Original Article published in Business Aviation Magazine
BAM: Mike, let’s start out by confronting the statement made by many cyber security experts, namely, that it is nearly impossible to stop a sufficiently determined and sufficiently skilled group of hackers from penetrating any computer that is not in a sealed room with no network or internet access.
MS: One hears that a lot, and it gets plenty of coverage in the media. Plus, there are state actors these days who have huge resources available to them to hack systems. The fundamental point here is to consider what is sufficient and reasonable by way of security, given that the principal in the aircraft and his guests are going to want connectivity.
Basically, you want to create a level of network security that is at least the equivalent, or better than the level of security he or she would enjoy if they were working in their office or their home. This level, which I will term “sensible safety”, is something that people should expect when they are in a business jet that provides high-speed connectivity, and Gogo’s network provides it.
At Gogo we are very aware of the ever-pressing need to be vigilant in staying ahead of potential threats to the security of airborne cabin systems. Right from the outset we were highly proactive in designing and building security directly into our products, networks and services. In other words, security wasn’t something we added after the fact – it’s been fully integrated in our network and systems from the beginning and remains an integral part of our service versus being a bolt-on offering.
Security wasn't something we added after the fact - it's been fullly integrated in our network and systems from the beginning...
BAM: What does that mean in practice?
MS: For a start, we decided from the beginning to deploy a CDMA network rather than GSM. Let me take a moment to explain what this means and why a CDMA network is more secure and harder to hack than a GSM network. CDMA stands for code division multiple access, and the reason it is preferred by the military over GSM is at least twofold.
One, it transmits at or below the frequencies at which the signal would seem to degenerate to noise, making it next to impossible for a third party to pick the message out of surrounding random noise.
Second it divides the message packets between multiple frequencies, again making it next to impossible for an outsider to reassemble the message and recover the original voice or data transmission. So, it was a logical, and the most sensible, choice for our Air-to-Ground network technology in North America.
All data transfers over our ATG network are secured through the licensed spectrum which we own, with proprietary link layer encapsulation, providing very secure ATG communications. This includes any data transferred between the aircraft, our network ground stations and the Gogo Data Centre. We have a very sound network design with Linux firewall protection, and numerous technical security features built in.
It’s also important to note that we own our network, so we can design each link for security and continuously monitor and analyze these links for potential security risks.
For example, our airborne connectivity system acts as a router that separates and secures the aircraft cabin LAN from the data bearers that provide access to the internet. Once your data leaves the router through the ATG antenna and moves onto the Gogo ATG network, it is transmitted to our base stations via the Gogo-licensed spectrum with proprietary link encapsulation. These base stations are connected to the Gogo Data Center through cables, known as the backhaul, that are Gogo-owned and secured. Our inflight network is managed by a sophisticated system of security and troubleshooting elements, including security software and procedures, real-time monitoring through our Network Operations Center, and data redundancies – all of which ensure network security, reliability and operational superiority. We also have two data centers which provide redundancy as an added layer of security, and our data centers are constantly monitored with firewalls that separate key components of our network.
BAM: What about inside the aircraft?
MS: By design the onboard aircraft comms equipment is isolated from the cockpit network, so other airborne system components cannot be accessed from the Wi-Fi clients being used in the cabin.
On the ground our Network Operations Centre, in Chicago, Illinois, is staffed by data systems, wireless and Internet Protocol (IP) support analysts
BAM: Networks benefit from being tested for vulnerabilities by contracted third party specialists. Does Gogo do internal and external vulnerability testing?
MS: We have independent third party security firms performing monthly external and internal assessments on our networks. Their assessments are reviewed by management and any deficiencies discovered are tracked and remedied. We also have them perform routine penetration tests and firewall analysis to see if they can hack our systems. We also do a manual review of our product firewalls monthly and subject them to diagnosis by automated toolsets. The security procedures at Gogo are state of the art.
What we are increasingly seeing is that just as a company’s IT staff now routinely check on the security of senior executives’ home networks, those same IT teams are now very keen to work with us to provide an environment where working in the aircraft is as safe as working in the office or the home.
Gogo also works closely with the FAA and other aviation stakeholders to define new cyber-security standards, so that we can anticipate and protect against current and future cyber threats. Our certification process follows the latest FAA and RTCA policies to ensure that all Gogo-equipped aircraft are compliant and secure.