Paul's Blog


CSFI ATC (Air Traffic Control) Cyber Security Project Report

Ghost Attack (injection of military aircraft through cyber means)

Ghost Attack (injection of military aircraft through cyber means)

A  team  of  diversified  Information  Security  professionals,  intelligence  analysts,  and  engineers  collaborated  in  a  private  portal  towards  this deliverable. CSFI believes in collaboration and sharing of knowledge as a way to shine light in the darkness of the cyber domain. Our goal is to minimize  speculation  through  research  and  logical  thinking.  This  is  a  preliminary  foundational  report  from  a  Cyber  Warfare  perspective. Some of our volunteers have made the choice to serve in silence due to the  sensitivity  of  their  jobs.  We  thank  them  for  their  contribution  and  hard work.

The  goal  of  the  project  is  to  identify  cyber  vulnerabilities  within  the  ATC  systems  and  Airborne  systems  that  is  currently  being  upgraded.  Several  probable  attack vectors have been outlined. The current ATC system is in an upgrade status. Because of the length of time and how funding is done the plan was implemented before the reality  of  the  current  cyber  landscape  had  presented  itself.  The  landscape  has  drastically changed in the last decade as the roll out of the NexGen ATC system has begun. The situation is further complicated by the fact that these are International changes.  The  changes  are  taking  place  on  across  the  entire  air  space  of  the  globe.  Therefore it is not just convincing US air carriers but, convincing air carriers all over the world that there is a threat. That there are also threat actors willing to exploit these cyber vulnerabilities within the current upgrades.

The  ATC  system  is  responsible  for  controlling  the  National  Air  Space  (NAS)  in  the  United  States.  The  system  is  responsible  for  tracking,  identifying,  landing  and aircraft taking off. The ATC system is also part of the National Security architecture. By  tracking  all  of  the  aircraft  in  the  NAS  the  ATC  system  may  be  the  earliest  detection of a rogue aircraft within the borders of our country. The data from our NAS  is  shared  throughout  the  North  American  continent  to  ensure  a  layered  approach  to  identify  threats.  Many  of  the  threat  agents  will  be  attacking  these systems with minimal effort and minimal expenditure in capital.

This  paper  points  out  that  there  are  exploits  within  the  system  as  it  is  currently  being  deployed  that  will  take  little  effort  and  little  capital  to  exploit. Communications systems are vulnerable to attack with software defined radios that only cost a few thousand dollars to deploy. The identification systems that are being deployed are communicating through unauthenticated means that can be attacked from  a  laptop.  Hackers  at  two  different  conferences  have  demonstrated  how  to  introduce  ghost  aircraft  into  the  system.  Then  there  is  the  threat  that  Unmanned Arial  Vehicles  (UAV)  can  pose  to  the  NAS.  Rogue  actors  deploying  UAV’s  into  the  NAS without proper authentication. Much of the communications systems are being deployed in a TCP/IP environment that is not properly secured and easily exploited. There is also the deployment of unencrypted wireless maintenance systems used to report  back  to  aircraft  manufacturers,  the  wiring  of  some  Wi-­‐Fi  systems  into  the  avionics  cabling  of  older  aircraft,  and  the  introduction  of  fly-­‐by-­‐wireless  systems that could allow an attacker direct access to the avionics systems.

Download the report here: CSFI ATC Cyber Security Report

CSFI Mission: “to provide Cyber Warfare awareness, guidance, and security solutions through collaboration, education, volunteer work, and training to assist the US Government, US Military, Commercial Interests, and International Partners.”



Filed under: Uncategorized

Career Thoughts

I am humbled and honored to have the opportunity to manage and run one of the biggest and most active forums on the Internet dealing with cyber warfare and cyber security – CSFI (The Cyber Security Forum Initiative). With over 16 years of cyber security experience, I continue to actively raise Cyber Warfare/Cyber Security awareness worldwide. I have worked as a Chief Security Engineer for AT&T, where I designed and approved secure networks for MSS. I have also consulted for several governments, military and private institutions on best network security practices throughout my career.

CSFI and its divisions CSFI-CWD (Cyber Warfare Division), CSFI-LPD (Law and Policy Division) and CSFI-WD (Wireless Division) continue to grow and expand with more than 60,000 information security members.

One of my personal goals is to serve our security community to the best of my abilities, in the protection and defense of our American national security interests, the American people, and that of our international partners. I am always ready to serve and to give of my time and skills to help our society with the growing problems we experience in cyberspace. I thank God and my family for the opportunities I have had in life and the most precious of all opportunities, which is the chance to serve others. I love what I do, and I appreciate all the support I have received from friends, family and our CSFI members.


Paul de Souza, CSFI Founder Director

%d bloggers like this: