Transcript Issue # 8: Core Program Management Training

Cyber Security Research Plans for a
Secure Aircraft Data Network (SADN)
NITRD HCSS, Aviation Software Systems:
Design for Certification
Kevin Harnett
Vince Rakauskas
October 2006
DOT/Volpe Center
Infrastructure Protection and Operations Division 1
Briefing Agenda
• Background
• Aircraft Data Network (ADN) Cyber Security Issues
• ADN-Related Program/Systems Assessment
• Gap Analysis
• Recommendations
October 2006
2
Volpe Center Task
(from NASA Glenn Research Center - GRC)
Task 1: Baseline SADN Cyber Security Research
Requirement
• Discussions with the FAA, AC/avionics
manufacturers and others
• Document candidate SADN R&D technology
research areas (focus on B787 and A380/350)
• Understand current Boeing 787 and Airbus 380
ADN cyber security issues
• Provide “lessons learned” to apply to cyber
security requirements for the Next Generation
Aircraft
Task 2: Leverage Related SADN Program
• Investigate direction of related ADN initiatives
(e.g. FAA’s SSDS and the AEEC’s SEC groups)
• Leverage cyber security requirements for
potential SADN R&D “partnerships”
October 2006
Interviews conducted with:
 NASA
 FAA (AVS, AIR-120, ATO,
ARD)
 Joint Planning and
Development Office
(JPDO)
 U.S. Air Force/ESC
 DoD Technical Support
Working Group (TSWG)
 DHS
 ARINC/AEEC
 Aircraft manufacturers
(Boeing)
 Avionics manufacturers
(Honeywell)
 Airlines (United)
 Sensis Corporation
3
ADN Cyber Security Issues
Vulnerabilities
Cabin
Services
Aircraft
Control
VHF/HF
ADN
IFE
Internal
802.11
Psgr
Devices
SATCOM
Technology Advances
enable new, cost-effective
connectivity between on-board
Networks and Airline Ground
Networks
Broad
band
Airlines will use Broadband Internet connectivity to
support passenger services then use existing
bandwidth to support operations.
October 2006
Crew
Devices
External
802.11
New
vulnerabilities
are added
Revenue from passenger
services provides funding for
increased infrastructure
costs
4
ADN Cyber Security Issues
Cabin
Services
Aircraft
Control
VHF/HF
Mission-critical
systems are
potentially
susceptible to
attack
October 2006
ADN
IFE
Internal
802.11
Crew
Devices
Psgr
Devices
SATCOM
Broad
band
External
802.11
5
ADN Cyber Security Issues
• These cyber security vulnerabilities are not only new but
have not been anticipated.
• Since it has not been a concern in the past, the existing Code
of Federal Regulations does not specifically address cyber
security vulnerabilities
• Consequently, there are no existing Policies, Certification
Criteria or Procedures that provide assurances that cyber
security vulnerabilities will not cause unsafe flight
conditions
• Cyber security vulnerabilities in the ADN will be
irrevocably bound to the safety of flight.
• Unmitigated, these vulnerabilities will have a definite
negative effect on the safety of flight.
October 2006
6
One Potential Solution
October 2006
7
Key ADN-Related Program/Systems
FAA
• AIR-120 SDSS Program (Network Security and Safety Aircraft LAN Study)
• Automated Airborne Flight Alert System (AAFAS)
• AVS Boeing 787 Security Issue Papers (domain separation and EDS)
• Airborne Internet (A.I.)
Industry
• ARINC/AEEC) Subcommittees (particularly ADN and SEC)
• ATA E-Biz's Digital Security Working Group (DSWG) and Certipath
• Eurocae's WG-72 (Aeronautical System Security) Working Group
DoD
• United States Air Force Airborne Network (AN) Project
• USAF Multi-sensor Command and Control Aircraft (MC2A)
• Coast Guard C-130J
• DoD Global Information Grid (JPDO)
• Technical Support Working Group (TSWG)
October 2006
8
Other ADN-Related Program/Systems
FAA
• GCNSS Network-enabled Operations (NEO) Airspace Security Demo
• ISS R&D Program Planning Team (PPT)
NASA
• Mobile Communications Network Architecture (MCNA)
• ADS-B Security Project
• Aircraft Centric Data and Information Communications Systems Security
• Assessment report
• Policy report
Industry
• Transatlantic Secure Collaboration Program-TSCP
• Wireless Communications Consortium
DoD
• TWIC (& HPSD-12) - logical access smart cards
• DHS's Computer Security Information Assurance (CSIA) R&D Working Group
October 2006
9
Next Generation Air Transportation System
JPDO NGATS Integrated Plan, Dec 2005
• NGATS vision is to “harmonize and integrate” the Civilian and
Military ATC systems
• System-wide safety and security monitoring allows analysis of
failure, threat, and vulnerability trends in real-time, based on data
gathered throughout the system
• NGATS allow more creative sharing of airspace capacity for civil,
LEA, DoD, and commercial users through access to operational
information
JPDO NGATS goals can not be possible without “secure and safe Aircraft
