Ruben Flohr ATM Expert, SESAR JU

Security in SESAR 2020

GAMMA final event

15 November 2017

Pieces of the puzzle

EC NIS directive, …

EASA Launch of ECSP, ECCSA, …

CERT-EU EU Computer Emergency Response Team

SESAR Framework study, security by design, airport security study, …

GAMMA Global ATM security management, security solutions

ICAO E.g. Study Group on Cybersecurity

EUROCAE WG-72

RTCA SC-216

CANSO Cyber-Security Assessment Guide

ENISA Support establishment and advancement of national CSIRTs

IFALPA Initial security survey

IFATSEA Technical Supervision with Cybersecurity capability

NEASCOG Security policy

ICB Position Paper on Cyber-Security

…

Security in SESAR 2020 2

SESAR Strategy and Management Framework Study for Information Cyber-Security September 2015

Operate

and

Maintain

Build

Design

Basis

Aviation Cyber-Security Policy,

Regulation & Enforcement

EU Framework Transverse

Activities

Operational

Stakeholders

and Supply

Chains

National

Framework

International Cooperation

Collaborative R&D

Standardisation

Common EATMS Cyber-Security

Services

Law Enforcement

Policy, Regulation & Enforcement

Defence / Military Cooperation

Cyber-Security Risk Assessment

National Cyber-Security Services

and Functions

Leadership and Governance

Cyber-Security Risk Management

Compliance and Assurance

Security Architecture

Security Requirements

Security Engineering

Security in Acquisition

Operational Planning

Situation Awareness

Protection & Detection

Incident Response and Recovery

Awareness and Training

EATMS Cyber-Security Risk

Assessment & Management

EATMS Contingency Measures

Accreditation

Local

Pan-European

Regulation,

policy and

state functions

Operational

functions and

support

Engagement and Dialogue

Security in SESAR 2020

European Cyber Security Platform (ECSP)

08/11/2016 Bucharest High Level Security Meeting

07/07/2017 Formal Kick-off, led by EASA

About 30 representatives of aviation industry associations, EU level institutions, EASA Member States and observers of ICAO, FAA and AIA have been invited for the Executive Committee of the ESCP.

4 Security in SESAR 2020

SESAR vision

Security in SESAR 2020 5

SESAR life cycle

To define, develop and deploy the technology that is needed to increase ATM performance and build Europe’s intelligent air transport system

Security in SESAR 2020 6

The securability of SESAR solutions

7

V0 V1 V2 V3 V4 V5

ATM needs Scope Feasibility Pre-industrial

development & integration

Industrialization Deployment

V6

Operations

V7

Decommissioning

New challenges Multi-stakeholder system of systems Public networks Increased use of COTS and standard

protocols

Security in SESAR 2020

The securability of SESAR solutions

8

V0 V1 V2 V3 V4 V5

ATM needs Scope Feasibility Pre-industrial

development & integration

Industrialization Deployment

V6

Operations

V7

Decommissioning

Cyber resilient architecture High level requirements for industrialization,

deployment and operations

Aspects of cyber-resilience

Foresight - prediction, anticipation

Robustness - ability to keep operating

Resourcefulness - control damage, mitigate it

Redundancy - substitutable

Rapid recovery

Adaptability - to changing environments

Security in SESAR 2020

SESAR’s Security Risk Assessment

9 Security in SESAR 2020

SESAR’s Security Risk Assessment

10

Challenges Bridge between security risk management and the

system of systems architecture (EATMA) Strengthen cyber-resilience by linking with operational

contingency Assessing different architectural options from a

security perspective

Alternate paths for critical processes Graceful degradation of critical systems Functional redundancy through different technologies Modular system architecture Clear separation between system functions Simple systems architecture Limited exceptions and adjustments

Security in SESAR 2020

Conclusions

The SESAR cybersecurity strategy and framework study provides a European framework, enabling the application of an Aviation Security Maturity Model to define the roadmap towards fully secured aviation

The SESAR programme develops, validates and delivers securable solutions, by applying the SESAR security risk assessment methodology

Research is ongoing within SESAR to strengthen the translation of operational cyber resilience requirements into tangible security controls

There is a need for a European trust framework to share security material on a need to know basis

11 Security in SESAR 2020

Thank you very much for your attention!

Security in SESAR 2020