The CCX Technologies Avionics Intrusion Detection System (IDS) enhances the cybersecurity posture of existing avionics data buses by continuously monitoring real-time traffic for anomalies—whether originating from adversarial cyberattacks or operational issues.
When anomalies are detected, they are logged in a secure database and can be presented to aircrew or ground operators for immediate analysis and response.
The system provides a real-time view of avionics activity, enabling improved control over air operations, reducing the risk of rerouting, groundings, and delays, while enhancing fleet safety and operational oversight.
Minimize the Impact of Cybersecurity Events
Cyberattacks on aircraft can disrupt flight operations, potentially leading to flight rerouting or, in severe cases, grounding by National Aviation Authorities (NAAs) if impacts are not rapidly identified and mitigated.
An Avionics IDS plays a critical role in quickly identifying the scope and impact of a cyber-attack, allowing for informed, real-time operational decisions that mitigate the attack's effects. This proactive detection helps minimize both operational disruptions and the costs associated with a cyber-attack.
Additionally, the data archived by the IDS system can be provided to NAAs, facilitating faster responses and reducing the duration, costs, and impact of mandated fleet groundings or system updates.
Certify Connected Systems
In the last few years most National Aviation Authorities have added cybersecurity requirements to the aircraft certification process and additional requirements are in development in all major jurisdictions.
Connected systems on an aircraft can add a lot of new utility, decreasing operational costs of managing a fleet of aircraft, and increasing passenger comfort but any of these new connected systems need to be shown to be secure from outside influence.
An Avionics IDS system can be used to demonstrate an extra layer of cyberdefence, and can be the difference in achieving certification on a new connected system. This includes systems being certified using the processes defined in DO-326 and ED-202.
Attack Vectors
The cybersecurity landscape is constantly evolving, making it challenging to predict and prevent attacks. An Avionics IDS can identify both known and novel attack vectors and can identify impacted system operations from unknown and unexpected attacks.
Common attack vectors include: RF Spoofing Attacks: Such as GPS, ADS-B, ADS-C, Mode-S, ACARS, and others. These attacks can be detected by comparing traffic across multiple sensors and identifying discrepancies from expected data flows.
Hardware Tampering Attacks
Where additional equipment is installed on the data bus to interfere with communications. These attacks can be identified by detecting protocol or signal-level inconsistencies and cross-referencing data from different avionics systems on separate buses.
Supply Chain Attacks
Malicious alterations to equipment during manufacturing or maintenance. The IDS can detect irregularities in data bus traffic that are inconsistent with the expected behavior of installed systems.
Supported Platforms
Avionics data can be collected using CCX Technologies DataPHY Data Collection Pods, and some of our Secure Router platforms also support ARINC-429 and AFDX data collection. Additionally, the CCX Technologies IDS can pull data from third-party data collections sources, such as existing FOQA or other data monitoring systems.
The Avionics IDS runs as part of the SystemX Operating System on any of our Secure Router platforms or as a virtual machine on third-party equipment already installed on the airframe.
Alert data can be transmitted to a SystemX server in real-time over SATCOM, post-flight via 5G or WiFi, or during maintenance via a secure laptop.
Avionics IDS Operation
For a complete description of the operation of of the Avionics Intrusion Detection Systems included in SystemX refer to the SystemX Falcon Intrusion Detection System page.
The The SystemX Avionics ID runs on an AP-250/AP-251, or virtual machine as part of a complete SystemX installation. It processes data captured by CCX Technologies DataPHYs, integrated sensors, and other third-party data collection equipment.
The IDS and related data collection applications can be configured and controlled via an Admin GUI and a remote API to support specific message formats and avionics equipment.
Data capture applications are responsible for decoding avionics messages from different protocols; ARINC-429, MIL-1553, CAN bus, AFDX, ARINC-664, ARINC-717, and providing them in a standard JSON CCX Avionics Common Data Format (CACDF).
These data samples are forwarded to algorithms as specified in a configured rule-sets. A set of algorithms is supplied by CCX Technologies, the system also allows for OEMs to create their own rulesets and algorithms for specific aircraft configurations. Typically these would be developed using our SystemX Development Kit.
The algorithms can raise alerts based on current and historical data. The alerts are stored into the SystemX distributed database system and can be made accessible locally to the flight crew and/or to a remote server hosted in Security Operations Center (SOC).
A configurable discrete output on the AP-250/AP-251 can be used to control an annunciator in the crew area or even the cockpit to signal critical alerts.