Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Florian Guillermet Executive Director SESARJU
SECURITY BY DESIGN
ICAO Cyber Summit, Dubai, 6 April 2017
THE NEED FOR PERFORMANCE
THE VISION & MISSION
To define, develop and deploy the technology that is needed to increase ATM performance and build Europe’s intelligent air transport system
THE DIGITAL TRANSFORMATION OF AVIATION
ATM TODAY WITH SESAR
Multi-stakeholder system of systems
Public networks Increased use of COTS and
standard protocols Virtual infrastructure High connectivity Increased Automation
= High exposure
High impact
Specific systems and networks Point to point communication Physical infrastructure Low connectivity Poor Automation
= Low exposure Limited impact
DELIVERING SECURABLE SOLUTIONS
THE SECURABILITY OF SESAR SOLUTIONS
6 Security by design
V0 V1 V2 V3 V4 V5
ATM needs Scope Feasibility Pre-industrial
development & integration
Industrialization Deployment
V6
Operations
V7
Decommissioning
Cyber resilient architecture High level requirements for industrialization,
deployment and operations
Aspects of cyber-resilience
Foresight - prediction, anticipation
Robustness - ability to keep operating
Resourcefulness - control damage, mitigate it
Redundancy - substitutable
Rapid recovery
Adaptability - to changing environments
HOW: SESAR’S SECURITY RISK ASSESSMENT
Operational process
Attack impact
Supporting systems and components
Cyber Vulnerabilities
Attack scenario
Motivation
Attack methods
Opportunity
Likelihood
How to counter the attack?
Technical security controls
Attack vector
Operational Resilience
requirements
Part of solution pack
EXAMPLE: AIRPORT OPERATIONS CENTRE
At the heart of the Airport Operations Centre (APOC) is Collaborative Decision Making (CDM) and the Airport Operations Plan (AOP).
Considerations for a security risk assessment Non-availability or violating integrity of data can disrupt
operations
Third-party data sources at times are unauthenticated and transmitted on insecure networks
Services can be outsourced but cyber risk cannot: the end-points of connections need to be trusted.
Objectives of the study Apply the SESAR security risk assessment methodology
Asses attack scenarios
Identify technical controls to counter the attack
Translate into generic security guidance for airports
EXAMPLE: ATTACK SCENARIOS AT THE APOC
Distributed Denial of Service attack on the Airport's internet connection A group of attackers blackmail airport or airline into paying a
ransom by threatening them with a volumetric distributed denial of service attack (DDoS)
Deep and Slow infiltration to steal data A group of highly motivated and skilled cybercriminals wants to
infiltrate an airport network in order to steal economically sensitive data, destroying the systems afterwards to clear their tracks.
Major integrity loss A group disrupts an airport by sending incorrect flight
information using a SITA connection
Blended attack A group of hackers starts a blended attack that consists of
several attacks with one being obvious, intended to divert attention, and a main attack intended to be conducted in such a way as to remain undetected.
Low Level Attack on APOC ICS/SCADA infrastructure Spoofing of firmware for Programmable Logic Controllers,
changing their behavior. Potential impact on heating, power, water, airco, security cameras, doors, voltage relays, etc.
EXAMPLE: SECURITY CONTROLS FOR THE APOC
Intrusion prevention/detection
Logging
Audit capabilities
Device and service authentication
Data validation tools
Data diodes
Network zoning
Network separation
Alternate paths for critical processes
Graceful degradation of critical systems
Link with ATM Architecture
Alternate paths
Independent functional duplication for critical processes
Modular system architecture
Clear separation between system functions
Simple systems architecture
Limited exceptions and adjustments
Foresight
Robustness
Resourcefulness
Redundancy
Rapid recovery
Adaptability
Work in progress in SESAR 2020
CONCLUSIONS
The SESAR programme develops, validates and delivers securable solutions, by applying a security risk assessment methodology
Research is ongoing within SESAR to strengthen the translation of operational cyber resilience requirements into tangible security controls for ATM
Cybersecurity is an aviation wide topic not just an ATM one: the cybersecurity approach developed in SESAR must fit in a wider roadmap towards fully secured aviation
And…
…TOUGH NUTS STILL TO CRACK
What is more secure: old and obscure technologies or modern and open technologies?
Should CNS be encrypted and how to secure existing non-encrypted CNS ?
Technology is evolving faster & faster – how to ensure that our design is “future proof”?
Avoiding tailor made approaches for aviation and opening up to new ideas from other critical infrastructures such as banking (e.g. blockchain …)
Is security so different than safety and can we aim at a Safety and Security Management System?
How to establish trust in a global environment?
Do we need a global watch for security in aviation?
Further information
http://www.sesarju.eu/newsroom/all-news/study-calls-eu-wide-response-atm-cyber-security
http://www.sesarju.eu/newsroom/all-news/new-study-reports-cyber-security-sesar%E2%80%99s-airport-operations-centre
SESAR Joint Undertaking Avenue de Cortenbergh 100 B-1000 Bruxelles Belgium more info on: www.sesarju.eu
Thank you very much for your attention!
Security by design