The Duncan Download Blog: Business Aviation Advice & Observations

Contributed by Adrian Chene , avionics installation tech rep

For many aircraft owners, choosing which aircraft systems require upgrade can be a real challenge. None of the current publications are written with the aircraft owner in mind. Duncan Aviation has changed that. We have designed the Duncan Aviation Avionics Catalog to provide a common sense non-aviation explanation of what a modification actually does for you the owner.

DOM’s should also feel free to use this information when explaining the benefits of recommended upgrades to owners."

To discuss avionics installation solutions specific to your aircraft, contact a Duncan Aviation Avionics Installation Sales Rep.

	Domestic Inflight Internet Getting office speed when en route to Aspen. The Aircell GoGo internet is not your father’s dial-up system. It is fast. Airline passengers share one Aircell internet connection. You can have your very own. How fast, you ask? 1-3 Mbps fast. With GoGo, you get more than just the Internet. Aircell has engaged the major cellular players, providing an App that allows you to send and receive texts and phone calls to your personal phone while in flight. There is an additional initial and monthly charge for this service. What is in the Aircell system? Two electronics boxes and two belly-mounted antennas that when installed spell staying in charge in flight. The Aircell system has an STC and can be installed during most scheduled inspections without delaying your aircraft’s return.
	International Inflight Internet For the plugged-in business traveler, the notion of slipping off the grid during long transoceanic flights is not a viable option. They feel unproductive if not allowed to extend their office skyward and keep working. Cobham developed the most cost- effective international internet system for this application. The Cobham Aviator 700 internet connection runs at approximately 432Kbps during the long legs that challenge your resistance to boredom. When paired with the right router, internet connection speeds can be even faster. In addition to providing reliable internet connections, it operates as a phone system allowing your aircrew to send and receive data messages to Air Traffic Control and your maintenance teams. The Aviator 700D may also provide the satellite link for a FANS 1/A aircraft. If the antenna system can be reused, the installation can be complied with during other scheduled work with no impact to schedule. Aircraft requiring a new antenna will require more time to install the system. Either way, call us. We’ll answer all of your questions.
	Guest Entertainment Whether you want to review a presentation with your sales team on a bigger screen or are just trying to get the kids to fall asleep en route to Paris, entertainment systems remain as relevant in the air as they are on the ground. A cabin system that represents an excellent mix of value versus cost is called Venue from Rockwell Collins. State-of-the-art components provide fully digital vibrant 1080p video and crystal clear heart pounding sound at a price point similar to the low def equipment available just a few years ago. Your HD iTunes content, and ripped media at home are now available in flight via Rockwell Collin’s Skybox. Skybox stores content locally, providing a familiar environment, friendly to board members and family alike. Control of your environment has never been so easy with apps that turn your IOS device into a universal cabin remote.
	International Phone From Antarctica to Chicago you have a need to talk to people. You don’t say goodnight to a child or negotiate a delicate point of a contract via email? When you need to be clear, even in remote regions of the world, Aircell’s Axxess system is a dual-line phone that works anywhere your aircraft is. Axxess has noise-canceling handsets with two lines of communication. It is a relatively low cost system to install with a low cost per minute to use. If you decide to install it along with Aircell’s GoGo domestic internet service, you will save over $10,000. Aircell has established itself as the largest manufacturer of Iridium systems in the business jet world and maintains its position as an industry leader in domestic internet services.
	Geek Chic: Routers Matter  I will rattle off the laundry list of bad to the bone IT gizmos that have been included in this unit, because I know part of being geek chic is embracing the lingo, but listen closely; GET THIS ROUTER. I should also mention that the Satcom Direct’s Router costs less than any of its closest competitors with an increased level of versatility and added features. It streams movies securely to mobile devices from onboard media servers super-fast. The Satcom Direct router automatically establishes a secure link between the aircraft and your home or corporate network when connected outside the U.S. This secure link makes your international internet faster due to hardware level accelerators that compress and encrypt traffic so that your computer doesn’t have to. It also has cellular failover, so you aren’t spending big bucks while parked on the tarmac. Pesky hackers are fended off with all the standard Wi-Fi security options.
