2. 2
SECURITY PANORAMA IS CHANGING
INCIDENTS
TERRORISM
VANDALISM
HUMAN ERRORS
HACKTIVIST
SPIONAGE
Threatsarebecomingmoresophisticated.theinvestmenttoachievearealattackcapabilityislimitedandattributionofresponsibilitiesandreactionareverydifficult.Thisrepresentsanenormousattractionfororganizedhostileentities.
Whatevertheobjective,todaythecyberoptionisappealing.
3. 3
ATM System Cyber Security Problem Setting
WhileevolutionwillimproveperformanceanddependabilityofATM,itwillopenthewaytonewvulnerabilitiesdue,forinstance,to:
increasedrelianceondistributedenterprisecomputing
automatedflowofinformationacrossagroundandairbornenetwork
Cyberattackswillcomefrommanysourcesandwillhavearangeofpossibletargets,includingcivilian, commercialandmilitarysystemstodamagecriticalservices
4. 4
Interfaces with Aviation and Airspace Security
Cross Border dimension
federated solutions needed
Technology Evolution
CIV/MIL Interop.
&
Air Defence
Need of a complete solution for detecting, assessing and protecting
Multiple Stakeholders
ATM System Cyber Security Challenges
5. 5
Regulations
Processes
TLC
Services
Information
Cyber
Security
Governance
Interfaces with Aviation and Airspace Security
Cross Border dimension
federated solutions needed
Technology Evolution
CIV/MIL Interop.
&
Air Defence
Need of a complete solution for detecting, assessing and protecting
Multiple Stakeholders
Challenge
Needs
ATM System Cyber SecurityNeeds
6. 6
Human behavior
Malicious
Errors
Complexity factors
Distributed Governance
FederatedEnvironment& Systems
Information Distribution
Identities & Authorization
Extended coupling among systems
TechnologicalDiscontinuities
Wireless Nets (e.g. Aeromacs, LDACS)
Backbone Security (PENS, A2G Networks, …)
PKI & CA harmonization
Heterogeneous technological environments management (OS,MW, …)
COTS vs. custom
Surfacingissues
Cross Border & Military Coordination
Aircraft Cyber Security
Integrated and critical devices
Confidentiality of information in a distributed
environment
AirportLandsideOperations
ATM System Cyber SecurityVulnerabilities
PARTIAL MAPPING
7. 7
Agent
Threats
Impact
Hacker
Compromissionof public-facing host to use it as a gate to gain access
Malicious operations camouflage
Personal Data Stealing
Unfaithful Employee
Flight Plan / Passenger Unauthorized Access
Privacy issues
Unfaithful Supplier
Supply chain risks
Anomaly in the security of aviation equipment procured from offshore manufacturers
Business Competitor
Bad or Unauthenticated MeteoData
GPS Spoofing
Diverting traffic to different flight space
Flight Delays or cancellation
Foreign State
ATM Support Systems DDoSor Takeover
Service Disruption, Block of ATM Services, Crisis State
Terrorist
Violation of Airports vehicle routing systems or landing queues monitoring
Malicious operations camouflage
Incidents through mis-directions to surface objects
Terrorist
4D Trajectory negotiation or SWIM violation
Malicious operations camouflage
Providing of bad data to cause incidents or outages
Terrorist
GPS Spoofing
ADS-B spoofing, NAV or landing aids disruption, datalinknetworks sabotage
Diverting traffic to different flight space.
