CybAIRVision® International Cyber Warfare & Security Conference, 27 November 2014, Ankara Cécilia Aguero

CybersEcuritY? CyberdEfense? DCW? OCW? CybAIRVision® CybersEcuritY? CyberdEfense? DCW? OCW?

Terms & Concepts Cyber-Security: Status expected for an information system allowing it to withstand events from cyberspace that may compromise the availability, integrity or confidentiality of data stored, processed or transmitted and related services that these systems offer or make accessible. Cyber ​​security involves technical security of information systems and is based on the fight against cybercrime and the establishment of a cyber defense. Cyber-defense: All technical and non-technical measures allowing a country to defend cyberspace information systems deemed essential. DCW and OCW: With defensive cyber-war (DCW) and offensive cyber-war (OCW), cyber helps defend and attack computers and networks of computers that control a country. The National Institute of Standards and Technology (NIST): NIST is a US Department of Commerce agency, charged of norms & standards. The NIST « cyber » framework is, since June 2014, the common Thales Group Cyber Security framework.

Cyber & CybAIR® : 2 complementary approaches The CYBER expert checks information FLOW (ipSec policies, interruption, leaks,…) The CYBAIR® expert analyzes information consistency (multi source comparison) The CYBER expert are IT Centric e.g. checks known malware The CYBAIR® expert checks abnormal system behaviour “Antivirus is dead” said Brian DYE, Symantec SVP, the 6th of May 2014 IT- Centric AND Domain-Specific/Behavior analysis provides additional protection It allows also the detection of dysfonctions .

Model-based anomaly detection for integrity monitoring Models capture information related to what is possible / not possible, what is normal / abnormal regarding objects involved in air operations TRS has deep knowledge about typical behavior of the following objects: Terrain, Sea, Sun environment Effects on detection Aircraft Performance Airspace and traffic Structure Aircraft presence/areas, traffic flows ATC data links Weather environment Timely evolution, Effects on detection Radars Coverage Data flow EW (jamming, spoofing) Communications Bandwith, latency Topology Operations Mission plan, progress Computing Operational processes, data flows Loads Human activities Roles, working hours, activities Data production cycle Voice communication calls Voice communication VoIP protocols

CybAIRVision® BUSINESS AltErations ?

Business Alterations Examples (1/2) Alterations by buffer cloning Remanence effect: copying all blocks of a radar detection to the following The radar tracker will create new "ghost" tracks depending on the type of cloned plots Camera effect: replace the actual flow by an older one, previously recorded DoS (denial of service): 500 cloned plots

Business Alterations Examples (2/2) Alterations by message generation Claim / Signature: 2D plot line => message in 3D Zone transposition : real "Red" area, destination "green" area

CybAIRVision® OFFER OVERVIEW

CybAIRVision® Suite

CybAIR Radbox : the radar security solution Real-time sensor that analyzes the information provided by radars to detect possible intrusions affecting the detection Alerts the user upon occurrence of an abnormal behavior and their operational consequences and provide decision aids Includes forensics and post-analysis features Designed and prototyped HMI with the users 40-year of Air Defense experience embedded in the CybAIR Radbox

CybAIR® Radbox : Use cases 5 4 1 2 3 Secure the radar side interfaces : New radars 1 Secure the radar side interfaces : Legacy radars 2 6 7 Secure the radar side interfaces : Tactical radars 3 Connect a military radar to a civilian ATM center 4 Connect a radar with multiple clients 5 Add an operational supervision feature 6 Add CybAIR detection with CybAIR agents 7

CybAIR® Multilink : Principles Military Radars C-Box CybAIR Com Services Military C² CybAIR Common Services ATC CybAIR Analyze CybAIR Flow Box optimized for center specificities : communication services : idem R-Box common services : idem R-Box technical & operational supervision : box HW & SW status, multi-radars data flow quality, center coverage, record & replay CybAIR detection : “AIR Operation” specific business probes real time events correlation engine

CybAIR® Multi-Link : Use cases 5 1 2 3 4 Secure the center side interfaces : Legacy radars 1 Secure the center side interfaces : New radars 2 6 7 Secure center to center interfaces 3 Connect a military center to a civilian ATM center 4 Connect a center with multiple clients 5 Add an operational supervision feature 6 Add CybAIR detection with CybAIR agents 7

CybAIR® Picture : Principles Army Navy HMI NVG Flow AIR / IAMD National or NATO COP Space Cyber National Centre or NATO P-Box CybAIR Picture Analyzer optimized for National specificities : communication services : Spying HMI inputs NVG standard / Web portal CybAIR Picture : Up to 6D Awareness (5 battlefields + temporal dimension) Real time data confidence analysis Real time data inconsistencies analysis

CybAIR® Picture : Use cases 2 4 JRE 5 SWIM 1 3 Situation & threats awareness from NATO ACCS Web Portal Interface 1 Army Navy AIR / IAMD Space Cyber Situation & threats awareness from NATO ACCS (Awcies) Interface 2 Situation & threats awareness from NATO NCOP (NVG) Interface 3 Situation & threats awareness from JRE Interface 4 Situation & threats awareness from SESAR SWIM Interface 5

CybAIR® Picture : HMI Overview

CybAIR® Picture : Focus on SupAIRVision

Thank You for your attention cecilia.aguero@thalesraytheon-fr.com