Physical Security of Remote Pilot Stations and Aircrafts (when On Ground)



Similar documents
INFORMATION & COMMUNICATIONS TECHNOLOGY (ICT) PHYSICAL & ENVIRONMENTAL SECURITY POLICY

INFORMATION TECHNOLOGY SECURITY STANDARDS

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

ISO27001 Controls and Objectives

ISO Controls and Objectives

Risk Assessment Guide

Server Protection Policy 1 1. Rationale 1.1. Compliance with this policy will help protect the privacy and integrity of data created by and relating

Information Security Team

Hengtian Information Security White Paper

External Supplier Control Requirements

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

SECURITY ASPECTS IN MOBILE AD HOC NETWORK (MANETS)

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Information Security Awareness Training Gramm-Leach-Bliley Act (GLB Act)

Data Security Incident Response Plan. [Insert Organization Name]

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

HIPAA Information Security Overview

DeltaV System Cyber-Security

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Data Management & Protection: Common Definitions

External Supplier Control Requirements

SAMPLE HIPAA/HITECH POLICIES AND PROCEDURES MANUAL FOR THE SECURITY OF ELECTRONIC PROTECTED HEALTH INFORMATION

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014

Chapter 4 Information Security Program Development

Information Security Basic Concepts

Risk Management Guide for Information Technology Systems. NIST SP Overview

Practical Overview on responsibilities of Data Protection Officers. Security measures

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

Information Security Management. Audit Check List

Incident Reporting Guidelines for Constituents (Public)

Security Control Standard

April 21, 2009 Dines Bjørner: MITS: Models of IT Security: 1. c Dines Bjørner 2006, Fredsvej 11, DK 2840 Holte, Denmark

University of Sunderland Business Assurance Information Security Policy

Incident categories. Version (final version) Procedure (PRO 303)

Incident Categories (Public) Version (Final)

Managing internet security

Supplier Security Assessment Questionnaire

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Security Policy JUNE 1, SalesNOW. Security Policy v v

Chapter 6: Fundamental Cloud Security

SUPPLIER SECURITY STANDARD

White Paper. Information Security -- Network Assessment

HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS

Cybersecurity Awareness. Part 1

Preparing for the HIPAA Security Rule

Ohio Supercomputer Center

HIPAA Security Alert

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

Security Controls What Works. Southside Virginia Community College: Security Awareness

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Cryptography and Network Security Chapter 1

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Security aspects of e-tailing. Chapter 7

CYBER SECURITY CONTROLS CHECKLIST

RISK ASSESSMENT GUIDELINES

Information Security Policy

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

INFORMATION SECURITY PROCEDURES

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500

Chap. 1: Introduction

Course: Information Security Management in e-governance

Best Practices For Department Server and Enterprise System Checklist

Sharpen your document and data security HP Security solutions for imaging and printing


Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Cryptography and Network Security

Music Recording Studio Security Program Security Assessment Version 1.1

Cyber Security Incident Reporting Scheme

Cyber Threats in Physical Security Understanding and Mitigating the Risk

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系

HIPAA Security COMPLIANCE Checklist For Employers

IY2760/CS3760: Part 6. IY2760: Part 6

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

Department of Defense INSTRUCTION. SUBJECT: Communications Security (COMSEC) Monitoring and Information Assurance (IA) Readiness Testing

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Cyril Onwubiko Networking and Communications Group ncg.kingston.ac.

COSC 472 Network Security

Data Access Request Service

Contact: Henry Torres, (870)

IM-93-1 ADP System Security Requirements and Review Process - Federal Guidelines

Third Party Security Requirements Policy

Security Issues with Integrated Smart Buildings

Information Security Awareness Training

WHITEPAPER. Smart Grid Security Myths vs. Reality

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Regulations on Information Systems Security. I. General Provisions

CPSC 467: Cryptography and Computer Security

Transcription:

Physical Security of Remote Pilot Stations and Aircrafts (when On Ground) Airbus Defence and Space / Military Aircraft / INFOSEC Juan Domingo Airbus Defence and Space INFOSEC Expert IF-G-MES84-15002

Table of Contents Objective Security Objectives Safety Objectives Common Threats on RPS & RPA Physical Security Concept Physical Security of facilities hosting RPA & RPS Physical Security of remote Pilot Stations Physical Security of remote Pilot Aircraft (When On Ground) Conclusions References 2

Objective The objective of this presentation is to provide a brief introduction and guidance on the physical means to protect the security of information & data, systems and platforms in the Remote Pilot Stations and Aircraft (when On The Ground). It is highlighted the lessons learned from military best practices. 3

