EVYYS Juan DOMINGO LOBATO ICAO Symposium Security Overview
Why we need Security Page 2
PHYSICAL THREAT OUTLOOK Selected Examples (Non exhaustive list) Aircraft misappropriation (seizure) for blackmail purpose or for using it as mass destruction weapon (ex : 9/11) Contamination of crews and passengers with CBRN agents Unruly passenger, Hijacker, Terrorist Electromagnetics Interferences (Impulses Jamming) Laser Illuminations Aircraft ground attacks (ManPADS, lasers, drones,...) Ground attack (Bomb, missile ) Gate Outstation Operations & Dispatch centre Aircraft sabotage on ground (unsecured aircraft vicinity / Insiders) Maintenance & Engineering Centre Improvised Explosive Devices (IED) on board (or incendiary devices) Hangar Aircraft data & parts suppliers Warehouse May-16 Footer
ICAO Symposium RPAS & ATS Security Topics CYBERSECURITY OUTLOOK Selected Examples (non exhaustive) Satellite Communications (SATCOM) Cabin links accessible to passengers (Cabin Wifi, plugs on cabin seats, FAP, bluetooth ) Aircraft - Ground links (HF, VHF, SATCOM ; GPS, ILS ) with in-flight access COTS, Plugs, Wifi Outstation Air/Ground Links ACARS HF & VHF Satcom Aircraft - Ground wireless links (Gatelink, GSM, Wifi, WiMax ) Gate GateLink (Wireless) Operations & Dispatch centre Maintenance & Industrial systems (PMAT, PDL, troubleshooting equipment, USB keys, ITcards ) Aircraft data & parts suppliers Supply chain (Embedded systems security, Transit of Software from Supplier to Aircraft ) Maintenance & Engineering Centre Hangar 4 Warehouse PMAT Page : Portable 4 Maintenance Terminal PDL : Portable Data-Loader FAP : Flight Attendant Panel 4
The reasons of fears Increased passenger connectivity Increased real-time data to operate the A/C Extensive use of connectivity is all the more worrying that, at the same time, economical constraints pushes the community to use General Public Commercial Of The Shelf (GP- COTS) products to support the connectivity needs. Better prediction and reactiveness for improved safety and aircraft operation Non time-critical data Performance analysis and big-data Better prediction of performance trends for sustained aircraft operation Page 5
The e-enabled aircraft : The times they are a Changin!! Simple Proprietary Obscure Isolated Closed Complex Standardized Documented Connected Open An evolution of capabilities but technology can be taken hostage ~144 Millions of new malwares samples recorded in 2014 12 millions per month Flight Operations Maintenance Cabin Crew Passengers Navigation Charts Airport Maps Weather Maps Performance 400.000 Calculations per day Electronic Manuals Technical Logbook 4.5 new malware variant Maintenance Tools Performance Analysis Monitoring Troubleshooting Maintenance Manuals Technical Logbook Cabin Logbook Cabin Management Cabin Systems Control Passenger Lists Electronic Manuals IFE Systems Internet Connectivity Phone Services OnBoard Intranet Service Page 6
Main Security Objectives Confidentiality* (access-controlled sensitive info) Integrity* (accuracy & completeness resources & System) Availability* (access at time resources & System) *Definitions taken from NATO Roadmap Page 7
Safety Vs Security
Aircraft: Always the Last Line of Defense! Intelligence Interdiction Passenger screening Intelligence Interdiction Airline Operations Airplane protection Airport Security CNS/ATM Airplane Page 9
Manufacturer regulatory framework Getting Airworthiness Continued Airworthiness CS-25 Certification Specifications + SC Design DOA Production tests Delivery POA Aircraft in operation TC HOLDER 21A.265 (c) Type Design 21A.165 (c)(1) Production 21A.265 (c) MODifications 21A.139 (v)(xvi) Tests and delivery Corrective actions 21A.139 (v)(xvi) MANO (Manuf. Occurences) 21A.3 (a) Continued Airworthiness Part 21 ICA Part M I S O Design secure Legend Produce secure Maintain secure OPERATORS Page 10
Break-Down Assets The ATM RPAS own assets Aircraft Control Station Data Link The mission and data ATM Hardware Software Networks Personnel Site Organisation RPA Data Link CONTROL STATION Aircraft Payloads Ground Station Page 11
ICAO Symposium RPAS & ATS Security Security Process: Assessment + Assurance Page 12
Information Security Assurance Cyber-Security Best Practices Inventory of Authorized and Unauthorized Devices Inventory of Authorized and Unauthorized Software Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers Continuous Vulnerability Assessment and Remediation Malware Defenses Application Software Security Wireless Access Control Data Recovery Capability Security Skills Assessment and Appropriate Training to Fill Gaps Page 13
Information Security Assurance Cyber-Security Best Practices Limitation and Control of Network Ports, Protocols, and Services Controlled Use of Administrative Privileges Maintenance, Monitoring, and Analysis of Audit Logs Controlled Access Based on the Need to Know Account Monitoring and Control Data Protection (Encryption/Secure Erasing) Incident Response and Management Secure Network Engineering Penetration Tests and Red Team Exercises Page 14
Conclusions The safe execution of RPAS operations is highly dependent on the security of the RPAS and its environment. Security addresses all aspects (HW, SW, COMMS, Air Traffic,..) that affect RPAS operations. Security shall be involved in the whole lifecycle of the product (design conception, development, production, Customer services, disposal) Exchanging with Aircraft Manufacturers Education, awareness and training to create a security culture Page 15
References Manual on remotely piloted Aircraft Systems First Edition 2015 The Critical Security Controls for Effective Cyber Defense Version 5.0. Roadmap for the integration of civil Remotely-Piloted Aircraft Systems into the European Aviation System NATO Guidelines for the security Risk Assessment and risk management of Communication and Information Systems CIS - AC/35-D/lOl7-REV2 Page 16
Thank you! Any Questions? Page 17