1. CybAIRVision®
International Cyber Warfare & Security Conference, 27 November 2014, Ankara Cécilia Aguero

2. CybersEcuritY? CyberdEfense? DCW? OCW?
CybAIRVision®
CybersEcuritY? CyberdEfense? DCW? OCW?

3. Terms & Concepts Cyber-Security:
Status expected for an information system allowing it to withstand events from cyberspace that may compromise the availability, integrity or confidentiality of data stored, processed or transmitted and related services that these systems offer or make accessible. Cyber ​​security involves technical security of information systems and is based on the fight against cybercrime and the establishment of a cyber defense.
Cyber-defense:
All technical and non-technical measures allowing a country to defend cyberspace information systems deemed essential.
DCW and OCW:
With defensive cyber-war (DCW) and offensive cyber-war (OCW), cyber helps defend and attack computers and networks of computers that control a country.
The National Institute of Standards and Technology (NIST):
NIST is a US Department of Commerce agency, charged of norms & standards. The NIST « cyber » framework is, since June 2014, the common Thales Group Cyber Security framework.

4. Cyber & CybAIR® : 2 complementary approaches
The CYBER expert checks information FLOW (ipSec policies, interruption, leaks,…)
The CYBAIR® expert analyzes information consistency (multi source comparison)
The CYBER expert are IT Centric e.g. checks known malware
The CYBAIR® expert checks abnormal system behaviour
“Antivirus is dead” said Brian DYE, Symantec SVP, the 6th of May 2014
IT- Centric AND Domain-Specific/Behavior analysis provides additional protection It allows also the detection of dysfonctions .

5. Model-based anomaly detection for integrity monitoring
Models capture information related to what is possible / not possible, what is normal / abnormal regarding objects involved in air operations
TRS has deep knowledge about typical behavior of the following objects:
Terrain, Sea, Sun environment
Effects on detection
Aircraft
Performance
Airspace and traffic
Structure
Aircraft presence/areas, traffic flows
ATC data links
Weather environment
Timely evolution,
Effects on detection
Radars
Coverage
Data flow
EW (jamming, spoofing)
Communications
Bandwith, latency
Topology
Operations
Mission plan, progress
Computing
Operational processes, data flows
Loads
Human activities
Roles, working hours, activities
Data production cycle
Voice communication calls
Voice communication
VoIP protocols

6. CybAIRVision®
BUSINESS AltErations ?

7. Business Alterations Examples (1/2)
Alterations by buffer cloning
Remanence effect:
copying all blocks of a radar detection to the following
The radar tracker will create new "ghost" tracks depending on the type of cloned plots
Camera effect:
replace the actual flow by an older one, previously recorded
DoS (denial of service): 500 cloned plots

8. Business Alterations Examples (2/2)
Alterations by message generation
Claim / Signature: 2D plot line => message in 3D
Zone transposition : real "Red" area, destination "green" area

9. CybAIRVision®
OFFER OVERVIEW

10. CybAIRVision® Suite

11. CybAIR Radbox : the radar security solution
Real-time sensor that analyzes the information provided by radars to detect possible intrusions affecting the detection
Alerts the user upon occurrence of an abnormal behavior and their operational consequences and provide decision aids
Includes forensics and post-analysis features
Designed and prototyped HMI with the users
40-year of Air Defense experience embedded in the CybAIR Radbox

12. CybAIR® Radbox : Use cases5 4 1 2 3
Secure the radar side interfaces : New radars 1
Secure the radar side interfaces : Legacy radars 2 6 7
Secure the radar side interfaces : Tactical radars 3
Connect a military radar to a civilian ATM center 4
Connect a radar with multiple clients 5
Add an operational supervision feature 6
Add CybAIR detection with CybAIR agents 7

13. CybAIR® Multilink : Principles
Military Radars
C-Box
CybAIR
Com Services
Military C²
CybAIR
Common Services
ATC
CybAIR Analyze
CybAIR Flow
Box optimized for center specificities :
communication services : idem R-Box
common services : idem R-Box
technical & operational supervision :
box HW & SW status,
multi-radars data flow quality, center coverage, record & replay
CybAIR detection :
“AIR Operation” specific business probes
real time events correlation engine

14. CybAIR® Multi-Link : Use cases5 1 2 3 4
Secure the center side interfaces : Legacy radars 1
Secure the center side interfaces : New radars 2 6 7
Secure center to center interfaces 3
Connect a military center to a civilian ATM center 4
Connect a center with multiple clients 5
Add an operational supervision feature 6
Add CybAIR detection with CybAIR agents 7

15. CybAIR® Picture : Principles
Army
Navy
HMI NVG Flow
AIR / IAMD
National or NATO COP
Space
Cyber
National Centre or NATO
P-Box
CybAIR Picture
Analyzer optimized for National specificities :
communication services : Spying HMI inputs NVG standard / Web portal
CybAIR Picture :
Up to 6D Awareness (5 battlefields + temporal dimension)
Real time data confidence analysis
Real time data inconsistencies analysis

16. CybAIR® Picture : Use cases2 4
JRE 5
SWIM 1 3
Situation & threats awareness from NATO ACCS Web Portal Interface 1
Army
Navy
AIR / IAMD
Space
Cyber
Situation & threats awareness from NATO ACCS (Awcies) Interface 2
Situation & threats awareness from NATO NCOP (NVG) Interface 3
Situation & threats awareness from JRE Interface 4
Situation & threats awareness from SESAR SWIM Interface 5

17. CybAIR® Picture : HMI Overview

18. CybAIR® Picture : Focus on SupAIRVision

19. Thank You for your attention cecilia.aguero@thalesraytheon-fr.com