Secure Data Loading Systems
Ensuring that aircraft are kept up to date with the correct and latest software and data in a secure manner
Over the past decades aircraft have become more complex with advanced automation and avionics, and the need to keep their systems up to date with the latest software and data has grown. Avionics data loading systems—the primary method used to upload field-loadable software and data to aircraft onboard computers or retrieve data for further analysis— play a critical role in doing this. Data loading is how aircraft updates its various navigation databases at regular published intervals to provide airspace, airport, terrain and other data for the aircraft.
Not only can data loading systems ensure compliance with ever-evolving regulations via rapid updates and modifications to aircraft data systems, they can also provide increased operational efficiencies and enhanced safety. Streamlining this often-complex process helps improve operational efficiencies, reduces manual input errors and minimizes aircraft downtime. Data loaders can even perform integrity checks of the load, as well as validate authenticity by means of digital signatures.
The most common reason software and data is field loaded is for the mandatory navigation database update, which occurs every 28 days in accordance with the Aeronautical Information Regulation and Control (AIRAC) cycle. “This is required to meet continued airworthiness requirements by ensuring that all aircraft operate with a consistent set of data worldwide,” says Thomas Nicholls, Systems Lead, MBS Electronic Systems GmbH & Co. KG Gilching, Germany. “Another reason is to implement service bulletins from original equipment manufacturers (OEMs) for updates for issues ranging from mandatory safety changes to advisory functional and efficiency improvements. Lastly, hardware replacements can also require the software on the new hardware to be updated, as it will not always match the approved configuration of the aircraft.”
Loading Standards
In the commercial aviation sector, avionics data loading systems typically rely on industry standards, allowing vendors to develop interoperable tools. Scott Ridge, Vice President of Business Development, Avionica LLC, Miami, says this means mechanics can follow a consistent process for different aircraft, such as Airbus and Boeing, which simplifies maintenance and accelerates updates. “These standards also help address growing challenges like cybersecurity threats and the need for enhanced connectivity. However, on some modern aircraft, OEMs have introduced proprietary solutions that add complexity, requiring more training and slower response times to new challenges. The legacy of standards has consistently provided better solutions, streamlining maintenance and ensuring consistency across platforms.”
Ridge cites the following benefits of standards-based data loading:
Interoperability: Vendors provide tools that work across different aircraft, making maintenance processes consistent and efficient for mechanics.
Enhanced cybersecurity and connectivity: Standards-based systems are better equipped to adapt to modern challenges, including cybersecurity risks and the increasing need for connectivity.
Streamlined maintenance processes: Legacy standards enable faster software updates and more reliable workflows, reducing downtime and ensuring quicker responses to issues.
Older avionics systems data loading was (and is still) performed with physical media (e.g. PCMCIA data cards) inserted into the front of the unit or with a computer connected via a test connector on the front of avionics units. Today, Scott Chambers, Vice President of Sales and Marketing, FLYHT Aerospace, Calgary, Canada, says most systems are connected to a central data loading interface or system where most avionics units can be loaded centrally from the flight deck using physical or electronic switching architected in the aircraft by the aircraft manufacturer. “Thanks to industry standards like ARINC 615 that have evolved over the years, a multitude of onboard and portable data loaders are now in use in the airline industry that can be connected to aircraft systems via standard interfaces. Some data loading systems are also used to harvest data from the aircraft for example new generations of aircraft engines on A320neo, 737MAX, 787 and A350 generate large volumes of data that is harvested using data loading systems. Typically, portable data loaders are connected directly to engine avionics mounted on the engine itself for this task.”
Phoenix, Ariz.-based Honeywell Aerospace Technologies follows the A835 software signing standard and A827 crating standard for secure deliveries of all loadable content on aircraft. Sarah Weinhardt Offering Management Director at Honeywell says in addition to this, Honeywell provides tools for end users (such as airlines) to verify the integrity and authenticity of our deliveries before they accept them within their ecosystem.
The revised ARINC standards are compelling operators to update their current data loading equipment to newer products that support these ARINC 645-1, 827, 835, and others. “The scope of security is extending from just the aircraft itself to tools that connect to the aircraft,” says Chris Kuske, director of data loader engineering at Teledyne Controls, El Segundo, Calif. “More specifically, data loaders are now becoming part of operator’s security picture. Some documents operators may be familiar with that may affect them are AC-119, the Boeing ANSOG, and DO-355A. These documents are changing the way airline operators deal with security in a big way.”
