Presentation on theme: "Overview of AEEC Information Security CONOPS Vic Patel, FAA/ATO-P WJHTC Security Engineering Simon Blake-Wilson, BCI and FAA April 19, 2004."— Presentation transcript:
Overview of AEEC Information Security CONOPS Vic Patel, FAA/ATO-P WJHTC Security Engineering Simon Blake-Wilson, BCI and FAA April 19, 2004
AEEC is an association of airlines, organized by ARINC, that develop standards for avionics AEEC Information Security (SEC) Working Group formed to address increasing interest from airlines AEEC SEC participation includes airlines, airframers, avionics, IFE vendors, comms service providers FAA/ATO-P WJHTC Security Engineering Group participating in AEEC SEC AEEC SEC initial product is an Information Security Concept of Operations (CONOPS) AEEC Information Security Background
Goals of the Info Sec CONOPS include: Provide background in info sec for airline departments who have not dealt with it before Emphasize sound security practice Assist other AEEC groups thinking about information security Discuss issues that arise as the aircraft becomes part of the corporate LAN, and there is more connectivity between domains on the aircraft CONOPS is expected to be approved in mid AEEC Info Sec CONOPS
The CONOPS emphasizes the importance of following an overall information security process to secure a system: Risk-based approach High-level to allow each step to be performed at an appropriate level of detail Strangely there are no existing standards for overall approach. Common Criteria and Federal Information Security Management Act (FISMA) provide pieces but are not coordinated. FAAs Security Certification and Authorization Package (SCAP) process includes FISMA requirements CONOPS Information Security Process
CONOPS Information Security Process (Cont) Step 1: Identify information security needs and objectives Step 2: Select and implement security controls Step 3: Operate and manage security controls Security review
Step 1.1: Asset Identification Airline Info. Services Pass, Support Aircraft Control Flight and Embed ded Control Cabin Core Pass. Info. and Entertain Services (PIES) Pass. Devices Control Aircraft Operate Airline Entertain Passenger Adminis trative Airplane Airline Air/Ground Broadband Services Airport Data Link Services Airline Approved 3rd Parties ATSP
Identify information types. Step 1.1: Asset Identification Information typeTypical ownerPrimary domain Aircraft control (AC) information Airline, ATSPControl the aircraft Airline operational communications (AOC) information AirlineOperate the airline Airline administrative communications (AAC) information AirlineOperate the airline Airline passenger communications (APC) information PassengersEntertain the passengers
Initial step to estimate how important security is for system. Step 1.1: Security Categorization Information typeSecurity categorization ConfidentialityIntegrityAvailability Aircraft control (AC) information LowHigh Airline operational communications (AOC) information Moderate (or High?) Medium Airline administrative communications (AAC) information Moderate (or High?) Low (or Mod?) Medium Airline passenger communications (APC) information High Medium
Identify threats based on high-level framework. Step 1.2.1: Analyze Risks Threat IdentifierThreat description T.ACCESSAn authorized user may gain unauthorized access to the aircraft system or to information controlled by the aircraft system via user error, system error, or an attack for malicious or non-malicious purposes. T.DEVELOPSecurity failures may occur as the result of problems introduced during implementation of the aircraft system. T.ENTRYAn individual other than an authorized user may gain access to the aircraft system or to information controlled by the aircraft system via system error or an attack for malicious purposes. T.MAINTAINThe security of the aircraft system may be reduced or defeated due to errors or omissions in the administration and maintenance of the security features of the aircraft system. T.PHYSICALSecurity-critical parts of the aircraft system may be subjected to a physical attack that may compromise security.
Assess threat likelihood and severity using High/Medium/Low. Severity can be derived in part from hazard analysis. Step 1.2.1: Analyze Risks Threat IdentifierThreat likelihoodThreat severity T.ACCESS T.ACCESS.1TBD T.ACCESS.2TBD T.CRASH T.CRASH.1TBD T.DENIAL T.DENIAL.1TBD Etc
Identify policies that may affect security choices. Step 1.2.2: Identify Policies Policy IdentifierPolicy Description P.AIRLINEThis policy area covers applicable airline information security policies. P.EXPORTThis policy area covers applicable national and international export laws concerning cryptography and security controls. P.PRIVACYThis policy area covers applicable national and international laws concerning privacy. P.REGULATIONThis policy area covers applicable national and international regulations concerning development and implementation of aircraft systems.
Identify drivers for selection of security controls. Step 1.3: Security Objectives Policy IdentifierPolicy Description O.COMMON- CONTROLS Aircraft systems should use common security controls. O.EXISTING- LIFECYCLE Development, operation, and maintenance of security controls for aircraft systems should fit within the existing aircraft lifecycle. O.MINIMIZE- ADMIN Security controls for aircraft systems should require minimal administration. O.MISSION- ACCOMPLISH Security controls for aircraft systems should not inhibit airline mission accomplishment (i.e. delivery of passengers from point A to point B).
Select security controls based on needs and objectives. Step 2: Security Controls IDControl NameIDControl Name ACAccess ControlMAMaintenance ATAwareness and TrainingMPMedia Protection AUAudit and AccountabilityPEPhysical and Environmental Protection CACertification, Accreditation and Assessment PLPlanning CMConfiguration Management PSPersonnel Security CPContingency PlanningRARisk Assessment IAIdentification and Authentication SASystem and Services Acquisition IRIncident Response
The CONOPS touches on many issues specific to the aeronautical industry: Airline IT and maintenance have traditionally been separate Security patches and certification Lack of IT support on aircraft Long lifecycles from design to deployment and use Security and safety Etc. Aeronautical Issues with Security Controls
The AEEC CONOPS identifies security process for airlines and discusses many aeronautical security issues Only known standard for overall security process – but can exploit Common Criteria, FISMA, and SCAP Process potentially applicable throughout the aeronautical industry FAA WJHTC Information Security Group is using the process within programs such as NEXCOM, Future Comms Study, CPDLC Summary