9 July 2014 FAA Data Comm Security Impact Task

Transcript:9 July 2014 FAA Data Comm Security Impact Task:
9 July 2014 FAA Data Comm Security Impact Task Boeing/Airbus Introduction, study areas, mitigations Boeing/Airbus Tasking Define data security strategy on ATS data link air-ground segment only Why the need, including briefs from the FAA on their assessments Which aircraft should be included and technical/cost/other risks Timeline for implementation Define and coordinate Global Data Security solution Coordinating findings of Task 1 with standards groups (ICAO: ACP, OPLINK; AEEC: NIS, DLK, DLUF; others as applicable) Study Assumptions Boeing and Airbus used the FAA position as the starting point of analysis Threat assessment was not re-done Based on their avionics and ATM expertise, some concerns and recommendations are proposed to FAA Using the provided FAA threat assessments does not mean that Boeing and Airbus endorse them Continuing study projects, internal and external, in multiple areas within Boeing and Airbus with wider scope than FAA Data Comm program Depending on results, Boeing and Airbus may come up with different conclusions and recommendations Boeing/Airbus Concerns Boeing/Airbus foresee the following risks not having data security mechanisms in place in the long-term The threat environment will continue to evolve Waiting for an incident creates a long period of exposure Cost of wireless attack tools keeps dropping Many high security networks have already been penetrated, e.g. US Dept of Defense, banks. No expectation that data link ground networks will remain totally secure (ATSP’s, DCNS, et al) Concurrently, Boeing/Airbus agree with the significant impacts linked with implementation of data security mechanisms Schedule and cost impacts are major, especially to retrofit existing data link equipped fleet For FAA, Data Comm program roadmap would need to be redefined; this would jeopardize Data Comm program success Near-Term Recommendations (no avionics impact) Strengthening security of ground networks as much as possible Ensuring controllers are aware of unsolicited closure messages, may indicate attack Ensuring flight crew procedures are adequately defined to deal with unsolicited/unexpected messages Comparison of messages in ground segments Matching what is output by ERAM to what is transiting the ground network and uplinked and vice versa Routing a copy of all messages sent and received to their originator on the ground segment Leverage VDL stations to detect spurious signals nearby Enhanced conformance monitoring for aircraft Mid/Long-Term Recommendations (avionics impact) Establish clear need and definition of requirements that necessitate security solution without compromising existing equipage Coordinate requirements and solution across regions, defining provisions in international standards Further investigation of impacts of