Different Loading Systems
Avionics data loading systems come in two primary forms: portable data Loaders (PDLs) and airborne data loaders (ADLs). Ridge says PDLs can be purpose-built hardware or software installed on a laptop, whereas ADLs are permanently installed on the aircraft. “PDLs are cost-effective and versatile, as one unit can service multiple aircraft without the need for aircraft certification. On the other hand, ADLs, while more expensive and dedicated to a single aircraft, ensure that the necessary data sets are always available and can be wirelessly updated, which reduces operational strain and improves dispatch reliability. By having an ADL onboard, the aircraft improves operational readiness, especially in situations where a PDL may not be available at an airport, ensuring all necessary updates can be handled quickly and without additional logistics.”
Jasmine Eggert, TechSAT GmbH, Business Line Manager Data Loading, Munich, Germany, notes that most modern aircraft use onboard data loaders to manage the configuration of airplane software configuration, and automatically synchronize with fleet repositories. “Legacy aircraft use PDLs and ADLs to configure individual onboard target computers. Onboard loaders and ADLs are installed on the aircraft, whereas PDLs can travel with the aircraft as a detached item or be kept at the operator’s maintenance stations. Data loaders also allow for downloading logs and aircraft performance data for off-board analyses to improve aircraft performance.”
Charlotte, N.C.-based Collins Aerospace uses self-contained avionics data loading solutions, simplifying the entire process for its customers while maintaining high levels of data security. “The system does not rely on carry-on devices and data loading can be completed anywhere the aircraft goes,” says Collins Aerospace Director of Avionics Marketing Chip Gilkison. “Only in cases where the aircraft has to go to a service center would an external data loading solution be required. Many of those data loads require specialized software to load the avionics and service centers are trained in how to use them.”
There is no standard data loading system for all aircraft. Weinhardt explains that every avionics system has its own protocols for this process— both for cyber security reasons and also to protect its IP. “But the process of data loading is pretty straight forward. There is usually a tablet application, which is approved to connect to the aircraft and transfer or receive data via a secure protocol. Some older systems use external storage devices or laptop temporarily wired to the aircraft versus a Wi-Fi or Bluetooth connection.”
Physical media loading of onboard systems consists of physical media like USB sticks, memory cards, CD/DVD and even 3.5” floppy disks for loading. The logistical and security issues around the use of physical media can be a real issue. “Time constraints around reproduction and distribution of physical media are real issues,” Nicholls cautions. “Consider the navigation data base but also other updates such as terrain data bases used with ground proximity warning systems that need to be updated across many aircraft in a timely manner. Administrating these updates is also an issue as there is always a lag between the loads being performed meaning is very difficult to track updates and re-arrange update opportunities.”
Security issues also exist in transferring the physical media and storing it, how do you ensure that media is not intercepted by a malevolent third party and modified? Nicholls explains “Many airborne systems do not support the PKI/digital signature check technology required to ensure the integrity and authenticity of the loadable software. Physical media is used with some avionic systems such as Enhanced Ground Proximity Systems (EGPWS) but also for some airborne data loaders, some of which still use 3.5” Floppy Disks! Using a PDL that supports physical media emulation can overcome some of these issues by staging the loadable software/data base to the PDL wirelessly, where it can perform a digital signature check prior to storage.”
Chambers explains until around 2010, onboard floppy disk loaders were standard on Airbus A320 and A330 aircraft and used on Boeing 737, 747-400, 757 and 767 aircraft. “Many airlines still use floppy disks, and onboard data loading systems with floppy drives are still in use. Around 10 to 15 years ago most airlines began to address floppy disk obsolescence and they increasingly started adopting portable or onboard data loaders that had non-volatile storage where virtual electronic copies of all floppy disk software for the entire aircraft are stored onboard.”
Advances and Innovations
In recent years, there has been an intense focus on security of all equipment (including data loaders) that interacts with aircraft. “New PDLs and ADLs that have been put into the marketplace have to support the latest security standards such as ARINC 645, 827, and 835,” says Chris Kuske, Director of Data Loader Engineering at Teledyne Controls, El Segundo, Calif. “At Teledyne, our new generation data loaders have been designed from the ground up to integrate those security standards. The objective is to ultimately ensure the integrity and authenticity of software parts during transfers and protect against unauthorized access at every stage. Newer data loaders also provide expanded data bus capabilities, more computing bandwidth, as well as reduced weight and power consumption compared to their predecessors.”
