Satcom Security Issues in Business Aviation: Part 2
Contributed by Adrian Chene, Avionics Tech Rep
Any device with internal memory is a weak point. If you won't use your laptop or cell phone, leave it in the hangar.
Hackers are always looking for the back door to get your information or disrupt operations. Information is most easily breached at places where protective barriers do not exist. In many cases, it is much easier and expedient to breach a laptop with a screwdriver than with sophisticated software. This makes physical computer security critical when carrying out IT operations abroad.
Physical IT security aboard business aircraft can be breached in three main areas: satcom network, computers and electromagnetic emissions.
Satcom Network Security
Your satcom service provider should have physical and software security measures in place to help prevent data from being compromised. This should involve some form of professional independent auditing which verifies that they are taking adequate measures to ensure the protection of customer information.
FISMA and SAS 70 compliance are common auditing practices designed to ensure some baseline of security is being applied with regards to protection of customer information. While compliance is not necessarily an indication of the quality of protection that is provided, it demonstrates a service provider’s willingness to submit to review by an independent auditor.
Physical Digital Security
Any device with an internal memory is a weak point. Cellular phones, iPod Touch’s, and laptop computers can all be compromised. If you do not intend to use your cell phones or other network devices leave them in the hangar.
Phone calls can be made using a dedicated voice-traffic-only cell phone, the in-flight satcom to relay non-sensitive information or at your final destination.
Laptops that do not have hardware-level security measures should not be taken or should be kept under continuous supervision. Operatives may compromise the contents, if they are left unattended in a hotel room.
I recommend that business teams only travel abroad with laptops that contain encrypted hard drives. This will make it more difficult to copy the hard drive and retrieve the data. Some private key systems will be very difficult to crack even if the entire machine is stolen.
Electromagnetic Emissions
Computers produce a lot of electromagnetic noise. With specialized software and signal analyzers, the savvy can turn this noise into usable information. Electromagnetic signals have a tough time getting through “Gaussian Surfaces,” or enclosed metal surfaces. This means that laptops with metal cases may broadcast lower levels of unwanted signal. Getac (a GE subsidiary) does make a line of commercial tough books (like the A790) that are similar to models produced for the Department of Defense.
When the required equipment for emissions detection will not fit into your iPhone or laptop, you can protect your data by being unpredictable. Use your computers in different locations each time. It is not recommended using your computer in your hotel room where operatives could have advance notice of your location. Use the laptop’s batteries wherever possible as AC chargers can be their own emission source. Wait till your laptop is turned off to charge it.
I will be the first to say that I am not an Intelligence Operative. What I have written here are some considerations for individuals traveling in nations where intelligence operations pose a threat to legitimate business practices.
Hopefully you have some questions now that you can take up with your security firm to further advise you. It is not paranoia to think you are being spied on when operating abroad, where espionage can be performed with impunity by domestic intelligence agencies. The only real question is whether or not you will insist on taking measures to ensure that your passengers are both physically and digitally safe.
In part 1 of Satcom Security Issues in Business Aviation, I discussed hardware encryption and HSD security for international operations.
Adrian Chene is an Avionics Tech Rep for Duncan Aviation. He provides troubleshooting and technical advice on avionics installation services, and specializes in custom, integrated HSD solutions. He began working in aviation in 1996.