Flight Delays or cancellation
Potential similSept. 11th attacks especially for UAS
ATM System Cyber SecurityThreats vs. Impacts
PARTIAL MAPPING
8. 8
Personal & CommercialData Stealing
Privacy issues
Mistrust in the security of aviation equipment procured from offshore manufacturers
Service Disruption
Flight Delays or cancellation
Block of ATM Services
Crisis State
Domino effect: chain reactions as disruptions spread from system to system
Diverting traffic
Runway Incursions
Potential simil Sept. 11th attacks especially for UAS
Lossof data / trust
Lossof services
Lossof lives
ILLUSTRATIVE
ATM System Cyber SecurityImpacts
9. 9
Wireless network
Information Distribution
Spoofing
Denialof Service
Runway incursion
ILLUSTRATIVE
ATM ServiceBlock
ATM System Cyber SecurityA distributed issue
Spoofing
Remote hijacking
11. 11
Evolutionary Cyber Security
Reactive & Manual – people based following doctrine and doing their best to “put out the fires”
B
Tools-based – applying tools and technologies piece-meal to assist people in reacting faster
Integrated – Loosely integrated with focus on interoperability and standards-based data exchange
C
D
Strategic –integrated with focus on policy management and consistency across the enterprise
E
Dynamic IA –Predictive and agile, the enterprise instantiates policy, illuminates events and helps the operators find, fix and target for the enterprise
ANTICIPATE:
Respond to attacks before they occur
REACT: Investigate who did what to whom
DEPLOY: Intelligence that deploys early warning systems
DETECT: Observe attacks and intrusions
DEFEND: Secure physical and logical assets
A
Physical
Networks
Force Protection
Influence
Protection
Physical Activity
Computer
Activity
Electromagnetic
Spectrum
Activity
InfluenceActivity
Logical
Networks
Wireless
Networks
Infrastructure
Cyber User/ Organization
Asset/ OrganizationProtection
Intelligence
e.g. Social Networks
12. 12
ILLUSTRATIVE
AirportAirsideOperations
AerodromeATC
En-routeATC
ApprochATC
A/G DatalinkGround Mngt
Aircraft
AdvancedAirspaceMngt
AdvancedAirspaceMngt
Network Information Mngt
ExternalSystems
AeronauticalInformation Mngt
ATM System Cyber Security
Management
AOC ATM
AirportLandsideOperations
Domain impactedby Cyber Security
A multi-layer architectural vision for federated Cyber Security in the ATM System
13. 13
•Service Continuity & Disaster Recovery
•Applications Security
•Identity & Access management
•Public Key Infrastructure
•Perimeter Protection -DMZ, Firewall, NIDS
•Endpoint Protection -Anti Malware, HIDS
•Loss and Leakage Prevention
•Secure Messaging & Data Sharing
•Network BehaviourAnalysis
•Network Security –Datalink, Backbone
•Encryption Systems
•Secure Voice
•Multi Level Gateways
•PRS -GNSS
•RF Spectrum Monitoring
•IP & Data Forensic
ILLUSTRATIVE
First layer intervention:
injection of Cyber Security in the ATM System
15. 15
Processing of security information originating from ALL the stakeholders at national or international level
Real-time common cyber situation awareness of the security scenario
Identification of potential threats and countermeasures to reduce risk exposure, also outside the cyber domain
Incident Response and Reaction Coordination
Decision Coordination Support
ATM System Cyber Security
Management
Third layer intervention: federated Cyber Security management in the ATM system
Single StakeholderCyber Security Mngmt(Local SOC)
SOC
CERT
CIRC
ILLUSTRATIVE
18. GAMMASolution: LowerSecurity Layer
Architectural innovations introducedby GAMMA:
•Injection of Security at node/asset level
•Alert and event identification
•Alert and event notification and distribution
Some security enhancements introduced by GAMMA:
•Information Security System
•Information exchange gateway
•Secure Satellite Communication system
•Integrated modular radio security
•Secure GNSS communication
•Secure ATC communication
•ATN Security Architecture integration
20. 20
What would the outcome look like?
Achievement and maintenance of security compliance
Monitoring and real time analysis of anomalies plus development of intelligence data
Response to incidents: containment, eradication and recovery
Development and maintenance of situation awareness, dynamic risk analysis and feed back for training and process improvement
Hardening of
key systems
Regular vulnerability assessment
Deter
Detect
Cyber Defense
Assure
Respond
Learn
Assess
ASSESSMENT,
DESIGN AND REVIEW IDENTIFICATION
SECURITY
MANAGEMENT
SMART PROTECTION
Self Learning Whitelisting
Automated scanning
Rule inference
DATA &
NETWORK
HPC CYBER INTELLIGENCE
21. 21
Final Notes : This is not your usual enterprise network
Address ATN Security & ATM Service Specific Issues
Focus on data correlation & intelligence
Threat intelligence analysis & federation (NCIRC, CERT, international collaborations)
E2E CNS/SWIM Security
Beware Man in the Middle
Proactive instead of reactive
BehaviouralCyber Security
Shifting focus from data encryption to key management(PKI)
Business chains reengineering (e.g. procurement)
Automated Vulnerability Reviews & Compliance
22. THANKYOU FOR YOUR ATTENTION
Selex ES S.p.A. via Tiburtina km 12.400 –00131 Rome, ItalyTel. +39 064150.1 –www.selex-es.com
AngelolucaBarba
Head of Cyber Security Marketing
angeloluca.barba@selex-es.com
Via Laurentina760 -00143 Roma –Italia
www. selex-es.com
www.gamma-project.eu