Upload
angeloluca-barba
View
327
Download
3
Tags:
Embed Size (px)
DESCRIPTION
An introductory view of the cyber security issue in the modern air traffic management environment looking at eventual safety impacts
Citation preview
Evolutionary ATM & Cyber SecurityAngeloluca Barba
2
SECURITY PANORAMA IS CHANGING
INCIDENTS TERRORISM VANDALISM
HUMAN ERRORS HACKTIVIST SPIONAGE
Threats are becoming more sophisticated. the investment to achieve a real attack
capability is limited and attribution of responsibilities and reaction are very difficult. This
represents an enormous attraction for organized hostile entities.
Whatever the objective, today the cyber option is appealing.
3
ATM System Cyber Security
Problem Setting
While evolution will improveperformance and dependability ofATM, it will open the way to newvulnerabilities due, for instance, to:
increased reliance on distributedenterprise computing
automated flow of informationacross a ground and airbornenetwork
Cyber attacks will come from manysources and will have a range ofpossible targets, including civilian,commercial and military systems todamage critical services
4
Interfaces with Aviation and Airspace Security
Cross Border dimension
federated solutions needed
Technology Evolution
CIV/MIL Interop.
&Air Defence
Need of a complete
solution for detecting,
assessing and protecting
Multiple Stakeholders
ATM System Cyber Security
Challenges
5
Regulations
Processes
TLCServices
Information
Cyber Security
Governance
Interfaces with Aviation and Airspace Security
Cross Border dimension
federated solutions needed
Technology Evolution
CIV/MIL Interop.
&Air Defence
Need of a complete
solution for detecting,
assessing and protecting
Multiple Stakeholders
Challenge Needs
ATM System Cyber Security
Needs
6
Human behavior Malicious
Errors
Complexity factors Distributed Governance
Federated Environment & Systems
Information Distribution
Identities & Authorization
Extended coupling among systems
Technological Discontinuities Wireless Nets (e.g. Aeromacs, LDACS)
Backbone Security (PENS, A2G Networks, …)
PKI & CA harmonization
Heterogeneous technological environments management (OS,MW, …)
COTS vs. custom
Surfacing issues Cross Border & Military Coordination
Aircraft Cyber Security
Integrated and critical devices
Confidentiality of information in a distributed
environment
Airport
Landside
Operations
ATM System Cyber Security
VulnerabilitiesPARTIAL MAPPING
7
Agent Threats Impact
Hacker Compromission of public-facing host to use
it as a gate to gain access
Malicious operations camouflage
Personal Data Stealing
Unfaithful
Employee
Flight Plan / Passenger Unauthorized
Access
Privacy issues
Unfaithful
Supplier
Supply chain risks Anomaly in the security of aviation equipment procured
from offshore manufacturers
Business
Competitor
Bad or Unauthenticated Meteo Data
GPS Spoofing
Diverting traffic to different flight space
Flight Delays or cancellation
Foreign
State
ATM Support Systems DDoS or Takeover Service Disruption, Block of ATM Services,
Crisis State
Terrorist Violation of Airports vehicle routing systems
or landing queues monitoring
Malicious operations camouflage
Incidents through mis-directions to surface objects
Terrorist 4D Trajectory negotiation or SWIM violation Malicious operations camouflage
Providing of bad data to cause incidents or outages
Terrorist GPS Spoofing
ADS-B spoofing, NAV or landing aids
disruption, datalink networks sabotage
Diverting traffic to different flight space.
