Cyber Security Research Plans for a Secure Aircraft

Cyber Security Research Plans for a Secure Aircraft Data Network (SADN) NITRD HCSS, Aviation Software Systems: Design for Certification Kevin Harnett Vince Rakauskas October 2006 DOT/Volpe Center Infrastructure Protection and Operations Division 1

Briefing Agenda • Background • Aircraft Data Network (ADN) Cyber Security Issues • ADN-Related Program/Systems Assessment • Gap Analysis • Recommendations October 2006 2

Volpe Center Task (from NASA Glenn Research Center - GRC) Task 1: Baseline SADN Cyber Security Research Requirement • Discussions with the FAA, AC/avionics manufacturers and others • Document candidate SADN R&D technology research areas (focus on B 787 and A 380/350) • Understand current Boeing 787 and Airbus 380 ADN cyber security issues • Provide “lessons learned” to apply to cyber security requirements for the Next Generation Aircraft Task 2: Leverage Related SADN Program • Investigate direction of related ADN initiatives (e. g. FAA’s SSDS and the AEEC’s SEC groups) • Leverage cyber security requirements for potential SADN R&D “partnerships” October 2006 Interviews conducted with: · NASA · FAA (AVS, AIR-120, ATO, ARD) · Joint Planning and Development Office (JPDO) · U. S. Air Force/ESC · Do. D Technical Support Working Group (TSWG) · DHS · ARINC/AEEC · Aircraft manufacturers (Boeing) · Avionics manufacturers (Honeywell) · Airlines (United) · Sensis Corporation 3

ADN Cyber Security Issues Vulnerabilities Cabin Services Aircraft Control VHF/HF ADN IFE Internal 802. 11 SATCOM Technology Advances enable new, cost-effective connectivity between on-board Networks and Airline Ground Networks Broad band Airlines will use Broadband Internet connectivity to support passenger services then use existing bandwidth to support operations. October 2006 Crew Devices External 802. 11 Psgr Devices New vulnerabilities are added Revenue from passenger services provides funding for increased infrastructure costs 4

ADN Cyber Security Issues Cabin Services Aircraft Control VHF/HF Mission-critical systems are potentially susceptible to attack October 2006 ADN IFE Internal 802. 11 Crew Devices Internal 802. 11 Psgr Devices SATCOM Broad band External 802. 11 5

ADN Cyber Security Issues • These cyber security vulnerabilities are not only new but have not been anticipated. • Since it has not been a concern in the past, the existing Code of Federal Regulations does not specifically address cyber security vulnerabilities • Consequently, there are no existing Policies, Certification Criteria or Procedures that provide assurances that cyber security vulnerabilities will not cause unsafe flight conditions • Cyber security vulnerabilities in the ADN will be irrevocably bound to the safety of flight. • Unmitigated, these vulnerabilities will have a definite negative effect on the safety of flight. October 2006 6

One Potential Solution October 2006 7

Key ADN-Related Program/Systems FAA • AIR-120 SDSS Program (Network Security and Safety Aircraft LAN Study) • Automated Airborne Flight Alert System (AAFAS) • AVS Boeing 787 Security Issue Papers (domain separation and EDS) • Airborne Internet (A. I. ) Industry • ARINC/AEEC) Subcommittees (particularly ADN and SEC) • ATA E-Biz's Digital Security Working Group (DSWG) and Certipath • Eurocae's WG-72 (Aeronautical System Security) Working Group Do. D • United States Air Force Airborne Network (AN) Project • USAF Multi-sensor Command Control Aircraft (MC 2 A) • Coast Guard C-130 J • Do. D Global Information Grid (JPDO) • Technical Support Working Group (TSWG) October 2006 8

Other ADN-Related Program/Systems FAA • GCNSS Network-enabled Operations (NEO) Airspace Security Demo • ISS R&D Program Planning Team (PPT) NASA • Mobile Communications Network Architecture (MCNA) • ADS-B Security Project • Aircraft Centric Data and Information Communications Systems Security • Assessment report • Policy report Industry • Transatlantic Secure Collaboration Program-TSCP • Wireless Communications Consortium Do. D • TWIC (& HPSD-12) - logical access smart cards • DHS's Computer Security Information Assurance (CSIA) R&D Working Group October 2006 9

Next Generation Air Transportation System JPDO NGATS Integrated Plan, Dec 2005 • NGATS vision is to “harmonize and integrate” the Civilian and Military ATC systems • System-wide safety and security monitoring allows analysis of failure, threat, and vulnerability trends in real-time, based on data gathered throughout the system • NGATS allow more creative sharing of airspace capacity for civil, LEA, Do. D, and commercial users through access to operational information JPDO NGATS goals can not be possible without “secure and safe Aircraft Data Network (ADN) and applications…” October 2006 10

