Embed Size (px)
Citation preview
Federal AviationAdministrationFederal AviationAdministration
1
Presentation to:Name:Date:
Federal AviationAdministration
AMHS SecurityAMHS SecuritySecurity Sub-Group ActivitiesSecurity Sub-Group Activities
ATS Message Handling System (AMHS )Implementation WorkshopChennai, India
December, 15-16th 2008
Vic Patel
FAA/ATO-P Security Engineering GroupFAA/ATO-P Security Engineering GroupWilliam J. Hughes FAA Technical Center
Atlantic City International Airport
Atlantic City, NJ 08405
USA
Federal AviationAdministrationFederal AviationAdministration
2
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
Presentation Overview
2AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Security Policy
Security Checklist
Security Guidance Document
Technical Controls for AMHS Security
Other Regional Security Documents
System-wide Risk Assessment
Contingency Plan
Incident Response Plan
Federal AviationAdministrationFederal AviationAdministration
3
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
Asia/Pacific ICG Strategic Objective: Security
3
Task (1) Update System Integrity Policy as needed
Asia/Pacific ATN System Security Policy Document Adopted by ICAO Asia-Pacific as of October 2008
Task (2) Develop Information Security ChecklistAsia/Pacific ATN Develop Security Checklist
Task (3) Develop Information Security Guidance Asia/Pacific ATN Security Guidance Document
Task (4) Develop Information Security Solution for Initial and Enhanced Services
To be included in Asia/Pacific ATN Security Guidance Document
AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal AviationAdministrationFederal AviationAdministration
4
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
Security Policy
• The Asia/Pacific region has developed an ATN System Security Policy
• The Policy was previously called the “System Integrity Policy” and was somewhat broader in scope.
– It was agreed at the September Security Sub-Group meeting that the requirements for Interoperability be removed from this document and it was re-named the System Security Policy.
• The policy requires that ATN systems be verified to have appropriate security controls.
• The policy requires that ATN systems be formally approved for operation a Designated Approval Authority for each state/organization.
4AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal AviationAdministrationFederal AviationAdministration
5
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
Security Policy
5
• Security Policy Outline:– Purpose. – Applicability. – Authority. – Implementation and Enforcement. – System Integrity Requirements. – System Integrity Services
• Confidentiality • Data Integrity • Authenticity. • Availability. • Accountability. • Interoperability.
– System Integrity Policy Statements • Functional Policy Statements
– Verification and Authorization
AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal AviationAdministrationFederal AviationAdministration
6
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
Security Checklist
• A checklist serves to see that controls are in place
• It is generally the basis on which the Approving Authority grants approval
• At the April 2008 meeting of the Security Subgroup it was agreed that the controls would be derived from the following document:
– NIST SP 800-53, Recommended Security Controls for Federal Information Systems, December 2006
– The SP 800-53 controls were reviewed by the Security Subgroup and the Subgroup identified which of the Technical, Operational, and Management controls applied to an ATN system.
• At the September meeting of the Security Subgroup the controls were converted to a Checklist format.
6AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal AviationAdministrationFederal AviationAdministration
7
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
Security Guidance Document
• The Security Sub-Group is developing a region should develop a Security Guidance Document which provides guidance on the implementation of management, technical, and operational controls.
