Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Stéphane Chopart - AIRBUS Helicopters
ETSI Security Week 2019
For the supply chain in the aircraft
Cyber-Security & Dynamic Nature of the Technology, Networks and Society
THE EMERGING REGULATORY LANDSCAPE
1
2
3
4
AIRCRAFT SECURITY THREAT PANORAMA
THE DIGITAL SIGNATURE SOLUTION
5 CONCLUSION
AIRCRAFT SECURITY OVERVIEW
A regional regulation
Aircraft Security Scope
Safety Vs Security
Security breach can lead to Safety Impact
Aircraft Security Scope and Threats panorama
Aircraft architecture
1 Aircraft is : • 1000+ applications, • 100+ interconnected computers, • 10+ operating systems,• Connectivity : Wi-Fi, Bluetooth, internet connections, USB keys...
BUT…
… No Security administrator on-board
5
Airbus Helicopters Signature Platform
repository
Sign service
Auth. service
Software Parts
How it works:
� Software as a Service (SaaS):• Complexity is in the Cloud
� Light client allows you to:
• Create digital signatures of Software parts
• Verify digital signatures of Software parts
Digital Signature Next steps:
2020
Bottom-up evolution of the regulation
A threatA technical
solution
A set of aeronautical standards
A regional regulation
Civil Aviation WW regulation
Digital signature Standard for Software Parts protection
• Digital Signature is an aeronautical standard widely deployed:o ATA Spec 42 Aviation Industry Standards for Digital Information Securityo ARINC 835 and 827
• Digital signature ensures:o Authenticity: origin of the Software Parts is guaranteedo Integrity: any modification (corruption) of the Software Parts or its signature is detected during the verification of
the signature
European Strategic Coordination Platform
8
An Executive Committee (ESCP-EC) at the higher political levelA Technical Advisory Committee (ESCP-TAC) : to set-up the EUROPEAN aviation cybersecurityregulation
safety
cybersecurity
cyber resilient aviation system
ESCP - Technical Advisory Committee
Regulation
RMT.0720RMT.0648
NIS
In order to coordinate : • NIS directive; • RMT.0648 focussing on the aircraft; • RMT.0720 enforcing an ISMS in organizations (including the supply chain)
The regulatory overview
RMT.0720 RMT.0648
11
Conclusion
Aircraft security is addressed since ~15 years by Aircraft manufacturers
Securing the (software) SupplyChain is one of the top security objectives since the beginning of Aircraft Security
Three pillars:1. Secure the source of software by improving Security level of suppliers (currently
including security clauses in contracts) 2. Protect the distribution of software E2E using Advanced / Qualified Digital Signature3. Promote and help to set-up the Civil Aviation CyberSecurity regulation in order to
reach a worldwide ICAO Trust Framework
What is still missing?:1. A mature Security Assurance framework fitting aviation industry expectations (SoS)2. Insufflate Security in the DNA of every aerospace company