Flight Delays or cancellation
Potential simil Sept. 11th attacks especially for UAS
ATM System Cyber Security
Threats vs. ImpactsPARTIAL MAPPING
8
Personal & Commercial Data Stealing
Privacy issues
Mistrust in the security of aviation equipment procured from offshore manufacturers
Service Disruption
Flight Delays or cancellation
Block of ATM Services
Crisis State
Domino effect: chain reactions as disruptions spread from system to system
Diverting traffic
Runway Incursions
Potential simil Sept. 11th attacks especially for UAS
Loss of data / trust
Loss of services
Loss of lives
ILLUSTRATIVEATM System Cyber Security
Impacts
9
Wireless networkInformation Distribution
SpoofingDenial of Service
Runway incursion
ILLUSTRATIVE
ATM ServiceBlock
ATM System Cyber Security
A distributed issue
Spoofing
Remote hijacking
© Copyright Selex ES S.p.A 2014 All rights reserved
The key characteristic of Western
World response is collaboration
• Joint research centre – vulnerabilities etc
• Pan European exercises
• Sector and National CSIRTs
• Directive for Network and Information Security
• Common Industrial policy
EU CYBER STRATEGY
RESTS ON COLLABORATION
© Copyright Selex ES S.p.A 2013 All rights reserved
• National Cyber security Initiative
• Connecting Cyber Operations Centres
• Shared Situational Awareness
• Federal, State, Local and Private Sector
• Supply chain initiative
US INITIATIVES:
• Education and R&D initiative
• FUNDING!
The concept of sector and national nodes and hubs for
reporting, correlating data and sharing intelligence is gaining
momentum
• To optimise information sharing,
collaboration and interoperability
NATO: LISBON DECLARATION
11
Evolutionary Cyber Security
Reactive & Manual –people based following doctrine and doing their best to “put out the fires”
B
Tools-based –applying tools and technologies piece-meal to assist people in reacting faster
Integrated –Loosely integrated with focus on interoperability and standards-based data exchange
C D
Strategic – integrated with focus on policy management and consistency across the enterprise
E
Dynamic IA – Predictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix and target for the enterprise
ANTICIPATE:
Respond to attacks before they occur
REACT: Investigate who did what to whom
DEPLOY: Intelligence that deploys early warning systems
DETECT: Observe attacks and intrusions
DEFEND: Secure physical and logical assets
A
Physical
Networks
Force Protection
Influence
Protection
Physical Activity
Computer
Activity
Electromagnetic
Spectrum
Activity
Influence Activity
Logical
Networks
Wireless
Networks
Physical
Networks
Infrastructure
Cyber User/ Organization
Force Protection
Influence
Protection
Asset / Organization Protection
Intelligence
ProtectionLogical
Networks
Wireless
Networkse.g. Social Networks
12
ILLUSTRATIVE
Airport AirsideOperations
AerodromeATC
En-route ATCApproch ATC
A/G DatalinkGround Mngt
Aircraft
AdvancedAirspace Mngt Advanced
Airspace Mngt
Network Information
Mngt
ExternalSystems
AeronauticalInformation
Mngt
ATM System Cyber SecurityManagement
AOC ATM
AirportLandside
Operations
Domain impacted by Cyber Security
A multi-layer architectural vision
for federated Cyber Security in the ATM System
13
• Service Continuity & Disaster Recovery
• Applications Security
• Identity & Access management
• Public Key Infrastructure
• Perimeter Protection - DMZ, Firewall, NIDS
• Endpoint Protection - Anti Malware, HIDS
• Loss and Leakage Prevention
• Secure Messaging & Data Sharing
• Network Behaviour Analysis
• Network Security – Datalink, Backbone
• Encryption Systems
• Secure Voice
• Multi Level Gateways
• PRS - GNSS
• RF Spectrum Monitoring
• IP & Data Forensic
ILLUSTRATIVE
First layer intervention:
injection of Cyber Security in the ATM System
14
Single StakeholderCyber Security Mngmt
(Local SOC)
Second layer intervention:
local ATM stakeholder Cyber Security management
SOC CERT
SOC
Planning
• Security Device Configuration &
Mgmt
• Patch Management
Monitoring
