Stéphane Chopart - AIRBUS Helicopters

ETSI Security Week 2019

For the supply chain in the aircraft

Cyber-Security & Dynamic Nature of the Technology, Networks and Society

THE EMERGING REGULATORY LANDSCAPE

1

2

3

4

AIRCRAFT SECURITY THREAT PANORAMA

THE DIGITAL SIGNATURE SOLUTION

5 CONCLUSION

AIRCRAFT SECURITY OVERVIEW

A regional regulation

Aircraft Security Scope

Safety Vs Security

Security breach can lead to Safety Impact

Aircraft Security Scope and Threats panorama

Aircraft architecture

1 Aircraft is : • 1000+ applications, • 100+ interconnected computers, • 10+ operating systems,• Connectivity : Wi-Fi, Bluetooth, internet connections, USB keys...

BUT…

… No Security administrator on-board

5

Airbus Helicopters Signature Platform

repository

Sign service

Auth. service

Software Parts

How it works:

� Software as a Service (SaaS):• Complexity is in the Cloud

� Light client allows you to:

• Create digital signatures of Software parts

• Verify digital signatures of Software parts

Digital Signature Next steps:

2020

Bottom-up evolution of the regulation

A threatA technical

solution

A set of aeronautical standards

A regional regulation

Civil Aviation WW regulation

Digital signature Standard for Software Parts protection

• Digital Signature is an aeronautical standard widely deployed:o ATA Spec 42 Aviation Industry Standards for Digital Information Securityo ARINC 835 and 827

• Digital signature ensures:o Authenticity: origin of the Software Parts is guaranteedo Integrity: any modification (corruption) of the Software Parts or its signature is detected during the verification of

the signature

European Strategic Coordination Platform

8

An Executive Committee (ESCP-EC) at the higher political levelA Technical Advisory Committee (ESCP-TAC) : to set-up the EUROPEAN aviation cybersecurityregulation

safety

cybersecurity

cyber resilient aviation system

ESCP - Technical Advisory Committee

Regulation

RMT.0720RMT.0648

NIS

In order to coordinate : • NIS directive; • RMT.0648 focussing on the aircraft; • RMT.0720 enforcing an ISMS in organizations (including the supply chain)

The regulatory overview

RMT.0720 RMT.0648

11

Conclusion

Aircraft security is addressed since ~15 years by Aircraft manufacturers

Securing the (software) SupplyChain is one of the top security objectives since the beginning of Aircraft Security

Three pillars:1. Secure the source of software by improving Security level of suppliers (currently

including security clauses in contracts) 2. Protect the distribution of software E2E using Advanced / Qualified Digital Signature3. Promote and help to set-up the Civil Aviation CyberSecurity regulation in order to

reach a worldwide ICAO Trust Framework

What is still missing?:1. A mature Security Assurance framework fitting aviation industry expectations (SoS)2. Insufflate Security in the DNA of every aerospace company

Any question:

stephane.chopart@airbus.com

Thank you