RESISTANT

The RESISTANT project addresses the increasing risk of cyberattacks on aircraft and how they can be mitigated through new design concepts and methodologies.

Cyber attacks of any kind, are increasing exponentially globally. Today, the aviation industry is often the victim of so-called ransomware and phishing attacks. But in the future, cybercriminals may increasingly focus on the aircraft itself. In RESISTANT, an avionics platform is being developed that could be used in aircraft in the future. It is adaptive, self-configuring and is responsible for safety-critical functions, such as flight control, as well as non-safety-critical functions, such as in-flight entertainment. This open concept offers a larger attack surface for cybercriminals compared to today's avionics. 

Together with industry partners and other universities, the RESISTANT project aims to protect this avionics platform against cyber attacks by introducing the zero-trust approach. Zero trust means that participants of the platform do not trust each other. Requests, operations and communication are prevented as a matter of principle and only allowed after appropriate verification of legitimacy. This will be supported by digital twins for attack detection, especially for unknown attacks, and by the Aircraft Security Operations Center (ASOC) for central administration, evaluation of attacks and initiation of (automated) countermeasures.

We are conducting research in RESISTANT to further develop plug-and-fly avionics. It is investigated what the zero trust approach means for such a platform. Methodologies are being developed to implement the approach. The previous methodologies (topology detection, redundancy instantiation and function allocation...) are secured against random component failure. In RESISTANT, the willful compromise of the platform and its functionalities is investigated. The goal is to ensure that the self-adaptive avionics platform is protected against cyberattacks, e.g., by reconfiguring and isolating compromised devices.

Finally, the platform should provide some of the necessary evidence required by RTCA DO-326 and DO-356 through an automated "Security Risk Assessment".

RESISTANT is realized within the framework of the aeronautical research project LuFo VI-2 (funded by BMWK) with several partners.