• Management controls
• focus on management of system and associated risks
• Security reviews, security risk assessments
• Technical controls
• address specific types of threats
• may be sub-typed as: preventative technical controls, recovery technical
controls, and support technical controls
• Operational controls
• focus on operational procedures, personnel security measures, and physical
security measures
• This document was previously called the “Security Implementation Plan”
7AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal AviationAdministrationFederal AviationAdministration
8
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
Security Guidance DocumentAMHS Technical Controls
8
• Network Security Provisions
• From User Terminal to Message Server or Between Message
Servers (Routers)
• End-to-End Security Provisions
• Defined in ICAO Doc 9705 Edition 3 using the ATN Digital
Signature Scheme
• May not be implemented if region does not move to ATN air-
ground security provisions
AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal AviationAdministrationFederal AviationAdministration
9
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
Security Guidance DocumentAMHS Technical Controls
9
User Terminals
ATNRouter
ATNRouter
ATNRouter
X.25
X.25
X.25
System and Communications Protection (SC)- Dedicated Point-to-Point X.25 Connections- IDRP Security
ATNInternet
ATSMessage
Server
LocalAccess Network
LocalAccess Network
User Terminals
IDRPIDRP
IDRP
System and Communications Protection (SC)- Local Network Dependent - IPsec, TLS - SSH - PPTP, L2TP, L2F
Audit and Accountability (AU)- X.25 Logs- CLNP Logs- IDRP Logs
ATSMessage
Server
AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal AviationAdministrationFederal AviationAdministration
10
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
Security Guidance DocumentAMHS Technical Controls
10
User Terminal(w ATS Message
User Agent)
Internetwork
AMHSMessage Transfer System
ATSMessage
Server
System and Communications Protection (SC)- AMHS Security applied from ATS Message User Agent to ATS Message User Agent
ATSMessage
Server
AMHS Security
User Terminal(w ATS Message
User Agent)
AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal AviationAdministrationFederal AviationAdministration
11
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
Security Guidance DocumentAMHS Technical Controls
11
Network SecuritySecure Communications from User Agents to MTA Server
• Technique depends on connectivity
• Internet Protocol Security (IPsec)
• Transport Layer Security (TLS) (formerly Secure Sockets
Layer (SSL))
• Layer 2 Protocols (Point-to-Point Tunneling Protocol (PPTP),
Layer 2 Tunneling Protocol (L2TP), Layer 2 Forwarding
(L2F)
• Secure Shell (SSH)
AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal AviationAdministrationFederal AviationAdministration
12
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
Security Guidance DocumentAMHS Technical Controls
12
Network SecuritySecure Communications between Routers which support MTA Servers
• Communications Security
• IDRP Security
• Initially pre-shared keys
• Longer term - PKI
• Audit Logs• TCP, IP, BGP Logs
AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal AviationAdministrationFederal AviationAdministration
13
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
Security Guidance DocumentTechnical Control Summary
• Technical controls may initially consist of securing IDRP router connections– Initially using pre-shared keys– Migrate to limited use of certificates
• For TCP/IP MTA-to-MTA connections either TLS or IPsec may be used.
• For User Terminal to MTA connections layer 2 provisions may also be used
• As the AMHS evolves to enhanced services, including directory services, AMHS application security may be employed
• Firewalls and other security appliances should be introduced as needed.
13AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal AviationAdministrationFederal AviationAdministration
14
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
Contingency Plan
• The Security Sub-group has been tasked to develop a “Contingency and Disaster Recovery Plan.
• This plan identifies the coordination activities, processes, and procedures to be followed in the event that an AMHS
system is unavailable.
14AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal AviationAdministrationFederal AviationAdministration
15
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
Contingency Plan
• NIST SP800-34, Contingency Planning Guide for Information Technology Systems, June 2002
“IT contingency planning refers to a coordinated strategy involving plans,
procedures, and technical measures that enable the recovery of IT systems, operations, and data after a disruption. Contingency planning generally includes one or more of the approaches to restore disrupted IT services:
• Restoring IT operations at an alternate location
• Recovering IT operations using alternate equipment
• Performing some or al of the affected business processes using non-IT
(manual) means”
15AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal AviationAdministrationFederal AviationAdministration
16
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
Incident Response Plan
• The Security Sub-group has been tasked to develop an Incident Response Plan
• The incident response plan would specify common procedures for identifying, reporting, and responding to computing incidents.
16AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal AviationAdministrationFederal AviationAdministration
17
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
Incident Response Plan• NIST SP 800-61, Computer Security Incident Handling Guide,
January 2004, specifies that an incident response capability should include the following actions:
• Creating an incident response policy
• Developing procedures for performing incident handling and reporting, based on the incident response policy
• Setting guidelines for communicating with outside parties regarding incidents
• Selecting a team structure and staffing model
• Establishing relationships between the incident response team and other groups, both internatl and external
• Determining what services the incident response team should provide
• Staffing and training the incident response team
17AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal AviationAdministrationFederal AviationAdministration
18
Our Vision: Service and Safety
Challenges of a Growing Aviation SystemApril 12, 2005
Federal AviationAdministration
18
QuestionsQuestions
AMHS Security: Security Sub-Group Activities
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
