CYBER RESILIENCE IN CIVIL AVIATION Sandrine GNASSOU Air
CYBER RESILIENCE IN CIVIL AVIATION Sandrine GNASSOU Air Navigation Safety Oversight Inspector Head of CNS Department Civil Aviation Authority of Côte d’Ivoire
AGENDA 1 2 3 INTRODUCTION CIVIL AVIATION AND CYBERSECURITY INTERNATIONAL EFFORTS AND AFI CURRENT INITIAVES
Cyber-security Facts and Figures § Cyber-crime damages will cost the world $6 trillion annually by 2021 (2017 Cybersecurity Ventures). § Cyber attacks are increasing and evolving. 54% Increase in mobile malware variants (2017) 46% Increase in attacks against Internet of Things (Io. T) devices 2016 increase in new ransomware variants 2017 Source : Symantec’s 2018 Internet Security Threat Report (ISTR) 600%
Attacks on Aviation are happening… • In Civil Aviation, the threat is also both real and serious June 2014 September 5 th 2018 Data breach 4 4
Aviation Cyber-attack surface is growing… mean More interconnected systems Vehicles Flow managemen t Less isolated architectures with e-enabled aircrafts, clouded services, Total Airport Management… Airline Airport ANSP operation ATC center Military OPS Center MET Service provider More Network centric infrastructure and operations More reachable targets Airport Vehicles Flow 5 manageme nt Airline operation center Military OPS Center ANSP ATC MET Service provider 5
Aviation Cyber-attack surface is growing… Migration for interoperability to standard IP-based network with publicly available vulnerabilities More information sharing through increased use of commercially available information technology (COTS) Increasing Connectivity and use of non-protected by design A/G Data Link Communication This means that civil aviation is very much exposed to cyber attacks
AGENDA 1 2 3 INTRODUCTION CIVIL AVIATION AND CYBERSECURITY INTERNATIONAL EFFORTS AND AFI CURRENT INITIAVES
Cyber security PEOPLE comprises technologies, processes and controls that are designed to protect systems, networks and data from malicious acts undertaken via cyber-space such as attacks, damage or unauthorized access. TE GR ITY ILI AB IN TECHNOLOGY Incident Detection. COTS Threat Intelligence AIL AV Data & Services CONFIDENTIALITY Roles & Responsibilities Forensics Architecture Cyber culture Training PROCESS Policy Standards and Guidelines Assessment TY
Cyber resilience Resilience umbrella an organisation ability to continuously deliver the intended outcome despite adverse cyber events. Is a measure of how well an organization can operate its business during a data breach or cyber attack Recovery Response Preparedness Operational Continuity Response Prevention Emergency Response Pre-incident t=0 Cyber Incident Post -incident Time t 9
Cyber threat “any identified effort directed toward access to, exfiltration of, manipulation of, or impairment to the integrity, confidentiality, security, or availability of data, an application, or a federal system, without lawful authority. ” [US Department of Homeland Security ] Common Sources of Cyber Threats Mass Untargeted Targets Individuals 10
Types of Cyber Threats Ransom ware The ENISA* Threat Landscape Report 2017** provides the fifteen top threats (that have dominated the threat landscape in 2017) (*) European Union Agency for Network and Information Security (**)https: //etl. enisa. europa. eu/#/ Spam Data Breaches Webbased attacks Phishing Identity theft Physical manipulati on/damage /theft/loss Malware Botnets Informat ion leakage Exploit kits Insider Threat Web application attacks Cyber espion age Denial of Service
Potential cyber attacks –Motives & Sophistication Cyber vandalism Adversaries with very limited expertise; nontargeted attacks, primarily focused on organization’s perimeter Cyber crime Adversaries with limited technical expertise; intent is to acquire critical information Cyber Surveillance Adversaries with moderate expertise capable of launching multiple attacks seek to gain foothold in the organization’s infrastructure Cyber espionage Sophisticated adversaries, capable of multiple, coordinated attacks, able to establish persistent footholds Cyber Warfare Very sophiscated adversaries; capable of multiple, coordinated, continous attacks Increasingly sophisticated and motivated threat 12
What about Aviation?
