Op Spec D 301 Aircraft Network Security Program

Op. Spec D 301 Aircraft Network Security Program Presented to: OSWG 2011 -04 Presented by: Chris Parfitt, AFS-360 Date: November 2 nd, 2011 Federal Aviation Administration

Background • Avionics interface via ARINC or Mil Spec databus (429, etc. ) • Passenger compartment electronics interface via TCP/IP • Physical partition between avionics and passenger compartment electronics Op. Spec D 301, Aircraft Network Security Program November 2 nd, 2011 Federal Aviation Administration 2

e-Enabled Aircraft • Avionics interface using Transmission Control Protocol and/or Internet Protocol (TCP/IP) • Passenger info and entertainment still use TCP/IP • System architecture may allow read/write access to/from external systems and networks (Airline operations and maintenance systems, Sat Comm, World Wide Web, etc. ) • No longer a physical partition between avionics and passenger electronics. • Examples of e-Enabled aircraft: Boeing 747 -8 and 787, Airbus A 350 and A 380, Bombardier CS 100 and CS 300 Op. Spec D 301, Aircraft Network Security Program November 2 nd, 2011 Federal Aviation Administration 3

Risks • Avionics and passenger systems now similar to a Local Area Network (LAN). • Aircraft have the capability to reprogram flight critical avionics components wirelessly and via various data transfer mechanisms. • May result in cyber security vulnerabilities from intentional or unintentional corruption of data and/or systems critical to the safety and continued airworthiness of the airplane. Op. Spec D 301, Aircraft Network Security Program November 2 nd, 2011 Federal Aviation Administration 4

Risks cont. • Credible examples of potential misuse include the potential for: Malware to infect an aircraft system An attacker to use onboard wireless to access aircraft system interfaces Denial of service of wireless interfaces Denial of service of safety critical systems Misuse of personal devices that access aircraft systems Misuse of off-board network connections to access aircraft system interfaces Op. Spec D 301, Aircraft Network Security Program November 2 nd, 2011 Federal Aviation Administration 5

Risk Mitigation Efforts RTCA SC-216 Aeronautical Systems Security (jointly with EUROCAE WG-72) to form a consensus and document guidance for security of aircraft systems. Information/Cyber Security Guidance for Instructions for Continued Airworthiness and Continuing Airworthiness (Maintenance/Operational Implementation) Current plan for publication early 2013 FAA Advisory Circular based on this guidance Participation from airline operators is almost non-existent. We encourage participation from airline maintenance, engineering, and information technology (IT) departments. Op. Spec D 301, Aircraft Network Security Program November 2 nd, 2011 Federal Aviation Administration 6

Op. Spec D 301 • Applies to aircraft operated under 14 CFR parts 121, 121/135, 125, and 129. • Necessary to verify that operators have the skills, tooling, and procedures in place to accomplish the requirements of the manufacturer’s aircraft security document. • Aircraft that require an ANSP include any aircraft produced or modified that requires the manufacturer to provide operator guidance documentation for FAA approval. The FAA requirement is in the form of Special Conditions. Boeing provides this guidance in an ancillary document referred to as “Airplane Network Security Operator Guidance (ANSOG). ” Airbus includes “Aircraft Information System Security” guidance in Part 6 of Aircraft Limitations Section (ALS) of the aircraft maintenance manual. Op. Spec D 301, Aircraft Network Security Program November 2 nd, 2011 Federal Aviation Administration 7

D 301 Point of Contact Rochelle Brisco AFS-360, Avionics Maintenance Branch rochelle. brisco@faa. gov (202)385 -6413 Op. Spec D 301, Aircraft Network Security Program November 2 nd, 2011 Federal Aviation Administration 8

Questions? Op. Spec D 301, Aircraft Network Security Program November 2 nd, 2011 Federal Aviation Administration 9