August 2015 Issue
First Word: August 2015
Cybersecurity and Garmin's Wireless Cockpit
The concept of a wireless cockpit—pushing flight plan data from a tablet app to certified avionics, to name one capability—is supposed to curtail the task of programming a panel GPS. I think Garmin’s Flight Stream Connect wireless network, via its Pilot tablet app, succeeds in doing that, but doesn’t eliminate all of the workload, which is a good thing. That was my impression after Garmin’s Jessica Koss demonstrated the Flight Stream and ADS-B interface as we flew in the company Cirrus in the Northeast airspace, pictured to the right.
If you’ve ever flown with a pair of Garmin navigators (either the GNS430/530 or GTN750/650), you’ve likely used the crossfill function, where data that’s programmed into one navigator automatically feeds into the other through an RS232 serial databus. This eliminates the tedious task of programming the same flight plan into both navigators. But programming the panel navigators remotely over a wireless hub can’t work as seamlessly, and that has much to do with safeguarding critical flight data. Call it cockpit cybersecurity, if you will. That’s what the FAA calls it.
In reality, the FAA certification folks got it right when they certified the first wireless cockpit interface—Aspen’s Connected Panel—a few years ago. It required that the pilot has to first confirm the data that’s flowing from the tablet before the navigator accepts it (and the autopilot flies it), even if it creates extra workload to verify and accept the data transfer on the receiving panel navigator. But aside from pilot intervention, combining uncertified tablet data with a certified panel navigator has more safeguards than you might think. It begins with a high standard of certification that addresses how the data is safeguarded.
Garmin commenced its STC-approved Flight Stream wireless project before the FAA issued its policy statement on cybersecurity as it relates to portable electronic devices and non-certified off-the-shelf commercial technologies. This meant without previously approved guidance in place, Garmin had to demonstrate (through a special compliance process) how the Flight Stream system addresses inherent security vulnerabilities—including data encryption issues—when interfaced with higher-level avionics systems. Alan Blood, Garmin’s software engineering group leader, described some specific architectural traits inherent with the Flight Stream which made FAA certification easier.
“The Flight Stream box handles all of the wireless Bluetooth connections, including authentication and handshaking with the tablet computer. Once that data gets to the panel navigator, it goes into a holding area and can’t be activated until the pilot reviews the flight plan and adds it to a flight plan catalog. It is an extra step or two,” Blood said. Additionally, the tablet app sends over a list of waypoints (identifiers and GPS lat-long coordinates) for validation with the navigator’s certified internal database. This prevents the pilot from sending over the right identifier, but perhaps the wrong geographical location. “We’re trying to avoid a situation where someone could hack in, mess with the data and ultimately send the aircraft into a mountain,” Blood said.
Although the Bluetooth Flight Stream can connect with multiple tablets, the device has to be manually paired from the dedicated Connect page in the GNS or GTN navigator. This makes it difficult for a back-seater to push data from his tablet into the panel, for example. Still, I wondered why Garmin didn’t use Wi-Fi for connecting its Flight Stream wireless network, given the added benefits of password protection, but Garmin’s Blood noted that connecting with Wi-Fi won’t allow for simultaneous cellular and Wi-Fi connectivity.
I also wonder what capabilities will come next, as flight planning only scratches the surface of a full-up wireless cockpit. For certain, the FAA is onboard, overseeing that cybersecurity issues remain in check.—Larry Anglisano