• Device Monitoring
• Vulnerability Assessment
• Cyber Intelligence
• Performance Monitoring
• Policy Compliance
• Threat Management
Incident management
• Incident Identification &
Classification
• Incident Notification
• Incident Response & Containment
• Recovery
• Forensics
ILLUSTRATIVE
15
Processing of security information
originating from ALL the stakeholders
at national or international level
Real-time common cyber situation
awareness of the security scenario
Identification of potential threats and
countermeasures to reduce risk
exposure, also outside the cyber
domain
Incident Response and Reaction
Coordination
Decision Coordination Support
ATM System Cyber SecurityManagement
Third layer intervention:
federated Cyber Security management in the ATM system
Single StakeholderCyber Security Mngmt
(Local SOC)
SOC CERT
CIRC
ILLUSTRATIVE
16
GAMMA : Global ATM Security Management
Project End : August 2017
An
aly
sis
, Req
uire
me
nts
an
d S
olu
tion
So
lutio
n
Va
lida
tion
Implementation
WP6
Security Prototype
WP8
Platform Integration
WP4
Security Solution
WP5
Validation Needs
WP2
Threat Assessment
WP9
Validation
WP7
Validation environment
WP10
Exploitation
WP
3
Secu
rity M
an
ag
em
en
t Fra
mew
ork
Implementation
Proposals
Validation Platforms
Validation
ATM Threat Assessment
ATM Security Requirements
ATM Security Solution
AT
M C
yb
er
Secu
rity
AT
M C
NS
Secu
rity
AT
M p
hysic
al
infr
astr
uctu
re
Secu
rity
AT
M C
risis
Man
ag
em
en
t
GAMMA Solution: Lower Security Layer
Architectural innovations introduced by GAMMA:
• Injection of Security at node/asset level
• Alert and event identification
• Alert and event notification and distribution
Some security enhancements introduced by GAMMA:
• Information Security System
• Information exchange gateway
• Secure Satellite Communication system
• Integrated modular radio security
• Secure GNSS communication
• Secure ATC communication
• ATN Security Architecture integration
•Processing of security information
originating from ALL the stakeholders at
national or international level
•Real-time common situation awareness of
the security scenario
•Command and Control capabilities for
Incident Response, Reaction Coordination
and Decision Coordination Support
•Attack prediction and Cyber Intelligence
capabilities, for identification of potential
threats and countermeasures in order to
reduce risk exposure, also outside the cyber
domain
ATM Security
Management
© Copyright Finmeccanica. All rights reserved. 19
Single StakeholderCyber Security Mngmt
(Local SOC)
SOC CERT
CIRC
GAMMA Solution: Higher Security Layer
20
What would the outcome look like?
Achievement and maintenance of security compliance
Monitoring and real time analysis of anomalies plus development of intelligence data
Response to incidents: containment, eradication and recovery
Development and maintenance of situation awareness, dynamic risk analysis and feed back for training and process improvement
Hardening of key systems
Regular vulnerability assessment
DeterDetect
Cyber Defense
AssureRespond
Learn Assess
ASSESSMENT,DESIGN AND REVIEW
IDENTIFICATION
SECURITYMANAGEMENT
SMART PROTECTIONSelf Learning Whitelisting
Automated scanningRule inference
DATA &NETWORK
HPC CYBER INTELLIGENCE
21
Final Notes : This is not your usual enterprise network
Address ATN Security & ATM Service Specific
Issues
Focus on data correlation & intelligence
Threat intelligence analysis & federation
(NCIRC, CERT, international
collaborations)
E2E CNS/SWIM Security
Beware Man in the Middle
Proactive instead of reactive
Behavioural Cyber Security
Shifting focus from data encryption to key
management(PKI)
Business chains reengineering (e.g.
procurement)
Automated Vulnerability Reviews &
Compliance
THANK YOU FOR YOUR ATTENTION
Selex ES S.p.A.
via Tiburtina km 12.400 – 00131 Rome, Italy
Tel. +39 064150.1 – www.selex-es.com
Angeloluca Barba
Head of Cyber Security Marketing
Via Laurentina 760 - 00143 Roma – Italia
www. selex-es.com
www.gamma-project.eu