Avionics CyberThreat. Airplanes Are Hard!

Similar documents
Paperless Aircraft Operations - IATA s Vision and Actions - Chris MARKOU IATA Operational Costs Management

9/16/ CHG 213 VOLUME 3 GENERAL TECHNICAL ADMINISTRATION CHAPTER 61 AIRCRAFT NETWORK SECURITY PROGRAM

Aeronautics & Air Transport in FP7. DG RTD-H.3 - Aeronautics Brussels, January 2007

WELCOME TO THE AGE OF THE CONNECTED AIRCRAFT

Aeronautics & Air Transport in FP7

ARINC Project Initiation/Modification (APIM)

The Green Airplane and Cyber

Dubai Declaration on Cyber Security in Civil Aviation 6 APRIL 2017

ARINC Project Initiation/Modification (APIM)

Terms of Reference for a rulemaking task. Portable Electronic Devices (PEDs)

Thales on the Civil Aerospace market

E-RECORDS. Heading towards a Paperless operation SWARAN SIDHU - HEAD OF FLEET TECHNICAL MANAGEMENT

UAS OPERATIONS AS AN ECOSYSTEM

Manitoba Technical-Vocational Curriculum Framework of Outcomes. Grades 9 to 11 Pilot Ground School 2018 Draft

Fokker Technologies The Fokker mind, heart and soul

HRODC Postgraduate Training Institute

E-RECORDS. Our Innovation journey - a Paperless operation SWARAN SIDHU - HEAD OF FLEET TECHNICAL MANAGEMENT

Global Civil and Military Simulation & Training Market ( Edition) July 2017

Operators may need to retrofit their airplanes to ensure existing fleets are properly equipped for RNP operations. aero quarterly qtr_04 11

ARINC Project Initiation/Modification (APIM)

Implementation challenges for Flight Procedures

RNP AR APCH Approvals: An Operator s Perspective

Buyer s Guide to Effective Upset Prevention & Recovery Training

Applicability / Compatibility of STPA with FAA Regulations & Guidance. First STAMP/STPA Workshop. Federal Aviation Administration

EUROCAE ED-250: ROAAS MOPS

Boeing s goal is gateto-gate. crew awareness that promotes safety and efficiency.

New Generation Aircraft Information Security Web Seminar. Gatelink. Presented by the Air Transport Association Digital Security Working Group

Paperless Operations. Chris Markou Head, Operational Cost Management - IATA

OVERVIEW OF THE FAA ADS-B LINK DECISION

Global Civil Aviation & Military Simulation & Training Market( ) Trends & Opportunities

In-Flight Entertainment and Connectivity

Gogo Connected Aircraft Services

Flight Operations Briefing Notes

Analyzing Risk at the FAA Flight Systems Laboratory

The Aviation Rulemaking Committee is changing. how airworthiness directives are developed and implemented.

NGAP / TRAINAIR PLUS Regional Conference The Americas. Training Challenges for New Generation Aircraft

Aviation Suppliers Association Pioneering the Future of the Supply Chain. June 17, 2014

ARINC Project Initiation/Modification (APIM)

IEPCHECKLIST. Internal Evaluation Program Checklist. Attention: PRISM PRO Subscribers SCALE OF 1-5

Glass Cockpits in General Aviation Aircraft. Consequences for training and simulators. Fred Abbink

Today s flight path. 1. WestJet s Story 2. Background 3. Approach 4. Results and Recommendations 5. Questions?