The new security standards (A645, A835, A827) are the foundation for the industry’s transition to secure loaders and are driving innovation. “Newer aircraft systems come with an onboard loader which adheres to the security standard, whereas legacy systems have to transition to using secure PDLs and ADLs compliant with the standards,” says Nicolas Lesellier, Product Manager Data Loading at TechSAT GmbH, Munich, Germany. “Difficulties in compliance with initial versions of the specifications are getting addressed by updates to mature and simplify the content, based on feedback from the initial rollout. TechSAT’s PDLs MKII and MKIII implement A645, A835 and A827 and work with both Airbus and Boeing aircraft.”
Nicholls agrees there has been progress in the domain of cybersecurity. “Many airlines have upgraded data loading systems to meet the latest requirements. This allows electronic distribution of loadable software parts in a secure manner ensuring the authenticity and integrity from the OEM to the installation on the aircraft.” Ridge says that as the world becomes “smaller” and more connected, cybersecurity has become an even more vital aspect of avionics design, certification and maintenance. “Industry efforts on standards for the entire process are being reviewed and updated through the Airlines Electronic Engineering Committee (AEEC),” Ridge explains. “This includes the entire process, from LSAP creation, delivery, the data loading device and final delivery to the affected LRU; end to end.”
Weinhardt explains that over-the-air or wireless loading continues to advance. “This seems simple when you consider how often our consumer home devices do this today but for the highly regulated aviation industry, there have been challenges with cyber and updating legacy aircraft with compatible gateways. In addition, the compression of data and the smarter use of that data to reduce the package size has allowed loading to take a fraction of the time it did just five years ago. But the same issue with industry regulations has caused delays in adoption of the wireless loading devices on older aircraft. New avionics systems are adopting these as standard.”
These advanced data loading systems can support modern avionics high-speed buses, such as Ethernet, ARINC 664 and high-speed CAN, says Carsten Schweigert, TechSAT GmbH, North America Region, Seattle, to support higher data volumes and shorter load times. “The industry currently transitions to secure loading, to ensure each loadable software part (LSP) has a valid digital signature which is validated prior to each data upload (transfer of data to an aircraft computer). Secure loaders replace existing non-secure loaders by either upgrade or exchange.”
Another innovation is wireless connectivity to automatically deliver or “stage” software parts on to the aircraft. With integration of a ground system like FLS-Desk and a secure wireless method to move software parts to onboard storage on the aircraft and a data loader function embedded in the aircraft Chambers explains it becomes possible to always have the right software and data loading capability on every aircraft all the time. “And, with global cellular connectivity software updates can be delivered very quickly to an airline’s entire fleet ready for line maintenance to walk onboard and perform the software loading tasks such as the monthly navigation data base update.”
Cloud-based data management advances data loading. Gilkison says this allows operators to upload and manage their software and databases remotely from a centralized system. “The ability to push updates to multiple aircraft and entire fleets from a singular location significantly reduces aircraft time spent on the ground and enhances security by ensuring only approved personnel are uploading verified data.”
What’s Unique about Avionics Loading?
Like all things in the aviation industry, Gilkison believes there is a heightened focus on safety, security and regulatory compliance within avionics data loading. “Aircraft systems, components and operations are highly regulated and require precision, appropriate checks to confirm data transmission and error mitigation.”
The airline industry has aviation specific standards developed by the AEEC. Chambers says the purpose of these standards includes enabling interoperability of systems and as a part of that is enabling innovation and competition. “The standards cover all kinds of avionics systems and topics including guidelines and recommendations for field loadable software, data loading interfaces and protocols and security. In aviation, the safety criticality of avionics and regulations require tight configuration management and controls over aircraft software and avionics data loading.”
Don’t Overlook Data Loading
Data loading can be sometimes overlooked in the context of operating aircraft. “As aircraft designs continue to evolve, the amount of computing power on aircraft will continue to grow,” Kuske says. “These new systems will require updates to continue to function properly, and data loading is critical to maintaining the authorized configuration of those systems and the aircraft as a whole. The security landscape around aircraft will continue to evolve as well, and today’s data loaders are part of the solution to ensure safe and secure operation of an operator’s aircraft.”
By Mark Robins