	ADS-B: Meeting The Mandate  A mandate is something a regulatory authority like the FAA will require to continue to operate your aircraft without limitations. ADS-B is one such mandate that is required by 2018 for Europe (EASA), 2020 in the U.S. (FAA), and right now in the pacific nations. ADS-B increases the amount of information available to Air Traffic Controllers (ATC) about your aircraft. This permits better traffic management and safety for both ATC and you.
	FANS 1/A: Why is it necessary?  Imagine a school of fish swimming in the ocean’s current. More and more fish enter the current as time goes on until there are so many that not all of them are able to fit in the current. That is essentially what has occurred over the Atlantic Ocean for aircraft. The air current for aircraft is called the North Atlantic Track (NAT). It is a shifting highway in the sky that changes depending on wind direction. A few years ago controllers began to notice this current becoming more and more crowded. FANS 1/A is a new communications method that theoretically allows controllers to pack more aircraft in this highway in the sky. It equates to fuel savings and shorter flight time. It is now being mandated for trans-Atlantic NAT aircraft.
	Crew Gizmos: Retire The Floppy  For the last 15 years, the 3.5-inch floppy disk has been the mainstay of your crew’s interface to the computers on board your aircraft. It is time to upgrade to a thumb drive. While not a quantum leap of technology, it loads faster and more reliably. Both Honeywell and Rockwell Collins have released their new thumb drive data loaders that are rugged and consistently perform. Also, an upgrade to your floppy drive in many cases is required prior to doing other upgrades to your aircraft.
	WAAS/LPV Have a better chance of landing when and where you want.  WAAS/LPV sounds more like a syndrome than a solution for problematic landing procedures. It is a series of system and software upgrades that allow your aircraft to perform better during an approach to an airport.  If your aircraft is equipped with WAAS/LPV you will be able to land at airports experiencing poor weather where you would have normally been diverted. This means more on-time landings. Also, with more and more aircraft being equipped with WAAS/LPV every day, aircraft not equipped with WAAS/LPV may have a lower resale value when it comes time to sell.
	Bunches of Mods: Batch 3+ With the current pace of Batch 3+ completion, the most important thing to know about Batch 3+ is that it is a pay me now or pay me later proposition. Aircraft not equipped will suffer dearly at time of sale and face operational limitations. With that being said, it is recommended to invest now in Batch 3+, while competition amongst aircraft shops is most likely to get you the best deal. Batch 3+ has three parts. Two are optional, one is mandatory before completing the others. Batch 3+ Part 1 (mandatory) is a general upgrade of the operational software of the avionics system. In addition to fixing some known problems, it adds future provisions to keep the aircraft viable through additional upgrades. Batch 3+ Part 2 (optional) is related to FANS 1/A. This modification allows your aircrews to keep operating in oceanic highways in the sky with better communications to air traffic control. This is due to new flying rules Batch 3+ Part 3 (optional) is related to WAAS-LPV. This modification allows the aircrews to fly into airports that are experiencing poor weather conditions with more success.
	Falcon EASy II Must Have Mods  The Easy II upgrade is not all about fancy gadgets. It is about bringing your aircraft into a new digital flight environment. Air traffic management agencies around the world are changing the rules of flight in air space over the oceans, Europe and even here in the U.S. What follows is a baseline for EASY II modifications that will maintain your aircraft’s current operational capabilities. The EASy II Baseline upgrade provides software fixes some issues and provides minor operational improvements. It also serves as a prerequisite for all other modifications. CPDLC This is a European mandate related to air traffic control operations in the European Union (EU). FANS 1/A - A mandate that improves communications from air traffic control operations to your aircrews during trans-oceanic flights.   ADS-B - A U.S. (2020) and EU (2018) mandate that increases the aircraft information available to air traffic controllers.
	Falcon EASy II Safer Nice-to-Have Options     Now let’s discuss options that can significantly increase the level of safety aboard your aircraft. It is important to note that you and your teams are not alone in this process, Duncan Aviation’s sales teams are here to help explain the advantages and costs associated with modifications in a refreshingly non-technical manner. WAAS/LPV provides improved guidance when flying in to airports experiencing bad weather. Paperless Charts make maintaining aircraft databases easier and may remove the requirement for paper charts on board (pending final approval by local aviation inspector). XM Weather improves crew situational awareness regarding inclement weather. Synthetic Vision produces a video game like display of the surrounding terrain to improve the aircrew’s situational awareness. Automatic Descent Mode will causes aircraft to fly down to breathable altitude if a loss of cabin pressure occurs

