Security in SESAR 2020 Ruben Flohr ATM Expert, SESAR JU GAMMA final event 15 November 2017
Pieces of the puzzle EC NIS directive, … EASA L aunch of ECSP, ECCSA, … CERT-EU EU Computer Emergency Response Team SESAR Framework study, security by design, airport security study, … GAMMA Global ATM security management, security solutions ICAO E.g. Study Group on Cybersecurity EUROCAE WG-72 RTCA SC-216 CANSO Cyber-Security Assessment Guide ENISA Support establishment and advancement of national CSIRTs IFALPA Initial security survey IFATSEA Technical Supervision with Cybersecurity capability NEASCOG Security policy ICB Position Paper on Cyber-Security … Security in SESAR 2020 2
SESAR Strategy and Management Framework Study for Information Cyber-Security September 2015 Aviation Cyber-Security Policy, Standardisation Regulation & Enforcement Collaborative R&D EATMS Cyber-Security Risk Assessment & Management Common EATMS Cyber-Security Services Accreditation EATMS Contingency Measures International Cooperation Transverse EU Framework Engagement and Dialogue Activities Pan-European Local Leadership and Governance Operational Basis Cyber-Security Risk Management Compliance and Assurance National Stakeholders Policy, Regulation & Enforcement Framework and Supply Security Architecture Design Cyber-Security Risk Assessment Security Requirements Chains National Cyber-Security Services Security Engineering and Functions Security in Acquisition Build Operational Planning Law Enforcement Situation Awareness Regulation, Operational Operate Defence / Military Cooperation Protection & Detection and policy and functions and Incident Response and Recovery Maintain state functions support Awareness and Training Security in SESAR 2020
European Cyber Security Platform (ECSP) 08/11/2016 Bucharest High Level Security Meeting 07/07/2017 Formal Kick-off, led by EASA About 30 representatives of aviation industry associations, EU level institutions, EASA Member States and observers of ICAO, FAA and AIA have been invited for the Executive Committee of the ESCP. Security in SESAR 2020 4
SESAR vision Security in SESAR 2020 5
SESAR life cycle To define, develop and deploy the technology that is needed to increase ATM performance and build Europe’s intelligent air transport system Security in SESAR 2020 6
The securability of SESAR solutions Pre-industrial development & ATM needs Scope Feasibility Industrialization Deployment Operations Decommissioning integration V0 V1 V2 V3 V4 V5 V6 V7 New challenges Multi-stakeholder system of systems Public networks Increased use of COTS and standard protocols Security in SESAR 2020 7
The securability of SESAR solutions Pre-industrial development & ATM needs Scope Feasibility Industrialization Deployment Operations Decommissioning integration V0 V1 V2 V3 V4 V5 V6 V7 High level requirements for industrialization, Cyber resilient architecture deployment and operations Aspects of cyber-resilience Foresight - prediction, anticipation Robustness - ability to keep operating Resourcefulness - control damage, mitigate it Redundancy - substitutable Rapid recovery Adaptability - to changing environments Security in SESAR 2020 8
SESAR’s Security Risk Assessment Security in SESAR 2020 9
SESAR’s Security Risk Assessment Challenges Bridge between security risk management and the system of systems architecture (EATMA) Strengthen cyber-resilience by linking with operational contingency Assessing different architectural options from a security perspective Alternate paths for critical processes Graceful degradation of critical systems Functional redundancy through different technologies Modular system architecture Clear separation between system functions Simple systems architecture Limited exceptions and adjustments Security in SESAR 2020 10
Conclusions The SESAR cybersecurity strategy and framework study provides a European framework, enabling the application of an Aviation Security Maturity Model to define the roadmap towards fully secured aviation The SESAR programme develops, validates and delivers securable solutions, by applying the SESAR security risk assessment methodology Research is ongoing within SESAR to strengthen the translation of operational cyber resilience requirements into tangible security controls There is a need for a European trust framework to share security material on a need to know basis Security in SESAR 2020 11
Security in SESAR 2020 Thank you very much for your attention!
Recommend
More recommend