Energy Blog: Airport Cybersecurity Needs Will Grow with Electric-Powered Flight
Energy Blog: Airport Cybersecurity Needs Will Grow with Electric-Powered Flight
More interconnections between aircraft and support vehicles present potential openings for hackers.
The electrification of transportation is gaining speed, as manufacturers of cars, buses, and trucks transition from the internal combustion engine to batteries and electric motors. Other modes of transportation are following. The shipping industry, looking to move from burning diesel or bunker fuel, is in the early stages of cleanup through electrification. Aircraft are not far behind.
Most aircraft development is happening with smaller models designed for short-haul flights. EVTOLs, for electric vertical takeoff and landing, may be the closest to commercial operation. The industry reached several milestones last year, with several startups recording significant results.
Joby Aviation, for instance, flew a prototype at speeds of more than 200 mile per hour and reached an altitude of 11,000 feet. Beta Technologies successfully tested two flights with an all-electric aircraft flying in conventional takeoff and landing mode. One flight covered 1,400 miles with stops to recharge. Another covered 876 miles between New York and Kentucky.
The big manufacturers are not far behind, although long-haul flights are not in the immediate future because of the current battery limitations. But short-haul flights are ripe for the technology. United Airlines recently announced plans to purchase up to 100 19-seat electric planes from Sweden’s Heart Aerospace. Its ES-19 aircraft will not have any operational emissions and will be larger than any of the all-electric competitors.
The small electric planes could serve United’s regional routes from its hubs in Chicago, Denver, San Francisco, or Newark. EVTOLs could do the same, but many are being built to shuttle small numbers of passengers as air taxis working within or just outside of cities.
“Electric aircraft are happening now; the technology is already here,” said Heart Aerospace CEO Anders Forslund. In another interview, United Airlines Ventures President Mike Leskinen said the electric plane’s lower cost can bring back flights to more smaller markets than are possible with higher-cost jet engine aircraft.
But before electric flight really takes off, there’s a lot of work to be done on the ground. Digitalization and electrification in the air and on the ground require new and stronger cyber security plans. Industry is facing the challenge of a networked infrastructure among many and varied entities.
Researchers at the National Renewable Energy Laboratory (NREL) in Golden, Colo., have taken a first step in protecting airport infrastructure by reviewing cybersecurity needs of electronic aviation in a new report. Addressing Electric Aviation Infrastructure Cybersecurity Implementation looks at cyber needs of electrifying airport infrastructure and how participants from airlines, equipment suppliers, regulators, and utilities can build an approach.
“This is the starting point for defining responsibilities and identifying potential vulnerabilities,” noted Tony Markel, one of the report’s co-authors, in a summary of the report. The report was funded by the Federal Aviation Administration to better understand the new electrical infrastructure needs for advanced air mobility.
Airports already are facing cyber threats. In 2020 for instance, hackers believed to be from Russia compromised two websites of the San Francisco International Airport. The hackers managed to steal user names and passwords of staff and contractors before security officials pulled down the sites.
The incident points to numerous vulnerabilities. Airports and aircraft offer passengers access to the internet while their operational technology systems, which handle things like baggage conveyors, runway lights, and gates, are often old and simplistic. That makes a good target for hackers.
Electric aviation will open up more potential access points. The NREL report noted that charging operations for ground vehicles are still evolving, but it is expected that chargers will be shared by operational vehicles on the passenger side and aircraft and their support vehicles on the flight side. The additional connection points present a challenge to manufacturers and airport officials, and will require greater coordination among airport stakeholders.
There are many stakeholders, including vehicle and aircraft manufacturers, makers of charging stations and its network, and airport systems divided among operational divisions. That demands more and greater coordination, notes NREL, because of the interconnection of assets.
Depending on ownership or funding, the report points out that cybersecurity requirements will vary among stakeholders. Federal guidelines could be implemented in some cases. The Technology Cybersecurity Framework of the National Institute of Standards and Technology already exists, but other standards may come into play. Consistency will be important so that aircraft can rely on common security guidelines, the report noted.
To begin, the report recommends building in network segmentation to isolate assets from one another. If one area is compromised, the hack would be prohibited from cascading through the entire network. Intrusion detection systems can monitor threats. NREL’s Module-OT, protects systems where communication and controls are spread across a range of technologies.
