3 Terms & Concepts Cyber-Security: Status expected for an information system allowing it to withstand events from cyberspace that may compromise the availability, integrity or confidentiality of data stored, processed or transmitted and related services that these systems offer or make accessible. Cyber security involves technical security of information systems and is based on the fight against cybercrime and the establishment of a cyber defense.Cyber-defense:All technical and non-technical measures allowing a country to defend cyberspace information systems deemed essential.DCW and OCW:With defensive cyber-war (DCW) and offensive cyber-war (OCW), cyber helps defend and attack computers and networks of computers that control a country.The National Institute of Standards and Technology (NIST):NIST is a US Department of Commerce agency, charged of norms & standards. The NIST « cyber » framework is, since June 2014, the common Thales Group Cyber Security framework.
4 Cyber & CybAIR® : 2 complementary approaches The CYBER expert checks information FLOW (ipSec policies, interruption, leaks,…)The CYBAIR® expert analyzes information consistency (multi source comparison)The CYBER expert are IT Centric e.g. checks known malwareThe CYBAIR® expert checks abnormal system behaviour“Antivirus is dead” said Brian DYE, Symantec SVP, the 6th of May 2014IT- Centric AND Domain-Specific/Behavior analysis provides additional protection It allows also the detection of dysfonctions.
5 Model-based anomaly detection for integrity monitoring Models capture information related to what is possible / not possible, what is normal / abnormal regarding objects involved in air operationsTRS has deep knowledge about typical behavior of the following objects:Terrain, Sea, Sun environmentEffects on detectionAircraftPerformanceAirspace and trafficStructureAircraft presence/areas, traffic flowsATC data linksWeather environmentTimely evolution,Effects on detectionRadarsCoverageData flowEW (jamming, spoofing)CommunicationsBandwith, latencyTopologyOperationsMission plan, progressComputingOperational processes, data flowsLoadsHuman activitiesRoles, working hours, activitiesData production cycleVoice communication callsVoice communicationVoIP protocols
7 Business Alterations Examples (1/2) Alterations by buffer cloningRemanence effect:copying all blocks of a radar detection to the followingThe radar tracker will create new "ghost" tracks depending on the type of cloned plotsCamera effect:replace the actual flow by an older one, previously recordedDoS (denial of service): 500 cloned plots
8 Business Alterations Examples (2/2) Alterations by message generationClaim / Signature: 2D plot line => message in 3DZone transposition : real "Red" area, destination "green" area
11 CybAIR Radbox : the radar security solution Real-time sensor that analyzes the information provided by radars to detect possible intrusions affecting the detectionAlerts the user upon occurrence of an abnormal behavior and their operational consequences and provide decision aidsIncludes forensics and post-analysis featuresDesigned and prototyped HMI with the users40-year of Air Defense experience embedded in the CybAIR Radbox
12 CybAIR® Radbox : Use cases 54123Secure the radar side interfaces : New radars1Secure the radar side interfaces : Legacy radars267Secure the radar side interfaces : Tactical radars3Connect a military radar to a civilian ATM center4Connect a radar with multiple clients5Add an operational supervision feature6Add CybAIR detection with CybAIR agents7
13 CybAIR® Multilink : Principles Military RadarsC-BoxCybAIRCom ServicesMilitary C²CybAIRCommon ServicesATCCybAIR AnalyzeCybAIR FlowBox optimized for center specificities :communication services : idem R-Boxcommon services : idem R-Boxtechnical & operational supervision :box HW & SW status,multi-radars data flow quality, center coverage, record & replayCybAIR detection :“AIR Operation” specific business probesreal time events correlation engine
14 CybAIR® Multi-Link : Use cases 51234Secure the center side interfaces : Legacy radars1Secure the center side interfaces : New radars267Secure center to center interfaces3Connect a military center to a civilian ATM center4Connect a center with multiple clients5Add an operational supervision feature6Add CybAIR detection with CybAIR agents7
15 CybAIR® Picture : Principles ArmyNavyHMI NVG FlowAIR / IAMDNational or NATO COPSpaceCyberNational Centre or NATOP-BoxCybAIR PictureAnalyzer optimized for National specificities :communication services : Spying HMI inputs NVG standard / Web portalCybAIR Picture :Up to 6D Awareness (5 battlefields + temporal dimension)Real time data confidence analysisReal time data inconsistencies analysis
16 CybAIR® Picture : Use cases 24JRE5SWIM13Situation & threats awareness from NATO ACCS Web Portal Interface1ArmyNavyAIR / IAMDSpaceCyberSituation & threats awareness from NATO ACCS (Awcies) Interface2Situation & threats awareness from NATO NCOP (NVG) Interface3Situation & threats awareness from JRE Interface4Situation & threats awareness from SESAR SWIM Interface5