Data Network (ADN) and applications…”
October 2006
10
Gap Analysis
Partner &
Leverage
Aviation
Industry
DoD
DHS
TSA
Potential
Overlaps
Potential
Gaps
FAA/
NASA
NGATS
Undiscovered
Interdependencies
October 2006
11
ADN-Related Program/Systems
Conclusions
 Leverage DoD GIG Activities
° Leverage USAF GIG activities to develop a Airborne Network
(AN) to support NGATS and the AN Information Assurance (IA)
Program
° DoD/USAF have legacy (Joint-STARS, AWACS,) and new
“Next-Generation Weapon Systems” (e.g. USAF MC2A, CG C130J) with IP-based Airborne platforms with security concerns
° Opportunities for DoD /DHS and FAA to partner on “joint”
SADN requirements for Secure and Net-centric ADNs
 SADN could impact and support several overlapping FAA A/G
Demonstration Projects (NEO, SWIM, AAFAS, and AI)
 Recommend Government Oversight and Participation on three key
ADN Security Working Groups
° AEEC SEC
° ATA DSWG
° EUROCAE WG-72
October 2006
12
Gap Analysis – Conclusions
•
•
•
•
•
•
•
There are many activities underway but the ultimate technical
solutions remain to be determined
Determining solutions that will be viable for all stakeholders will be a
challenge
Additional Research and Development will need to be funded which
must include the full range of stakeholder issues
Lack of direction, oversight and coordination among the ADNrelated FAA, DoD, and DHS and Aviation Industry Security Work
Several redundant efforts and overlaps (but the greater consequence
is the potential for gaps, conflicting results and undiscovered
interdependencies)
Non-government (commercial) projects driven by cost likely to
overlook elements of security needed by the Federal Government
Much potential for gain through a managed approach
October 2006
13
Research & Development Topics
Recommendation
Security Concept
Research & Development topics
Policy
SADN Policy
Certification
SADN Certification Criteria
Infrastructure
Net-centric Security Architecture/Services
PKI/Key Management
Security
Air to Ground Communications
Mechanisms
Perimeter and Boundary Defense
Identification & Authentication
EFB and Other Laptop Computers
Malware
Maintenance
Monitor, Deter,
Detect, Respond
October 2006
EDS of FLS and Maintenance Procedures
Auditing, IDS and Incident Response
14
Key R&D Topics
SADN Policy
SADN Certification Criteria
Auditing, IDS and Incident Response
October 2006
15
Our Progress
Seek Opportunities For Collaboration
US Air Force Airborne Network (AN) IA Project
UK / US Workshop On Aeronautical
Telecommunications Networks (ATN) Security
Boeing 787 Security Assessment
Technical Support Working Group (TSWG)
October 2006
16
Our R&D Recommendations
for You
Gain An Awareness Of Others Activities
Understand The Goals Of The Stakeholders
Seek Collaborative Opportunities For
SADN R&D Projects
Keep The Goals Of NGATS In Mind
October 2006
17
Our R&D Recommendations
for You
Security is
“Built In”
Not
“Bolted On”
October 2006
18
Contacts
• Kevin Harnett, Volpe Center Cyber Security
Program Manger
– Email: [email protected]
– Phone: 617-699-7086
• Vince Rakauskas, Security Engineer
– Email: [email protected]
– Phone: 508-339-0280
October 2006
19
Acronyms
AAFAS
ADN
ARP
AEEC
AI
ARD
ATA
C-130J
CC
CONOPs
CSIA
DSWG
EDS
EFB
FLS
GIG-BE
HSPD-12
IDS
IFE
October 2006
Automated Airborne Flight Alert System
Aircraft Data Network
Aerospace Recommended Practice
Airlines Electronic Engineering Committee
Airborne Internet
FAA Chief Technology Officer (R&D)
Air Transport Association
Coast Guard C-130J Helicopter
Common Criteria
Concept of Operations
Computer Security Information Assurance
Digital Security Working Group DSWG
Electronic Distribution of Software
Electronic Flight Bag
Field Loadable Software
Global Information Grid - Bandwidth Expansion
Homeland Security Presidential Directive - 12
Intrusion Detection System
In-Flight Entertainment
20
Acronyms
IPS
ISS
JPDO
MC2A
MCNA
NEO
NGATS
PKI
PO
PPT
RTCA
SADN
SCAP
SDSS
ST&E
SWIM
TSCP
TSWG
TWIC
October 2006
Intrusion Protection System
Information System Security
Joint Planning and Development Office
Multi-sensor Command and Control Aircraft
Mobile Communications Network Architecture
Network Enabled Operations
Next Generation Air Transportation System
Public Key Infrastructure
Program Office
Program Planning Team
Radio Technical Commission for Aviation
Secure Aircraft Data Network
Security Certification and Authorization Package
Software and Digital Systems System
Security Test and Evaluation
System Wide Information Management
Transatlantic Secure Collaboration Program
Technical Support Working Group
Transportation Worker Identification Credential
21