Unmanned Aircraft Systems Communications Security
Download
1 / 16

michael neale rtca sc203 control and communications chair - PowerPoint PPT Presentation


  • 393 Views
  • Updated On :

Unmanned Aircraft Systems Communications Security. Michael Neale – RTCA SC203 Control and Communications Chair. Overview. RTCA and Special Committee 203 Unmanned Aircraft Communications Security Requirements Risk Assessment Process Current Status of SC 203 Security assessment.

Related searches for michael neale rtca sc203 control and communications chair

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'michael neale rtca sc203 control and communications chair' - salena


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

Unmanned Aircraft Systems Communications Security

Michael Neale – RTCA SC203 Control and Communications Chair


Overview l.jpg
Overview

RTCA and Special Committee 203

Unmanned Aircraft Communications

Security Requirements

Risk Assessment Process

Current Status of SC 203 Security assessment


Who are rtca and what is special committee 203 l.jpg
Who are RTCA and What is Special Committee 203?

RTCA

RTCA functions as a Federal Advisory Committee. Its consensus-based recommendations are used by the Federal Aviation Administration (FAA) as the basis for policy, program, and regulatory decisions and by the private sector as the basis for development, investment and other business decisions.

Special Committee 203

Tasked with developing recommended standards for Unmanned Aircraft Systems (UAS), Sense and Avoid and Control and Communications.


The uas market l.jpg
The UAS Market

UAS quantity estimates for the US National Airspace

Substantial quantities of UA will be in operation by 2025/2030

Government market growth levels out in 2020

Commercial market growth is low until certification regulations are in place


Line of sight operational view l.jpg
Line Of Sight Operational View

OPTIONAL RELAY UA

MISSION UA

LOS DATALINK TERMINAL

MANNED AIRCRAFT

DIRECT DISSEMINATION AND PAYLOAD CONTROL

CONTROL STATION & PILOT

DIRECT DISSEMINATION


Beyond line of sight operational view l.jpg
Beyond Line Of Sight Operational View

SATELLITE

MISSION UA

DISTANT USERS

MANNED AIRCRAFT

DIRECT DISSEMINATION AND PAYLOAD CONTROL

SECURE NETWORK

DISTANT CONTROL STATION & PILOT

TAKE OFF AND LANDING CS & PILOT

COMMAND CENTER

DIRECT DISSEMINATION


Slide7 l.jpg

Navigation

Other Airspace Users

Party Line (Voice)

GPS VOR

DME ILS

UAS Internal and External Information Exchange

ATC

ACL

ACM

AMC

ATSA-ITP

COTRAC

D-ATIS

DCL

D-FLUPDLIC

D-OTIS

D-RVR

D-TAXI

FLIPNT

NOTAM

VOLMET

4DTRAD

Clearances

Status

Flight Plan Requests

ATC Ground Surveillance

Transponder

ADS-B

ADS-R

TIS-B

COMMUNICATIONS

(VOICE AND DATA)

FIS-B

ADS-C

UAS

Telecommands

UA

PILOT

CONTROL

Telemetry

AIS

Dispatches

Flight Planning

TCAS

ADS-B

Weather

Sense and Avoid

Cooperative and

Non Cooperative

Objects

Owner Operator

or

Mission Controller


Communications security requirements l.jpg
Communications Security Requirements

Eavesdropping and

Confidentiality

Exploitation

Jamming and

Availability

Denial of Service

Spoofing and

Non-Repudiation

Integrity

Required Communications Security Performance

Security Threat


Currently used security controls l.jpg
Currently used Security Controls

Intercept and Detection

Reduce power spectral density on any particular frequency

Reduce power spectral density in any non-required direction

Exploitation

Encryption - NSA Type 1, Triple DES, AES, HAIPE

Physical Security

Guarding Control Station and Unmanned Aircraft


Uas control link security l.jpg
UAS Control Link Security

What level of communications security will be required?

FAA currently does not have clear UAS security policy so cannot provide guidance on required levels of risk

No national or international agreement on likelihoods of exploitation of UAS Control Link vulnerabilities

Some encryption methods may not be viable

Shared key systems may be impractical to use in commercial applications due to key management logistics


Security law and regulations l.jpg
Security Law and Regulations

USA

EUROPE

  • Federal Information Security Management Act (FISMA)

  • Federal Information Processing Standards (FIPS)

    • Publication 199 - standards for security

    • Categorization of federal information and information systems

  • National Institute of Standards and Technology Special Publication series SP-800

  • FAA Order 1370.82

  • UAS have not yet been considered as a core element of current aviation security development work

  • Safeguarding International Civil Aviation Against Acts of Unlawful Interference (SARP)

    • ICAO Annex 17 to the Convention on International Civil Aviation on Security

  • Security Assessment Methodology in NATO/ Eurocontrol ATM Security Coordination Group (NEASCOG)


Fisma security assessment process l.jpg
FISMA Security Assessment Process

Determine security category for the UAS system

Impact on confidentiality, integrity and availability

High, moderate or low

Determine the accreditation boundary

Select security controls

Perform risk assessment

Identify threats, vulnerabilities, likelihoods, impacts

Determine risk and recommend security controls

Develop security plan

Implement security controls

Assess security controls

Authorize system operation

Monitor ongoing performance


Risk assessment l.jpg
Risk Assessment

Can a Threat exploit a Vulnerability?

Given enough time and money vulnerabilites can be exploited

Can the security control be strong enough to deter the threat from exploiting the vulnerability

Risk is a combination of Likelihood and Impact

Likelihood of a threat exercising a vulnerability

Frequent, Probable, Remote, Extrememly Remote, Extremely Improbable.

Impact if vulnerability is exploited

High-Catastrophic, High-Severe, Medium, Low, None


Risk assessment14 l.jpg
Risk Assessment

Must protect against any vulnerability where impact is high even if likelihood is extremely improbable

NAS safety levels are very high

Focussed malevolent activity

Must protect against vulnerabilites where likelihood is frequent even if impact is low

Nuisance hacker


Uas security considerations l.jpg
UAS Security Considerations

Assess threats from operational scenarios

Define levels of risk required to maintain National Airspace safety based on threat likelihood and impact effect on confidentiality, availability and integrity

Evaluate Mitigations

Crypto security strength

Key distribution

Impact on bandwidth requirements

Infrastructure, logistics and cost

Security

Gain concensus on international security levels

Agree on likelihoods and impacts


Support your standards development organization l.jpg
Support Your Standards Development Organization

This presentaion is based on the work of a number of people. Further detail can be found in the following RTCA SC-203 documents;

RTCA SC-203 WG2 002 - UAS Control and Communicaitions Security Considerations

RTCA SC-203 WG2 010 - Approach for Certification and Accreditaiton Analysis for Security of the Control and Communications Link for Unmanned Aircraft Systems.

RTCA SC-203 Control and Communications Working Group

Contact Michael Neale - [email protected]


ad