[FILE] AIRCRAFT MECHANIC STUDY OPERATING INSTRUCTIONS

MID-Region. Standard Operating Procedures Effectiveness and Adherence

Excellent sanitation solutions and cabin modules

AIRWORTHINESS ADVISORY. Airworthiness Impacts of Electronic Flight Bags

Certification of UAS. A Risk-Based Approach. Date: April 20, Federal Aviation Administration. Federal Aviation Administration

Buchanan Field. Airport Planning Program. FAR Part 150 Meeting. September 28, Master Plan FAR Part 150 Noise Study Strategic Business Plan

E-Enabled Vision & Strategy

High-speed connectivity solutions for airlines

MANAGING THE CHANGES AS A STATE CASE STUDY UAE Airspace Restructuring Project

IATA Paperless Aircraft Operations Conference Review of e-operation initiatives since SWISS

The Importance of AIM and the Operational Concept

The In-Flight Monetisation & Services Platform PRODUCT BROCHURE

Preparatory Course in Business (RMIT) SIM Global Education. Bachelor of Applied Science (Aviation) (Top-Up) RMIT University, Australia

PRO LINE FUSION INTEGRATED AVIONICS SYSTEM. Pro Line Fusion on Gulfstream G280: Your direct path to see and access more.

Department of Defense DIRECTIVE

Your success is our goal. Rely on our engineering.

Mobile Aircraft Maintenance Crew (MAMC) EXTENDING YOUR SUCCESS

SECURE AND FACILITATED INTERNATIONAL TRAVEL INITIATIVE SUMMIT PROGRESS REPORT. Document Interoperability through International Standards

1989 Pilatus PC-6 / B2-H4

Aviation Industry Skills and Workforce Development: A Higher Education Perspective

Flight Services. Programs for Flight Departments

Commercial Aircraft Customer Services

HungaroControl. More than an Air Navigation Service Provider

Air Transport Industry

REPORT 2014/111 INTERNAL AUDIT DIVISION. Audit of air operations in the United Nations Operation in Côte d Ivoire

Advisory Circular AC19-1. Test Pilot Approvals 03 July Revision 0

Documentation Issues and Initiatives

AIRPORT OPERATIONS TABLE OF CONTENTS

IATA Paperless Operations; Update

More information at

Cost Pressures Build On Component MRO

Safety Enhancement SE ASA Design Virtual Day-VMC Displays

Carbon Offsetting and Reduction Scheme for International Aviation (CORSIA):

Contracting of continuing airworthiness management tasks

Regional Seminar/Workshop on CMA and SAST

Technology that Matters

AN-Conf/12-WP/162 TWELFTH THE CONFERENCE. The attached report

MRO Americas 2016 Mainline/Regional Collaborations Air Canada/Jazz

2018 Cathay Pacific Virtual 2 P a g e

Communications and Information Technology Alert

The Design, Engineering and Innovation team is the primary provider of engineering services to Etihad Airways and the focal point of technical

Jeppesen Total Navigation Solution

Safety Enhancement SE ASA Training - Policy and Training for Non-Normal Situations

Technology Tools. Wednesday, January 23, :15pm 2:30pm

TRAFFIC ALERT AND COLLISION AVOIDANCE SYSTEM (TCAS II)

Electronic flight bags built. with Microsoft technology

CHAPTER 24 D APPROVAL OF SPECIAL OPERATIONS- PERFORMANCE BASED NAVIGATION OPERATION

NBAA CONNECTIVITY SURVEY RESULTS

Driving STM32 to success STM32 services for sophisticated embedded applications

Update Noise Management Action Plan. 10 Commitments to our Neighbours June 21, 2018 CENAC meeting Cynthia Woods

intuitive forecasting to win its fight for survival managing inventory and intuitive forecasting parts requirements

A New Era. in Offshore Aviation. a SEACOR company

Hijacked from the Ground. Christopher S. Dye

Terms of Reference for a rulemaking task. Implementation of Evidence-Based Training within the European regulatory framework RMT.0696 ISSUE

TURBULENCE AHEAD DISENGAGE THE AUTOPILOT GLOBAL FLEET & MRO MARKET FORECAST

Critical Systems and Software Solutions

PBN AIRSPACE CONCEPT WORKSHOP. SIDs/STARs/HOLDS. Continuous Descent Operations (CDO) ICAO Doc 9931

Maintaining the dream

Asia Pacific Regional Aviation Safety Team

Transcription:

Avionics CyberThreat Airplanes Are Hard!