Adrian Chene is an Avionics Tech Rep for Duncan Aviation. He provides troubleshooting and technical advice on avionics installation services, and specializes in custom, integrated HSD solutions. He began working in aviation in 1996.

Satcom Security Issues in Business Aviation: Part 2 

Contributed by Adrian Chene, Avionics Tech Rep

Hackers are always looking for the back door to get your information or disrupt operations. Information is most easily breached at places where protective barriers do not exist. In many cases, it is much easier and expedient to breach a laptop with a screwdriver than with sophisticated software. This makes physical computer security critical when carrying out IT operations abroad. 

Physical IT security aboard business aircraft can be breached in three main areas: satcom network, computers and electromagnetic emissions.

Satcom Network Security

Your satcom service provider should have physical and software security measures in place to help prevent data from being compromised. This should involve some form of professional independent auditing which verifies that they are taking adequate measures to ensure the protection of customer information. 

FISMA and SAS 70 compliance are common auditing practices designed to ensure some baseline of security is being applied with regards to protection of customer information. While compliance is not necessarily an indication of the quality of protection that is provided, it demonstrates a service provider’s willingness to submit to review by an independent auditor.

Physical Digital Security

Any device with an internal memory is a weak point. Cellular phones, iPod Touch’s, and laptop computers can all be compromised. If you do not intend to use your cell phones or other network devices leave them in the hangar.

Phone calls can be made using a dedicated voice-traffic-only cell phone, the in-flight satcom to relay non-sensitive information or at your final destination.

Laptops that do not have hardware-level security measures should not be taken or should be kept under continuous supervision. Operatives may compromise the contents, if they are left unattended in a hotel room.

I recommend that business teams only travel abroad with laptops that contain encrypted hard drives. This will make it more difficult to copy the hard drive and retrieve the data. Some private key systems will be very difficult to crack even if the entire machine is stolen.

Electromagnetic Emissions

Computers produce a lot of electromagnetic noise. With specialized software and signal analyzers, the savvy can turn this noise into usable information. Electromagnetic signals have a tough time getting through “Gaussian Surfaces,” or enclosed metal surfaces. This means that laptops with metal cases may broadcast lower levels of unwanted signal. Getac (a GE subsidiary) does make a line of commercial tough books (like the A790) that are similar to models produced for the Department of Defense. 

When the required equipment for emissions detection will not fit into your iPhone or laptop, you can protect your data by being unpredictable. Use your computers in different locations each time. It is not recommended using your computer in your hotel room where operatives could have advance notice of your location. Use the laptop’s batteries wherever possible as AC chargers can be their own emission source. Wait till your laptop is turned off to charge it. 

I will be the first to say that I am not an Intelligence Operative. What I have written here are some considerations for individuals traveling in nations where intelligence operations pose a threat to legitimate business practices.

Hopefully you have some questions now that you can take up with your security firm to further advise you. It is not paranoia to think you are being spied on when operating abroad, where espionage can be performed with impunity by domestic intelligence agencies. The only real question is whether or not you will insist on taking measures to ensure that your passengers are both physically and digitally safe.

In part 1 of Satcom Security Issues in Business Aviation, I discussed hardware encryption and HSD security for international operations.

Adrian Chene is an Avionics Tech Rep for Duncan Aviation. He provides troubleshooting and technical advice on avionics installation services, and specializes in custom, integrated HSD solutions. He began working in aviation in 1996.

Satcom Security Issues in Business Aviation: Part 1

Contributed by Adrian Chene, Avionics Tech Rep

To say that large corporate networks are under daily attack by hackers and cyber-spies is a gross understatement. What is interesting about these attacks is that they rarely ever start at some screen that says "password." They involve custom software applications that function as any predator does: by systematically exploiting weaknesses.

Network Security Risks

Bizjet operators whose passengers deal with sensitive information in foreign nations face real threats from several angles. The very networks used to communicate satcom system transmissions can be a serious point of compromise.

Russia, China and Australia currently require that all Inmarsat terminals that log on inside their border have traffic forcefully rerouted to centralized traffic management points (government servers). This can be troubling for operators seeking to do business abroad. 

Although it is impossible to stop the interception of your communications, you must take steps to secure it. The most efficient way to address this is to encrypt the information you are sending with a software or hardware intermediary.

Hardware Encryption

An investment in airborne routers, such as the CNX-200 by EMS, can employ VPN Tunneling at the hardware level. In my opinion, this is the more productive and preferred method because it creates a secure data pipe between your network and your aircraft without a decrease in data transmission rates. Maintaining average speeds of 700-800 Kbs using a sister gateway unit on the company’s network. The tunneling and encryption takes place behind the scenes and does not require any action by your passengers.

Software Encryption

There are a myriad of applications available that will encrypt information without additional hardware; making this a very inexpensive option. Cisco’s VPN Client is one such software-driven solution. While inexpensive, software-based solutions an adverse effect on the maximum speed of your Internet connection, cutting it in half to about a 400 Kbs pipe.

A hacker’s network server monitoring traffic would be hard pressed to intercept your transmissions in any type of useable form from either of these two options. 

In part 2 of Satcom Security Issues in Business Aviation, I will discuss physical security measures you can adopt to stymie foreign operatives.

Adrian Chene is an Avionics Tech Rep for Duncan Aviation. He provides troubleshooting and technical advice on avionics installation services, and specializes in custom, integrated HSD solutions. He began working in aviation in 1996.

Companies in the last 40 years have decentralized many operations, creating armies of satellite employees. Today there are engineers who do their best work in their bath robes from home. To accommodate this, company networks have been extended to remote locations using what is called VPN (Virtual Private Network) software. This is a program that recreates the network operations of being hardwired into your company network while you are away.

