When you discuss communications security, eyes tend to glaze over. Most aviation professionals are used to things they can see, feel or in some way measure. When a router setting won't permit you to connect to the web anymore, no amount of visual inspection will help. It's just a black box until your IT guys make sense of it for you. That being said, I promise to keep this conversation to the point and as straight forward as possible.
HSD (High Speed Data) systems have become an integral part of flight departments with several solutions available, both ground- and satellite-based. However, when you look at onboard security of HSD systems, there are many weak points where a hacker can attack; the first being, the router.
Wi-Fi routers are popular onboard jets because they offer convenience for customers receiving e-mail updates with their blackberries. This is essentially a sophisticated radio and like any radio its signal can be easily intercepted. Of course, from the router the data goes to the satellite or ground-based network and then on to the Internet, where there are numerous points traffic can be intercepted. Information traffic security is the second biggest challenge for any work-away-from-home network.
Knowing where you're most vulnerable with security will empower you to increase your level of protection. While the following recommendations are by no means comprehensive, they do represent the start of a conversation that will hopefully increase the security of your onboard network.
The steps to tighten Wi-Fi security without any inconveniece
1. Turn the router SSID broadcast off.
Most wireless routers automatically transmit their network name (SSID) into open air at regular intervals (every few seconds). This allows passengers to easily find and access your system. However, this feature also makes it easier for hackers to intrude as well. If you are lucky enough to have the same passengers using the same computers and phones all the time you can turn this broadcast off and set the SSID to something other than the aircraft tail number.
2. Assign an encryption type and wireless passkey to your router.
I generally use WPA encryption with a pass-key as a baseline for airborne router security.
3. Install a Wi-Fi disable switch.
One of the simplest ways to protect your client's satcom bill, computers and blackberries is by disabling the Wi-Fi on the ground. The last thing you want is a teenager at the FBO updating their Facebook on your SwiftBroadband. Have your satcom installation provider place a switch in your cockpit if one is not there already.
4. Add Wi-Fi instructions to your pilot's checklists.
You are probably safe to enable the Wi-Fi as you taxi away from an FBO. These systems have a very limited range and someone would need serious RF know-how to sniff your network at 1000 yards with an airborne router.
5. Have your passengers get plugged in.
If your clients must use the satcom system prior to taxi, provide them with an Ethernet cable and ask them to plug in. The benefit of this is two-fold: 1) This will allow your customers to surf the web with the Wi-Fi disabled and 2) it will improve the performance of their connection slightly.
Wired Ethernet connections outperform Wi-Fi generally, though on a typical SwiftBroadband network the difference will be negligible.
6. Other security protocols.
There are a myriad of other security measures that will reduce the likelihood of a cyber attack, such as MAC address filtering. Which security protocols will work best for you will often depend on the demands of your clients.
Wi-Fi signals are easily intercepted, and for that reason they are particularly vulnerable to manipulation. With that being said, your best defense against an experienced hacker is to not be an easy mark. Developing your own WIFI security measures alone can often deter the would be hacker.
Stay tuned for part 2 of HSD Security, "The Good, The Bad and the Not-So Ugly of VPNs."
Adrian Chene, Avionics Tech Rep