Security Objectives In order to achieve adequate security protection of RPA and RPS, a balanced set of security measures (physical, personnel, procedural and INFOSEC) to meet the following security objectives to ensure: CONFIDENTIALITY INTEGRITY AVAILABILITY 4

Safety Objectives Security reinforces Safety Safety drops Security 5

Common Threats on RPS & RPA The term threat agents can be split into three general types, as follows : Adversarial threats individuals, groups, organisations and nation states with the intent, motivation, capabilities, and resources to exploit the vulnerabilities. E.g. malicious hackers. Non-adversarial threats individuals, groups, organisations and, in some circumstances, nation states that have no objectives, motivations, or intentions to cause harm to a system. E.g. authorised users errors and recreational hackers. Natural and technological disasters this includes weather and geological phenomenon such as tornadoes, floods and earthquakes, as well as technological disasters such as toxic spills and power failures. 6

Physical Security Concept In general terms, physical security is the application of physical protective measures to sites, buildings or facilities that contain information or assets requiring protection against loss or compromise. Physical security policies, consisting of active and passive security measures, shall be established to provide levels of physical security consistent with the threat, security classification and quantity of the information and assets to be protected. 7

Physical Security of Facilities hosting RPA & RPS Physical Security Measures shall be implemented in the Global Security Environment (GSE) and Local Security Environment (LSE) in order to provide adequate access control to Remote Pilot Stations; The facilities, e.g. hangar, buildings, shelters, shall be protected by means of: tinted windows, perimeter fences, intrusion detection systems (active or passive), CCTV, Moderate changes to the environment (temperature, humidity, air composition) must not result in abnormal behavior of electronic equipment and media. The arrangement of the site must prevent observation of confidential information from the outside. The access to the facilities should be controlled via badges, identity cards or passes. 8

Physical Security of Remote Pilot Stations Access to the RPS shall be restricted to authorised persons. The LSE will vary - RPS may be self-contained in its own enclosure, co-located with other equipment and facilities, or portable (hand-held) measures will be proportionate to configuration and type of operation. Define the roles of the Security Administration and Operations and its tasks. Rooms with IT equipment must be locked when they are left empty. Passwords or other credentials for authentication (cryptographic keys, tokens) shall be handled as the maximum classification of the information managed by the system (i.e. military systems up to SECRET). TEMPEST Protection. 9

Physical Security of Remote Pilot Aircraft All portable/removable devices that store sensitive information for the mission shall be adequately protected when in transit between the RPS and the RPA. The RPA Access Panel or, any interfaces (to upload/download the mission and maintenance information) should be protected by a locking device system. Tamper seals shall be fitted to RPA equipment dependent on the design (taps, external ports,..). In particular, it is very critical for equipment handling cryptomaterial (military purposes). 10

Conclusions Physical Security Measures shall be implemented in order to provide adequate protections to Remote Pilot Stations & Aircraft The Physical Security Environment is split in the Global Security Environment (GSE) and Local Security Environment (LSE) Defence in Depth: multiple measures are deployed on top of each other so if one layer is penetrated, another one is there to further safeguard. Security reinforces Safety 11

References ROADMAP to NATO Security Policy, Supporting Directives, Documents and Guidance for the Communication and Information Systems (CIS) Version 2.7 dated 2 October 2013 NATO Approved Criteria and Standards for airfields Reference BI-MNCD 85-5 MANUAL ON REMOTELY PILOTED AIRCRAFT SYSTEMS (RPAS) First Edition 2015 Roadmap for the integration of civil Remotely-Piloted Aircraft Systems into the European Aviation System 12

Thank you! Any Questions? 13

Backup 14

Common Threats on RPS & RPA The following list provides with some common examples for physical & Environmental threats that could impact of the RPS & RPA: Fire Water damage Pollution Major accident - Crash Destruction of equipment or media Climatic/Meteorological phenomenon Flood Failure of air-conditioning Loss of power supply Failure of equipment Electromagnetic radiation Thermal radiation Electromagnetic pulse 15

Common Threats on RPS & RPA The following list provides with some common examples for Information Technologies threats that could impact of the RPS & RPA: Interception of compromising interference signals Theft of media/equipments or documents Retrieval of recycled or discarded media (Remanance) Disclosure of Information Data from untrustworthy sources Tampering with hardware Tampering with software (e.g. Trojan horse) Saturation of the information system (denial of service) Breach of information system maintainability Unauthorized use of equipment Corruption of data Abuse & Forging of rights Capture & Inappropriate location of the System 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information