The Cyber Anomaly Detection System tells pilots when their plane is being hacked.

The Cyber Anomaly Detection System tells pilots when their plane is being hacked. Raytheon

New Tech Aims to Tell Pilots When Their Plane Has Been Hacked

Raytheon is pitching a product to detect cyber intrusions into aircraft, drones, and even missiles.

As the military helicopter lifts off the ground and heads skyward, the numbers on the altimeter suddenly stop ticking upward. The rumble of the helicopter’s engines fade and the chopper starts losing altitude. A second later, a dire warning flashes in red on a cockpit screen: “Cyber Anomaly.”

The helicopter is under attack, but not from missiles or guns. Seconds later, it smashes into the ground.

Luckily for the pilot, he’s not in a real helicopter — just a small simulator set up in a conference room of a high-rise office building in Arlington, Virginia. Greg Fry, the engineer at the controls of the choreographed crash, is part of a Raytheon team that is building a new warning system that tells pilots when their planes are being hacked, something the U.S. military expects to happen in the battles of the future.

“Basically, we’re trying to give the pilot the information about what’s happening internally on his aircraft in real time,” said Amanda Buchanan, the project’s engineering lead. “We’re telling him what’s going on and allowing him to make decisions about what he needs to do to correct the problems.”

Inside most aircraft, important electronics are plugged into a serial data bus. The bus used in many U.S. military planes was developed in the 1970s and “still have not been updated for security,” according to Fry, a cyber-resiliency product manager at Raytheon.

“You GPS talks on it, your fuel valve switches are on it, your autopilot is on it and other avionics systems all communicate over this bus,” Fry said. “What we found is as technology has increased and more and more [commercial] products are put in aircraft, there’s more of an attack surface for cyber threats to go onto the platform.”

Raytheon began developing this Cyber Anomaly Detection System three years ago after receiving “customer feedback” about “vulnerabilities in aviation platforms,” Buchanan said. She declined to identify the customer. Raytheon self-funded the project, Fry said. Company officials won’t say if the systems is deployed on U.S. military aircraft.

Pentagon officials have increasingly been talking about weapon cyber vulnerabilities and the need for companies “harden” their products. In August, the Washington Post reported that Air Force-sponsored hackers had found cyber vulnerabilities in the F-15E Strike Eagle fighter jet. 

Hackers can get into military and commercial aircraft, vehicles, and even missiles and bombs by infecting them with malware — say, by plugging an infected cell phone into one of the aircraft’s USB ports, or even wirelessly, Fry said.

Buchanan hacked Fry’s helicopter by injecting malicious code wirelessly from a tablet. The code caused the helicoper’s engines to shut down. While Fry was able to disable the helicopter's wireless receiver before hitting the ground, he was not able to stop its fall.

Raytheon says the technology could be used to detect cyber intrusions on drones, vehicles or even missiles. And although its product can currently only detect attacks, new versions may be able to fight them off and repair the damage.

“In the future we’re looking more in that direction, but right now we’re starting with a passive system, so we won’t interfere with the bus,” Buchanan said. “We’re just going to leave the human in the loop [and] leave the pilot in control and make him aware of his surroundings so that he can take the actions.”