Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Ruben Flohr ATM Expert, SESAR JU
Security in SESAR 2020
GAMMA final event
15 November 2017
Pieces of the puzzle
EC NIS directive, …
EASA Launch of ECSP, ECCSA, …
CERT-EU EU Computer Emergency Response Team
SESAR Framework study, security by design, airport security study, …
GAMMA Global ATM security management, security solutions
ICAO E.g. Study Group on Cybersecurity
EUROCAE WG-72
RTCA SC-216
CANSO Cyber-Security Assessment Guide
ENISA Support establishment and advancement of national CSIRTs
IFALPA Initial security survey
IFATSEA Technical Supervision with Cybersecurity capability
NEASCOG Security policy
ICB Position Paper on Cyber-Security
…
Security in SESAR 2020 2
SESAR Strategy and Management Framework Study for Information Cyber-Security September 2015
Operate
and
Maintain
Build
Design
Basis
Aviation Cyber-Security Policy,
Regulation & Enforcement
EU Framework Transverse
Activities
Operational
Stakeholders
and Supply
Chains
National
Framework
International Cooperation
Collaborative R&D
Standardisation
Common EATMS Cyber-Security
Services
Law Enforcement
Policy, Regulation & Enforcement
Defence / Military Cooperation
Cyber-Security Risk Assessment
National Cyber-Security Services
and Functions
Leadership and Governance
Cyber-Security Risk Management
Compliance and Assurance
Security Architecture
Security Requirements
Security Engineering
Security in Acquisition
Operational Planning
Situation Awareness
Protection & Detection
Incident Response and Recovery
Awareness and Training
EATMS Cyber-Security Risk
Assessment & Management
EATMS Contingency Measures
Accreditation
Local
Pan-European
Regulation,
policy and
state functions
Operational
functions and
support
Engagement and Dialogue
Security in SESAR 2020
European Cyber Security Platform (ECSP)
08/11/2016 Bucharest High Level Security Meeting
07/07/2017 Formal Kick-off, led by EASA
About 30 representatives of aviation industry associations, EU level institutions, EASA Member States and observers of ICAO, FAA and AIA have been invited for the Executive Committee of the ESCP.
4 Security in SESAR 2020
SESAR vision
Security in SESAR 2020 5
SESAR life cycle
To define, develop and deploy the technology that is needed to increase ATM performance and build Europe’s intelligent air transport system
Security in SESAR 2020 6
The securability of SESAR solutions
7
V0 V1 V2 V3 V4 V5
ATM needs Scope Feasibility Pre-industrial
development & integration
Industrialization Deployment
V6
Operations
V7
Decommissioning
New challenges Multi-stakeholder system of systems Public networks Increased use of COTS and standard
protocols
Security in SESAR 2020
The securability of SESAR solutions
8
V0 V1 V2 V3 V4 V5
ATM needs Scope Feasibility Pre-industrial
development & integration
Industrialization Deployment
V6
Operations
V7
Decommissioning
Cyber resilient architecture High level requirements for industrialization,
deployment and operations
Aspects of cyber-resilience
Foresight - prediction, anticipation
Robustness - ability to keep operating
Resourcefulness - control damage, mitigate it
Redundancy - substitutable
Rapid recovery
Adaptability - to changing environments
Security in SESAR 2020
SESAR’s Security Risk Assessment
9 Security in SESAR 2020
SESAR’s Security Risk Assessment
10
Challenges Bridge between security risk management and the
system of systems architecture (EATMA) Strengthen cyber-resilience by linking with operational
contingency Assessing different architectural options from a
security perspective
Alternate paths for critical processes Graceful degradation of critical systems Functional redundancy through different technologies Modular system architecture Clear separation between system functions Simple systems architecture Limited exceptions and adjustments
Security in SESAR 2020
Conclusions
The SESAR cybersecurity strategy and framework study provides a European framework, enabling the application of an Aviation Security Maturity Model to define the roadmap towards fully secured aviation
The SESAR programme develops, validates and delivers securable solutions, by applying the SESAR security risk assessment methodology
Research is ongoing within SESAR to strengthen the translation of operational cyber resilience requirements into tangible security controls
There is a need for a European trust framework to share security material on a need to know basis
11 Security in SESAR 2020
Thank you very much for your attention!
Security in SESAR 2020