Electric Aviation Is Arriving, and Cybersecurity Is High Priority
Industry Will Face Challenge of Networked Infrastructure Among Many Entities
Airport security is something most people know well—queuing, removing shoes, emptying water bottles. Airport infrastructure cybersecurity, however, is a topic that is still evolving and one that is becoming even more important with the adoption of electric aircraft.
To help protect airport infrastructure, researchers at the National Renewable Energy Laboratory (NREL) have reviewed the cybersecurity needs of electric aviation in a report titled "Addressing Electric Aviation Infrastructure Cybersecurity Implementation." The report evaluates key cyber needs around electrifying aviation infrastructure and how stakeholders like airlines, utilities, equipment suppliers, and regulators may implement a cybersecurity approach. Although much is still unknown about designing systems for electric aircraft, and strategies could vary widely across the sector, the authors identified common approaches to secure infrastructure early in the design and procurement process.
“This is the starting point for defining responsibilities and identifying potential vulnerabilities,” said Tony Markel, the report’s co-author. “This report can help decision makers plan how to implement cybersecure solutions regardless of the exact electrification strategy.”
Airport electrification is one piece of the puzzle for what the Federal Aviation Administration (FAA) calls advanced air mobility, which ranges from regional flight networks to holistic sustainability. The FAA funded the report as part of a partnership with NREL to better understand the electrical infrastructure needed to support advanced air mobility. Since the FAA regulates air transportation safety throughout the United States, the cybersecurity of incoming infrastructure is important.
Lessons From Electric Vehicles
The core infrastructure of electrification is the charging station, which powers both ground and air vehicles. Charging infrastructure is a challenge for cybersecurity because it serves as both a physical and data interface for multiple equipment vendors, system operators, users, and devices. NREL and other national laboratories that have studied security practices for vehicle chargers are now applying their findings to aviation charging infrastructure.
NREL’s charging-security research is focused on identifying hardware components and information flows, recognizing where vulnerabilities might exist, and assessing the impact and response when actors take advantage of these vulnerabilities. From that background, researchers have assembled mitigation strategies for the electric vehicle sector, including a report on cybersecurity for charging infrastructure, as well as an analysis of cybersecurity for fast-charging infrastructure and lab testing of mitigation strategies.
Meanwhile, vehicle charging use cases at airports are still evolving. It is likely that chargers will be deployed both on the ground for shuttles and operations vehicles while also serving aircraft and their support vehicles. These deployments have the potential to greatly increase the number of connection points, adding new cybersecurity priorities for manufacturers and their infrastructure and for airports managing energy demand with site controls. Overall, the larger cyberattack surface will require expanded coordination between stakeholders.
Many Stakeholders, One Objective: Security
Airports have the appearance of one streamlined operation, but behind the scenes there is much coordination between companies, vendors, and airport divisions; and electrification will demand still more coordination. That creates interesting challenges for cybersecurity because of the interconnectedness of assets—addressing threat activity within small segments could be powerful in preventing significant networkwide impacts.
Electrified aviation requires coordination among a variety of stakeholders, and their
data and power connections raise new questions about how to manage cybersecurity.
Illustration by Josh Bauer, NREL
The NREL report notes that cybersecurity requirements may vary across stakeholder oversight, depending on ownership models and funding sources. This means that federal guidelines like the National Institute of Standards and Technology Cybersecurity Framework might determine rules in some circumstances, while other cases rely on a mix of industry-accepted standards. Consistency and responsibility will be important across the aviation ecosystem, so that aircrafts traversing sites will not be exposed to vulnerabilities and can rely on a common suite of cybersecurity guidelines.
“It’s very interesting to look at the ownership models for airports to understand the authorization processes from a cybersecurity requirements perspective,” said Anuj Sanghvi, a project lead at NREL. “For asset owners and responsible entities, it will be valuable to have tools that provide insight into authorization processes. There is much work to be done beyond the initial guidance thus far.”
The report addresses this multistakeholder situation by recommending a set of security principles based on existing standards and guidelines. For starters, network segmentation can effectively isolate assets from one another, and firewalls can limit data risks from untrusted network traffic. Technologies like NREL’s Module-OT can stand between assets as a “bump in the wire,” adding authentication via traditional mechanisms like Transport Layer Security, and other solutions such as intrusion detection systems can be scaled to provide visibility and threat monitoring throughout the network.
The report generally recommends putting cybersecurity first: embedded within the planning process and applied throughout technology procurement. Cybersecurity awareness at any facility can begin with assessments like the U.S. Department of Energy Cybersecurity Capability Maturity Model, which identifies vulnerabilities and potential investments for facilities, and the Distributed Energy Resource Cybersecurity Framework to manage the security of energy assets.
Learn More About Secure and Sustainable Aviation
Cybersecurity and hazard assessment are just one aspect of NREL and FAA’s broad partnership to study advanced air mobility. Read more about NREL’s sustainable aviation work.