And the report reinforces the point that cybersecurity measures should be embedded within the planning processes, which should be starting now. Existing tools such as the Department of Energy’s Cybersecurity Capability Maturity Model help with identifying vulnerabilities and facility investment needs.
John Kosowatz is senior editor.
Most aircraft development is happening with smaller models designed for short-haul flights. EVTOLs, for electric vertical takeoff and landing, may be the closest to commercial operation. The industry reached several milestones last year, with several startups recording significant results.
Joby Aviation, for instance, flew a prototype at speeds of more than 200 mile per hour and reached an altitude of 11,000 feet. Beta Technologies successfully tested two flights with an all-electric aircraft flying in conventional takeoff and landing mode. One flight covered 1,400 miles with stops to recharge. Another covered 876 miles between New York and Kentucky.
The big manufacturers are not far behind, although long-haul flights are not in the immediate future because of the current battery limitations. But short-haul flights are ripe for the technology. United Airlines recently announced plans to purchase up to 100 19-seat electric planes from Sweden’s Heart Aerospace. Its ES-19 aircraft will not have any operational emissions and will be larger than any of the all-electric competitors.
The small electric planes could serve United’s regional routes from its hubs in Chicago, Denver, San Francisco, or Newark. EVTOLs could do the same, but many are being built to shuttle small numbers of passengers as air taxis working within or just outside of cities.
“Electric aircraft are happening now; the technology is already here,” said Heart Aerospace CEO Anders Forslund. In another interview, United Airlines Ventures President Mike Leskinen said the electric plane’s lower cost can bring back flights to more smaller markets than are possible with higher-cost jet engine aircraft.
But before electric flight really takes off, there’s a lot of work to be done on the ground. Digitalization and electrification in the air and on the ground require new and stronger cyber security plans. Industry is facing the challenge of a networked infrastructure among many and varied entities.
Researchers at the National Renewable Energy Laboratory (NREL) in Golden, Colo., have taken a first step in protecting airport infrastructure by reviewing cybersecurity needs of electronic aviation in a new report. Addressing Electric Aviation Infrastructure Cybersecurity Implementation looks at cyber needs of electrifying airport infrastructure and how participants from airlines, equipment suppliers, regulators, and utilities can build an approach.
“This is the starting point for defining responsibilities and identifying potential vulnerabilities,” noted Tony Markel, one of the report’s co-authors, in a summary of the report. The report was funded by the Federal Aviation Administration to better understand the new electrical infrastructure needs for advanced air mobility.
Airports already are facing cyber threats. In 2020 for instance, hackers believed to be from Russia compromised two websites of the San Francisco International Airport. The hackers managed to steal user names and passwords of staff and contractors before security officials pulled down the sites.
The incident points to numerous vulnerabilities. Airports and aircraft offer passengers access to the internet while their operational technology systems, which handle things like baggage conveyors, runway lights, and gates, are often old and simplistic. That makes a good target for hackers.
Electric aviation will open up more potential access points. The NREL report noted that charging operations for ground vehicles are still evolving, but it is expected that chargers will be shared by operational vehicles on the passenger side and aircraft and their support vehicles on the flight side. The additional connection points present a challenge to manufacturers and airport officials, and will require greater coordination among airport stakeholders.
There are many stakeholders, including vehicle and aircraft manufacturers, makers of charging stations and its network, and airport systems divided among operational divisions. That demands more and greater coordination, notes NREL, because of the interconnection of assets.
Depending on ownership or funding, the report points out that cybersecurity requirements will vary among stakeholders. Federal guidelines could be implemented in some cases. The Technology Cybersecurity Framework of the National Institute of Standards and Technology already exists, but other standards may come into play. Consistency will be important so that aircraft can rely on common security guidelines, the report noted.
To begin, the report recommends building in network segmentation to isolate assets from one another. If one area is compromised, the hack would be prohibited from cascading through the entire network. Intrusion detection systems can monitor threats. NREL’s Module-OT, protects systems where communication and controls are spread across a range of technologies.
And the report reinforces the point that cybersecurity measures should be embedded within the planning processes, which should be starting now. Existing tools such as the Department of Energy’s Cybersecurity Capability Maturity Model help with identifying vulnerabilities and facility investment needs.
John Kosowatz is senior editor.