Disclaimer The subject matter of this presentation is provided for educational purposes only. The information presented relates to a dynamic and complex cyber security environment. This landscape is constantly changing; however, the content is presented in good faith and is currently accurate to the best knowledge of the presenter. The views and opinions expressed in this presentation are those of the presenter and do not necessarily reflect those of Delta Air Lines.

Discussion Points Introduction Landscape Assessment Thoughts & Considerations Questions

Introduction CyberThreat Why the Sudden Importance? Technology Evolution: In-Flight Entertainment / Media Servers Power Plugs / USB Ports WiFi, etc.

Introduction CyberThreat Why the Sudden Importance? Consumerization of Aircraft Technology Creating a More Connected Experience for the Passenger & Crew Centralization of Aircraft Computing From Flintstone to Jetsons Avionics

Landscape Responsible Parties: Aircraft Manufacturers Avionics Engineering Component /Engine Suppliers Airlines Maintenance Repair Overhaul Government Agencies Federal Aviation Administration International Civil Aviation Organization Local Civil Aviation Authorities

Landscape Source: AIAA A Framework for Aviation Cybersecurity Aug2013

Landscape Threat Actors: Aircraft Crew (Pilots, Flight Attendants, etc.) Airport Logistics (Air Traffic Controllers) Corporate Support (Operations and Control Center, Aviation Engineering, Maintenance) Passengers Remote Attackers Turnover Crew (Cleaning, Catering)

Landscape Threat Technology: Smart Phones, Mobile Devices Software Defined Radio (SDR) Supervisory Control and Data Acquisition (SCADA) / Industrial Control Systems (ICS) Global Positioning System, Graphic Flight Following (public), Aircraft Situation Display to Industry (ASDI) ElectroMagnetic Pulse (EMP)

Assessment Goals: Translate Threat Concepts from Traditional IT to Aircraft Systems Evaluate IT Governance of Avionics Assess Attack Surface of Sampled Airframes for Vulnerabilities

Assessment Targeting Specialist Expertise within the IT Space: Limited Aircraft Experience Automotive, Manufacturing, Power, etc. Focus on penetration testing and SCADA/ICS exposure Lots of small players but what can reputable vendors deliver? Reinforces & adds credibility to report Help drive positive action & results

Assessment Challenges: Multiple Fleet Types & Configurations within Fleet Types Multiple Component Areas (Scoping Specific Test Areas is essential) Many types of manuals each based on standard, but customizations go to tail number detail Ability to perform validation testing of theoretical concepts but cannot damage or compromise actual aircraft Non-Standard Interfaces (i.e. AIRINC 429/629) Inconsistent Stakeholder Ownership Depending on Part or Aircraft

Assessment Diverse but Limited Test Environments Environment Pros Aircraft Test Benches Simulators Fully Integrated Real World Environment Targeted Environment Easy Accessibility for Testing Configurable for Testing Needs Cons High Cost Not Integrated Hardware Only Not Reflective of Real Environment (Software Designed) False Positives in Testing Considering These Options, Which Do You Choose?

Thoughts & Considerations Integration Between IT and Avionics Engineering Escape Traditional Ownership & Approach, Increase Collaboration What are the Different Levels of Responsibility and Ownership for Each Stakeholder Work Together to Secure Environment, Share Information to Enhance the Industry Build on the Successes of Traditional IT Controls: Attribution, Authentication, Authorization, Encryption, Segmentation, etc.

Thoughts & Considerations Red Teaming Mindset Look At This From the View of an Attacker Compliance vs Security Eliminate Checklist Mentality Focus on Securing Your Airline s Environment Governments Require Reports of Security Assessments from Manufacturers

Questions What does your airline do to cover these risks? How involved is your airline with local and international agencies to identify credible threats? How does your airline keep up with threat evolution versus security enhancements? What should audit do in this space? Your turn

2024 © travelsdocbox.com Privacy Policy | Terms of Service | Feedback