Michael Weigand is the chief growth officer of Shift5 Inc., a startup firm providing cybersecurity services across commercial and military segments of aviation, rail and other forms of transportation.
Weigand is a former U.S. Army cyber officer who co-founded Shift5 in 2019. During his live presentation given at the 2022 Connected Aviation Intelligence Summit, Weigand gives an in-depth technical overview of how connected aircraft systems work, why they’re vulnerable how airlines can develop an Aircraft Network Security Program.
The FAA first established its Aircraft Network Security Program in 2015 as an Advisory Circular for airlines that operate aircraft featuring connectivity. Weigand goes well beyond explaining how airlines can develop an ANSP into giving a detailed explanation as to how specific aircraft computers and data bus networks function, and why he believes there is no such thing as an “un-connected” aircraft for airlines anymore even with those that do not specifically feature passenger-facing connectivity onboard.
Below is an interesting observation given by Weigand during the presentation:
“I want to suggest that the industry not focus on the infotainment and passenger connectivity systems as the primary cyber threat to the aircraft. Candidly, from a security professional’s perspective I don’t care that the passengers don’t have Wi-Fi, because that system was degraded by a malicious actor. We care about flight safety first and foremost, it’s really the flight deck, it’s the green side of the aircraft that the conversation needs to be focused on, and I think previous security research done initially by the hacking and academia community has kind of mislead the industry to talk about what’s going on in the cabin and not in the flight deck.”