Aviation Cyber-threats landscape • Two categories of possible cyber threats to Aviation: Attacks that could result in loss of life or endanger the safe operation of an aircraft. Criminally or politically motivated attacks that cause economic disruption to aviation businesses. CYBER ATTACK AHEAD
Aviation Cyber-threats landscape • Airlines’s IT Systems • Customer records and financial data • sensitive details about company revenue AIR TRAFFIC MANAGEMENT • In –flight aircraft control system • Cabin (Operational) • Cabin (Passengers) • Onboard Aircrafts IP Network • Maintenance and engineering AIRLINES • Internal airport computer systems • Security screening, access control • departure control • Baggage handling AIRCRAFT AIRPORT • Main potential targets in aviation: • Communication, Navigation and Surveillance systems • Aeronautical networks • Maintenance
Aviation Cyber-threats landscape – ATM example Injection of false information in controller-pilot data link communications Malware injection during maintenance Login usurpation on ATC system technical position CNS Data spoofing CNS Data corruption Spoofing of ADSB Radio signal Spoofing of GPS time Approach ATC Airport ATC Enroute ATC Network Management Surveillance and Navigation infrastructure Airport operations centre Airline Operations Centre Meteo offices Aeronautical Information service provider Denial of Service attack on Aeronautical Information server
How can Aviation be resilient to cyber threat? Business continuity plans to maintain resilience and recover capabilities after a cyber breach. RECOVER IDENTIFY Threat Intelligence contingency planning, RESPOND procedures, and training and awareness PROTECT DETECT Cyber monitoring Networking to share cyber info, to predict new threats and be prepared Identify primary assets ( « crown jewels » ) Risk Management Develop formal Cyber Policies Protect assets according to risk Build Cybersecurity culture : training, education, awareness Build layered system
AGENDA 1 2 3 INTRODUCTION CIVIL AVIATION AND CYBERSECURITY INTERNATIONAL EFFORTS AND AFI CURRENT INITIAVES
International efforts 2010 April 2017 May 2018 Beijing Convention 2010 Dubai Declaration on Cyber Security in Civil Aviation Summit on Cyber Security in Civil Aviation Europe, Middle East and Africa (EMEA) - Bucharest, (cyber threat implicitly addressed) Romania ICAO A 39 -19 Cybersecurity Resolution Global Air Navigation Industry Symposium (GANIS) 2017 13 th Air Navigation Conference October 2016 December 2017 October 2018 19
AFI Planning and Implementation Regional Group (APIRG) Infrastructure & Information Management (IIM) Sub-Group COMMUNICATION PROJECT 5 : « Assessment of AFI Aeronautical Networks Cyber Security” Project objectives To assess and prevent internal and external cyber threats that impact availability, reliability, integrity and continuity of aeronautical networks in Africa To develop and implement a global cyber security policy for aeronautical telecommunications systems in Africa Côte d’Ivoire Benin Gambia Ghana Kenya Nigeria South Africa ASECNA IATA
November 2019 APIRG IIM SG COMMUNICATION PROJECT 5 : « Assessment of AFI Aeronautical Networks Cyber Security” December 2017 October 2018 Implementation of global cyber security policy Assessment of current AFI ANS systems cyber resilience Definitions and concepts (cyber security, resilience, threats) Project baseline questionnaire Diagnostic of the potential cyber threats AFI States Best practices Global cyber security policy for ANS systems in Africa • Guidelines for States / • Common scenarios • Cybersecurity culture, training • Risk management ANSPs • AFI Regional Operational Centre for Cybersecurity in Aviation
October is the National Cybersecurity Awareness Month « CYBER SECURITY IS OUR SHARED RESPONSABILITY » THANK YOU
- Slides: 22