The Good

Nothing is truly secure on the internet, but there is something as secure enough. VPN software often has encryption features for traffic communicated between the company network and users that are offsite. The VPN's security features greatly increase the privacy of data sent across the web. Without getting too technical, a VPN uses a series of security protocols to scramble data between a user's computer and some other network.  It also provides security measures that make it difficult to intercept the encrypted data along the way. 

The Bad

PC-based VPNs require everyone using the service to have the software installed on their computers or phones. This may not be possible or desirable for many clients. When VPN software is installed on a customer's laptop it can have some detrimental effects on the satcom system connection and the device itself. Computer-based VPNs will cut the speed of accelerated SwiftBroadband connections (800+ Kbps typical) back to un-accelerated rates (300-400 Kbps). It is also worth noting that VPN software uses computer resources as well.

The Not-So Ugly

You can mitigate this by using a router that incorporates its own VPN accelerator. One example is the CNX-200 router manufactured by EMS. This unit can be tied to Satcom Direct's Aero-X data acceleration service or can be integrated directly into your home network. This will provide an accelerated encrypted data tunnel directly to your home network or Satcom Direct's ground based router. It is also worth noting that since the encryption and decryption takes place in the CNX-200, the VPN does not place additional stress on computer resources. This is currently the preferred method for SwiftBroadband customers.

As an organization, it is important to assess the level of data security that your clients require, and not be afraid to push to raise the bar to that standard. The end result will be a High Speed Data (HSD) system that matches utility with security.

Additional information on cabin network security is available in part 1 of this series, "Six steps to tighten Wi-Fi security during ground operations."

When you discuss communications security, eyes tend to glaze over. Most aviation professionals are used to things they can see, feel or in some way measure. When a router setting won't permit you to connect to the web anymore, no amount of visual inspection will help. It's just a black box until your IT guys make sense of it for you. That being said, I promise to keep this conversation to the point and as straight forward as possible.

HSD (High Speed Data) systems have become an integral part of flight departments with several solutions available, both ground- and satellite-based. However, when you look at onboard security of HSD systems, there are many weak points where a hacker can attack; the first being, the router.

Wi-Fi routers are popular onboard jets because they offer convenience for customers receiving e-mail updates with their blackberries. This is essentially a sophisticated radio and like any radio its signal can be easily intercepted. Of course, from the router the data goes to the satellite or ground-based network and then on to the Internet, where there are numerous points traffic can be intercepted. Information traffic security is the second biggest challenge for any work-away-from-home network.

Knowing where you're most vulnerable with security will empower you to increase your level of protection. While the following recommendations are by no means comprehensive, they do represent the start of a conversation that will hopefully increase the security of your onboard network.

The steps to tighten Wi-Fi security without any inconveniece

1. Turn the router SSID broadcast off.

Most wireless routers automatically transmit their network name (SSID) into open air at regular intervals (every few seconds). This allows passengers to easily find and access your system. However, this feature also makes it easier for hackers to intrude as well. If you are lucky enough to have the same passengers using the same computers and phones all the time you can turn this broadcast off and set the SSID to something other than the aircraft tail number.

2. Assign an encryption type and wireless passkey to your router.

I generally use WPA encryption with a pass-key as a baseline for airborne router security.

3. Install a Wi-Fi disable switch.

One of the simplest ways to protect your client's satcom bill, computers and blackberries is by disabling the Wi-Fi on the ground. The last thing you want is a teenager at the FBO updating their Facebook on your SwiftBroadband. Have your satcom installation provider place a switch in your cockpit if one is not there already.

4. Add Wi-Fi instructions to your pilot's checklists.

You are probably safe to enable the Wi-Fi as you taxi away from an FBO. These systems have a very limited range and someone would need serious RF know-how to sniff your network at 1000 yards with an airborne router.

5. Have your passengers get plugged in.

If your clients must use the satcom system prior to taxi, provide them with an Ethernet cable and ask them to plug in. The benefit of this is two-fold: 1) This will allow your customers to surf the web with the Wi-Fi disabled and 2) it will improve the performance of their connection slightly.

Wired Ethernet connections outperform Wi-Fi generally, though on a typical SwiftBroadband network the difference will be negligible.

6. Other security protocols.

There are a myriad of other security measures that will reduce the likelihood of a cyber attack, such as MAC address filtering. Which security protocols will work best for you will often depend on the demands of your clients.

Wi-Fi signals are easily intercepted, and for that reason they are particularly vulnerable to manipulation. With that being said, your best defense against an experienced hacker is to not be an easy mark. Developing your own WIFI security measures alone can often deter the would be hacker.

Stay tuned for part 2 of HSD Security, "The Good, The Bad and the Not-So Ugly of VPNs."

Adrian Chene, Avionics Tech Rep