Cyber Security on Commercial Airplanes John Craig Chief Engineer Cabin and Network Systems The Boeing Company October 2014 1
Top ten tips Richard A. Clarke 1. Don t be in denial 2. Don t underestimate the problem 3. Don t be hostile to the government 4. Don t make it an issue buried in the bureaucracy, not just a CIO issue 5. Organize ISACs, sponsor R&D work 6. Think holistically 7. Don t attempt to defend the entire network 8. Identify the crown jewels 9. Look at worse case scenarios 10. Have an industry strategy 2
Cyber events of interest 1982 3 kiloton explosion of a Soviet Pipeline stolen software 1983 The Movie War Games released 2010 Microsoft names new virus Stuxnet 2011 General Michael Hayden, World Affairs Council April 2013 Hugo Tesso presents at Hack in the Box Conference and ACARS exploit September 2014 Target/Home Depot hacked 3
The cyber paradigm An advanced, persistent threat The speed of technology is unprecedented Social Networking has a tag line culture where you are judged in a moment Certification of airborne embedded systems becomes a challenge Perception is reality Wired Magazine 2005 Hacking the Friendly Skies Toyota Recall NASA/NHTSA study American Airlines Tweet Impact to Business Target attack $200M (38M insurance), new CEO, CISO, 46% drop in profit 4Q13 Home Depot Unknown Cyber security will force a new paradigm in aviation 4
A security culture A change in paradigm Aircraft Safety Issues Iterative Repetitive Procedural Sequential Safety Culture Emergent Unexpected Newly Formed Non-Sequential Security Culture 5
Top ten tips Richard A. Clarke 1. Don t be in denial 2. Don t underestimate the problem 3. Don t be hostile to the government 4. Don t make it an issue buried in the bureaucracy, not just a CIO issue 5. Organize ISACs, sponsor R&D work 6. Think holistically 7. Don t attempt to defend the entire network 8. Identify the crown jewels 9. Look at worse case scenarios 10. Have an industry strategy 6
What s our reference point? Board Leadership Understanding of threat and risk State of existing plans Plan forward National Infrastructure Protection Plan Protection of Critical Infrastructure / Key Resources Information Sharing & Analysis Centers (ISACs) Operational concept for sharing information within private sector Physical and cybersecurity focus Cyber Security Frameworks National Institute of Standards & Technology American Institute of Aeronautics & Astronautics 7
Newly-formed aviation ISAC Incorporated September 2014 Building membership International Leveraging other ISACs Services available User access credentials Crisis notification Government, partner and member alerts 24 x 7 watch desk Industry best practices Member contact directory Threat conference calls Trusted email Data feeds A-ISAC governance Membership fee based on revenue 8
Top ten tips Richard A. Clarke 1. Don t be in denial 2. Don t underestimate the problem 3. Don t be hostile to the government 4. Don t make it an issue buried in the bureaucracy, not just a CIO issue 5. Organize, ISACs, sponsor R&D work 6. Think holistically 7. Don t attempt to defend the entire network 8. Identify the crown jewels 9. Look at worse case scenarios 10. Have an industry strategy 9
The complexity of the commercial aviation system www Airline, ATM MRO SW Supplier Supplier Elec Parts IC s 10
Airplane technology is evolving Hardware functions transitioning to software hosted features Advanced features added to airplane ~ 28MB Connectivity demands increasing New connectivity entrants to market Connectivity 2010 None Ku L Band Air/Gnd Connectivity 2014 Ku Ka None L Band Air/Gnd < 1MB 777 787 Data Transmitted (MB / Flight) 11
Evolution of airplane data buses Today s Ethernet-based networks have much more complex protocols ARINC 429 simple one-way data bus that required a transmitter and receiver ARINC 629 protocol that enabled simple data transfer over a singletwisted pair Ethernet complex protocols underneath application data/activity 7 Layers of OSI User 1 Transmit User 1 Receive Application Presentation Session Transport Network Data Link Physical Physical Link System Owner Focus Network Protocols 12
Advanced security architectures Encompass both passenger and emerging operational connectivity Airplane Domain Firewalls/Guards VPN to ground Network Authentication Onboard Network/Log Analysis Secure Kernel Ground Airplane VPN termination Threat Management Plan (TMP) Ground Architecture (comply with TMP) Next Generation Firewalls Virtual Firewalls (Segregation of data) Data Encryption Methodology (From TMP) Machine Learning Secure Kernel Antennas Air to ground Satcom (L-band, Ku/Ka) Radio (VHF / HF) Services Boeing Passenger Operational Ground-based Cellular Terminal Wireless Sneakernet Airline Services 3 rd Parties 13
Top ten tips Richard A. Clarke 1. Don t be in denial 2. Don t underestimate the problem 3. Don t be hostile to the government 4. Don t make it an issue buried in the bureaucracy, not just a CIO issue 5. Organize ISACs, sponsor R&D work 6. Think holistically 7. Don t attempt to defend the entire network 8. Identify the crown jewels 9. Look at worse case scenarios 10. Have an industry strategy 14
Priority areas Defense in Depth Active Management Configuration Control Airborne log analysis Ground log analysis Physical interface AC 25-1309 design assistance DO 178B Software partitioning Domain isolation Maintenance alerting for anomalies Ground infrastructure alerting Information assurance Network interfaces Real time software inventory Deliberate change following regulatory change 15
Managing cyber Industry guidance NIST Cyber Security Framework 1.0 Identify 2.0 Protect 3.0 Detect 4.0 Respond 5.0 Recover 1.1 Asset Management 1.2 Business Environment 1.3 Governance 1.4 Risk Assessment 1.5 Risk Mgmt Strategy 2.1 Access 2.2 Awareness and Control 2.3 Training Data Security 2.52.6 Maintenance Protective Technology 3.1 Anomalies and Events 3.3 Detection Processes 4.1 Response 4.2 Communications Planning 4.3 Analysis 4.4 Mitigation 4.5 Improvements 5.1 Recovery Planning 5.3 Communications National Institute of Standards & Technology AIAA Cyber Security Framework Establish Standards Understand the threat Government & Industry Define design principles Communicate Threats security culture R&D Strengthen the defensive system Define operational principles Incident Reponse American Institute of Aeronautics & Astronautics 16
Top ten tips Richard A. Clarke 1. Don t be in denial 2. Don t underestimate the problem 3. Don t be hostile to the government 4. Don t make it an issue buried in the bureaucracy, not just a CIO issue 5. Organize ISACs, sponsor R&D work 6. Think holistically 7. Don t attempt to defend the entire network 8. Identify the crown jewels 9. Look at worse case scenarios 10. Have an industry strategy 17
The path forward Understand your system Network configuration Layered security security features Assess your maturity NIST Standards, AIAA Framework Incident response Have an incident response plan Leverage industry and partners for help Develop a Security Culture Establish trusting relationships Share information leveraging ISAC s, government, and private partnerships Encourage Good Cyber Hygiene Develop and incorporate advanced security features 18
Thank you 19