someone could corrupt the updates from Garmin or Avidyne. We all faithfully do our updates and go on our merry way. There is then code in the planes boxes that shuts them down, or does something else malicious, triggered by certain conditions (time on, altitudes, airspeeds etc).

Do I believe that GA is such a risk target? No, not really my worry (and I have plenty to go around) but don't think because a box isn't connected to the internet that it's immune from cyber threats.
Click to expand...
True, I was keeping it simple for a first answer. Depending on how the code was written and the error checking used against the data sent, the box might crash just from garbage data being sent from ADSB, GPS, XM, or whatever. I hope the software engineers guard against that sort of exploit (or accidental wrong data).
So many software writers don't spend enough time of error checking, which can sometimes be as much, or more, code as the program that does the actual work!
 
Hector Parra said:
All the software that supports those screens seems to be hosted "in the cloud" so cyber attacks are always a possibility. Should we keep a steam gauge backup when upgrading panels? Even if you have redundant screens, they both seem to feed from the same sources: satellites, GPS, radars, etc.
cruz-garmin-115972476-5870-4044-9580-1832203cf243.png
Click to expand...

Are you planning on flying IFR in IMC? If not, redundancy really isn’t necessary as far as piloting goes. Lose a screen, fly the plane—simple as that.
 
If you’re concerned about a system failure, you could always include basic standby instruments. Could be useful to have minimum VFR capabilities in the event you need to ferry the airplane somewhere to get someone else to work your panel.
 
Gary Ward said:
lol
What a non event that was!! I was and still in the energy business, some people went off the deep end preparing for that.
Click to expand...
Y2K and March 2020 had people acting similarly. Seriously people, toilet paper?
 
You must log in or register to reply here.
Back
Top