Overview of AEEC Information Security CONOPS

1. Overview of AEEC Information SecurityCONOPS Vic Patel, FAA/ATO-P WJHTC Security Engineering Simon Blake-Wilson, BCI and FAA April 19, 2004

2. AEEC Information Security Background • AEEC is an association of airlines, organized by ARINC, that develop standards for avionics • AEEC Information Security (SEC) Working Group formed to address increasing interest from airlines • AEEC SEC participation includes airlines, airframers, avionics, IFE vendors, comms service providers • FAA/ATO-P WJHTC Security Engineering Group participating in AEEC SEC • AEEC SEC initial product is an Information Security Concept of Operations (CONOPS)

3. AEEC Info Sec CONOPS • Goals of the Info Sec CONOPS include: • Provide background in info sec for airline departments who have not dealt with it before • Emphasize sound security practice • Assist other AEEC groups thinking about information security • Discuss issues that arise as the aircraft becomes part of the corporate LAN, and there is more connectivity between domains on the aircraft • CONOPS is expected to be approved in mid 2005.

4. CONOPS Information Security Process • The CONOPS emphasizes the importance of following an • overall information security process to secure a system: • Risk-based approach • High-level to allow each step to be performed at an appropriate level of detail • Strangely there are no existing standards for overall approach. • Common Criteria and Federal Information Security Management Act (FISMA) provide pieces but are not coordinated. • FAA’s Security Certification and Authorization Package (SCAP) process includes FISMA requirements

5. Step 1: Identify information security needs and objectives Step 2: Select and implement security controls Security review Step 3: Operate and manage security controls CONOPS Information Security Process (Cont)

6. Step 1.1: Asset identification and security categorization Step 1.2.1: Analyze risks Step 1.2.2: Identify policies 1.2.3: Determine environment and assumptions 1.3: Characterize security objectives Step 1: Security Needs and Objectives

7. Airplane Aircraft Control Airline Info. Services Pass. Info. and Entertain Services (PIES) Pass. Devices Flight and Embedded Control Administrative Pass, Support Cabin Core Control Aircraft Operate Airline Entertain Passenger Airline Airline Approved 3rd Parties ATSP Airport Data Link Services Air/Ground Broadband Services Step 1.1: Asset Identification

8. Step 1.1: Asset Identification Identify information types.

9. Step 1.1: Security Categorization Initial step to estimate how important security is for system.

10. Step 1.2.1: Analyze Risks Identify threats based on high-level framework.

11. Step 1.2.1: Analyze Risks Assess threat likelihood and severity using High/Medium/Low. Severity can be derived in part from hazard analysis.

12. Step 1.2.2: Identify Policies Identify policies that may affect security choices.

13. Step 1.3: Security Objectives Identify drivers for selection of security controls.

14. Step 2: Security Controls Select security controls based on needs and objectives.

15. Aeronautical Issues with Security Controls • The CONOPS touches on many issues specific to the • aeronautical industry: • Airline IT and maintenance have traditionally been separate • Security patches and certification • Lack of IT support on aircraft • Long lifecycles from design to deployment and use • Security and safety • Etc.

16. Summary • The AEEC CONOPS identifies security process for airlines and discusses many aeronautical security issues • Only known standard for overall security process – but can exploit Common Criteria, FISMA, and SCAP • Process potentially applicable throughout the aeronautical industry • FAA WJHTC Information Security Group is using the process within programs such as NEXCOM, Future Comms Study, CPDLC