Gap Analysis Partner & Leverage Aviation Industry Do. D DHS TSA Potential Overlaps Potential Gaps FAA/ NASA NGATS Undiscovered Interdependencies October 2006 11

ADN-Related Program/Systems Conclusions § Leverage Do. D GIG Activities ° Leverage USAF GIG activities to develop a Airborne Network (AN) to support NGATS and the AN Information Assurance (IA) Program ° Do. D/USAF have legacy (Joint-STARS, AWACS, ) and new “Next-Generation Weapon Systems” (e. g. USAF MC 2 A, CG C 130 J) with IP-based Airborne platforms with security concerns ° Opportunities for Do. D /DHS and FAA to partner on “joint” SADN requirements for Secure and Net-centric ADNs § SADN could impact and support several overlapping FAA A/G Demonstration Projects (NEO, SWIM, AAFAS, and AI) § Recommend Government Oversight and Participation on three key ADN Security Working Groups ° AEEC SEC ° ATA DSWG ° EUROCAE WG-72 October 2006 12

Gap Analysis – Conclusions • • There are many activities underway but the ultimate technical solutions remain to be determined Determining solutions that will be viable for all stakeholders will be a challenge Additional Research and Development will need to be funded which must include the full range of stakeholder issues Lack of direction, oversight and coordination among the ADNrelated FAA, Do. D, and DHS and Aviation Industry Security Work Several redundant efforts and overlaps (but the greater consequence is the potential for gaps, conflicting results and undiscovered interdependencies) Non-government (commercial) projects driven by cost likely to overlook elements of security needed by the Federal Government Much potential for gain through a managed approach October 2006 13

Research & Development Topics Recommendation Security Concept Research & Development topics Policy SADN Policy Certification SADN Certification Criteria Infrastructure Net-centric Security Architecture/Services PKI/Key Management Security Air to Ground Communications Mechanisms Perimeter and Boundary Defense Identification & Authentication EFB and Other Laptop Computers Malware Maintenance Monitor, Detect, Respond October 2006 EDS of FLS and Maintenance Procedures Auditing, IDS and Incident Response 14

Key R&D Topics SADN Policy SADN Certification Criteria Auditing, IDS and Incident Response October 2006 15

Our Progress Seek Opportunities For Collaboration US Air Force Airborne Network (AN) IA Project UK / US Workshop On Aeronautical Telecommunications Networks (ATN) Security Boeing 787 Security Assessment Technical Support Working Group (TSWG) October 2006 16

Our R&D Recommendations for You Gain An Awareness Of Others Activities Understand The Goals Of The Stakeholders Seek Collaborative Opportunities For SADN R&D Projects Keep The Goals Of NGATS In Mind October 2006 17

Our R&D Recommendations for You Security is “Built In” Not “Bolted On” October 2006 18

Contacts • Kevin Harnett, Volpe Center Cyber Security Program Manger – Email: harnett@volpe. dot. gov – Phone: 617 -699 -7086 • Vince Rakauskas, Security Engineer – Email: rakauskas@comcast. net – Phone: 508 -339 -0280 October 2006 19

Acronyms AAFAS ADN ARP AEEC AI ARD ATA C-130 J CC CONOPs CSIA DSWG EDS EFB FLS GIG-BE HSPD-12 IDS IFE October 2006 Automated Airborne Flight Alert System Aircraft Data Network Aerospace Recommended Practice Airlines Electronic Engineering Committee Airborne Internet FAA Chief Technology Officer (R&D) Air Transport Association Coast Guard C-130 J Helicopter Common Criteria Concept of Operations Computer Security Information Assurance Digital Security Working Group DSWG Electronic Distribution of Software Electronic Flight Bag Field Loadable Software Global Information Grid - Bandwidth Expansion Homeland Security Presidential Directive - 12 Intrusion Detection System In-Flight Entertainment 20

Acronyms IPS ISS JPDO MC 2 A MCNA NEO NGATS PKI PO PPT RTCA SADN SCAP SDSS ST&E SWIM TSCP TSWG TWIC October 2006 Intrusion Protection System Information System Security Joint Planning and Development Office Multi-sensor Command Control Aircraft Mobile Communications Network Architecture Network Enabled Operations Next Generation Air Transportation System Public Key Infrastructure Program Office Program Planning Team Radio Technical Commission for Aviation Secure Aircraft Data Network Security Certification and Authorization Package Software and Digital Systems System Security Test and Evaluation System Wide Information Management Transatlantic Secure Collaboration Program Technical Support Working Group Transportation Worker Identification Credential 21