Security in SESAR 2020 Ruben Flohr ATM Expert, SESAR JU GAMMA - - PowerPoint PPT Presentation

▶

Dec 09, 2023 212 likes •340 views

Security in SESAR 2020 Ruben Flohr ATM Expert, SESAR JU GAMMA final event 15 November 2017 Pieces of the puzzle EC NIS directive, EASA L aunch of ECSP, ECCSA, CERT-EU EU Computer Emergency Response Team SESAR Framework study,

SLIDE 1

Ruben Flohr ATM Expert, SESAR JU

Security in SESAR 2020

GAMMA final event 15 November 2017

SLIDE 2

Pieces of the puzzle

EC NIS directive, … EASA Launch of ECSP, ECCSA, … CERT-EU EU Computer Emergency Response Team SESAR Framework study, security by design, airport security study, … GAMMA Global ATM security management, security solutions ICAO E.g. Study Group on Cybersecurity EUROCAE WG-72 RTCA SC-216 CANSO Cyber-Security Assessment Guide ENISA Support establishment and advancement of national CSIRTs IFALPA Initial security survey IFATSEA Technical Supervision with Cybersecurity capability NEASCOG Security policy ICB Position Paper on Cyber-Security …

Security in SESAR 2020 2

SLIDE 3

SESAR Strategy and Management Framework Study for Information Cyber-Security

September 2015

Operate and Maintain Build Design Basis Aviation Cyber-Security Policy, Regulation & Enforcement

EU Framework Transverse Activities Operational Stakeholders and Supply Chains National Framework

International Cooperation Collaborative R&D Standardisation Common EATMS Cyber-Security Services Law Enforcement Policy, Regulation & Enforcement Defence / Military Cooperation Cyber-Security Risk Assessment National Cyber-Security Services and Functions Leadership and Governance Cyber-Security Risk Management Compliance and Assurance Security Architecture Security Requirements Security Engineering Security in Acquisition Operational Planning Situation Awareness Protection & Detection Incident Response and Recovery Awareness and Training EATMS Cyber-Security Risk Assessment & Management EATMS Contingency Measures Accreditation

Local Pan-European Regulation, policy and state functions Operational functions and support

Engagement and Dialogue

Security in SESAR 2020

SLIDE 4

European Cyber Security Platform (ECSP)

08/11/2016 Bucharest High Level Security Meeting 07/07/2017 Formal Kick-off, led by EASA

About 30 representatives of aviation industry associations, EU level institutions, EASA Member States and observers of ICAO, FAA and AIA have been invited for the Executive Committee of the ESCP.

4 Security in SESAR 2020

SLIDE 5

SESAR vision

Security in SESAR 2020 5

SLIDE 6

SESAR life cycle

To define, develop and deploy the technology that is needed to increase ATM

performance and build Europe’s intelligent air transport system

Security in SESAR 2020 6

SLIDE 7

The securability of SESAR solutions

V0 V1 V2 V3 V4 V5

ATM needs Scope Feasibility Pre-industrial development & integration Industrialization Deployment

Operations

Decommissioning

New challenges
Multi-stakeholder system of systems
Public networks
Increased use of COTS and standard

protocols

Security in SESAR 2020

SLIDE 8

The securability of SESAR solutions

V0 V1 V2 V3 V4 V5

ATM needs Scope Feasibility Pre-industrial development & integration Industrialization Deployment

Operations

Decommissioning Cyber resilient architecture High level requirements for industrialization, deployment and operations

Aspects of cyber-resilience

Foresight - prediction, anticipation Robustness - ability to keep operating Resourcefulness - control damage, mitigate it Redundancy - substitutable Rapid recovery Adaptability - to changing environments

Security in SESAR 2020

SLIDE 9

SESAR’s Security Risk Assessment

9 Security in SESAR 2020

SLIDE 10

SESAR’s Security Risk Assessment

Challenges

Bridge between security risk management and the

system of systems architecture (EATMA)

Strengthen cyber-resilience by linking with operational

contingency

Assessing different architectural options from a

security perspective

Alternate paths for critical processes
Graceful degradation of critical systems
Functional redundancy through different technologies
Modular system architecture
Clear separation between system functions
Simple systems architecture
Limited exceptions and adjustments

Security in SESAR 2020

SLIDE 11

Conclusions

The SESAR cybersecurity strategy and framework study provides a European

framework, enabling the application of an Aviation Security Maturity Model to define the roadmap towards fully secured aviation

The SESAR programme develops, validates and delivers securable solutions,

by applying the SESAR security risk assessment methodology

Research is ongoing within SESAR to strengthen the translation of
perational cyber resilience requirements into tangible security controls
There is a need for a European trust framework to share security material on

a need to know basis

11 Security in SESAR 2020

SLIDE 12

Security in SESAR 2020

Pieces of the puzzle

SESAR Strategy and Management Framework Study for Information Cyber-Security

European Cyber Security Platform (ECSP)

SESAR vision

SESAR life cycle

The securability of SESAR solutions

The securability of SESAR solutions

SESAR’s Security Risk Assessment

SESAR’s Security Risk Assessment

Conclusions

Thank you very much for your attention!

Security in SESAR 2020