photos: corel, photodisk; photodisk; photodisk; comstock; dot airborne network security simulator...
TRANSCRIPT
Photos: C
orel, Photodisk; P
hotodisk; Photodisk; C
omstock; D
OT
Airborne Network Security Simulator(ANSS) Master Plan Overview
Presented by: Chris Riley (DOT/Volpe)November 3, 2010
1
Agenda
• ANSS Experiment 1
• ANSS Experiment 2
• ANSS Master Plan
2
Airborne Network Security Simulator (ANSS) Goals
• Identify potential information security threats in synthetic environment by simulating next generation aircraft communications systems
• Share knowledge, tools and methodologies with academia and other interested stakeholders to extend research value
• Act as coordinating authority for cyber security risk mitigation within the international aerospace & aviation community
• Recommend appropriate technical & procedural standards for security risks to aid in the development of regulatory guidelines and policies
• Influence industry bodies on cyber security best practices with respect to specifications, procedures, and recommendations used by the industry
3
Master Plan Overview – Phase 1
• Inside Aircraft Network– Simulates a standard airborne network architecture
including real and synthetic components– Interconnects with disparate aviation simulators to
include real-world information in its experiments– Engages industry, academia and government in its
experiments and recommendations– Design experiments to explore stakeholder identified
issues and concerns
4
Demonstration Scenario; Airline AOC to AircraftIEEE HLA /RTI
ViaInternet
IEEE HLA /RTIVia
Internet
ANSS at WSU
ANSS Operational
Enclave
Gatelink
OPSController
Firewall
Aircraft Network
Control Domain
Information Domain
Passenger Domain
TWLU EFB
Load & Balance
Data
PerformanceCalculation
PerformanceCalculation
5
LaTech Ops-Center Simulator
Experiment 1 Scenario
Final Pre-Flight Data
Man-in-the-Middle device captures data and sends it to
the Internet
Man-in-the-Middle device captures data and sends it to
the Internet Modified Pre-Flight Data
Hacker
6
ANSS Experiment 2
7
ANSS Phase 1 Experiment 2• Working with several aviation vendors to add Experiment 2 Functionality
– Aircraft Control Domain (ACD) – Pratt & Whitney (P&W)• FAST (Flight-data Acquisition, Storage and Transmission ) -- Engine Wireless
Maintenance Toolset
– ACD – General Electric (GE) Intelligent Platforms• AFDX (Avionics Full Duplex Network, Switched Ethernet) simulated configuration
– In Flight Entertainment (IFE) – Panasonic Inc.• Simulated 3 seat suite of Wi-Fi equipment
• Developing operational scenarios/uses cases, e.g.– Intrusion Detection, Wireless data transfer, Engine Data/Gatelink interfaces
• UK Partners to provide Penetration Testing support
8
9
Aircraft Data Network (ADN) ANSS Phase 1 – Experiment 2
Aircraft control Airline Information
Services
Passenger Information
and Entertainment
Services
Passenger-Owned Devices
Flight and Embedded
Control Systems
Cabin Core
Admin
Passenger Support
Control the Airplane
Operate the Airline
Entertain the Passengers
Entertain the Passengers
Closed Private Public
Source –ARINC 664, Aircraft Data Network, Part 5, Network Domain Characteristics and Interconnection
FAST (P&W) IFE(Panasonic)AFDX (GE)
EFB/Gatelink
ANSS Master Plan
10
Master Plan Overview – Phase 2
• External Interconnections– Include a SOA interface based on current Nextgen Standards– Build synthetic capabilities to evaluate cyber issues when the
aircraft is both a SOA provider and consumer– Participate in FAA/DOD experiments to understand the
commercial impact of cyber security in this environment– Identify issues and restrictions of global trust in the AN
environment– Identity issues associated with centralized auditing, intrusion
detection/prevention and a global view of the operation’s theater.
11
ANSS Phase 2NEXTGEN Simulations
12Tr
ajec
tory
/cle
aran
ce c
hang
es
Ackno
wledg
men
ts
TDLS
NNEW
ERAM
Characteristics• Situational awareness - advisory• Commercial spectrum• Limited or No source Authentication• Low or no design assurance• User specified QoS
– RMA– Delivery (e.g. best effort)– Latency
• International usage based on reach of service provider
• User designed/directed controls and displays• User specified FMS integration
Weather
Airspace status
NOTAMS
Characteristics• Command and Control – safety critical• Protected spectrum• Source Authentication• High safety assurance levels• QoS dictated by safety case
– High reliability, maintainability & availability
– Guaranteed delivery– Low latency
• Harmonization based on International agreements
• Standardized controls and displays• FMS integration
TDLS
ERAM
Deviation requests
Acknow
ledgments
TFM
TFM
Master Plan Overview – Phase 3
• Virtual World Training, Modeling and Simulation
– Skill development plays a critical role in the cyber protection. Special skills will be needed to address the mobility, public safety and critical infrastructure components of this environment.
– Gaming technology is successfully used to build virtual worlds and train the workforce through realistic scenarios. Scenario based training also allows researcher to observe student attack strategies in anticipation of the next level of attack. Learning attack approaches and exploits in a controlled environment feeds the development of predictive and adaptive defense strategies
– Leveraging all of these assets, ANSS would develop a gaming environment where security teams from government, academia and industry will compete in “capture the flag” type scenarios. First line defenders, modes, methods and approaches captured in the experiments would prove invaluable to researchers in proactively protecting the AN environment
13
ANSS Phased Approach
14
2010 2011 2012
J F M A M J J A S O N D J F M A M J J A S O N D J F M A M J J A S O N D
External Interconnections
Experiment 1 – EFB/Gatelink (June 2010)
Experiment 2 – Databuses, WirelessMaintenance, and In Flight Entertainment (Spring 2011)
NextGen Simulations
Experiment 1 - TBD
Experiment 2 - TBD
Experiment 1 - TBD
Experiment 2 - TBD
Virtual World Training, Modeling and Simulation
15
Astronautics Corporation of America
Contributing Organizations to the ANSS Demonstration/Technical Workshop
• Kevin Harnett, Volpe Center Cyber Security Program Manger– Email: [email protected]– Email: Phone: 617-699-7086
• Chris Riley, Volpe Center Cyber Security Researcher– Email: [email protected]– Email: Phone: 508-672-6032
Contact Information
16