How to face cyber threats

“Contingency & resilience”

Philippe JASSELIN

GANIS/2 and SANIS/1

Montreal, 11-15 December 2017

www.thalesgroup.com
 Aviation becomes more exposed

▌ Fortunately to date no serious disruption

part or disclosed to a third party without the prior written consent of Thales - © Thales 2015 All rights reserved.
This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in

o Safety nets o Contingency planning

o Human-in-the-loop o Limited connectivity
▌ Cyber-attack surface continue to grow
More automation More
Increasing connectivity & access points - SWIM preparedness
Unprotected data communication standards required
COTS components with public exploits

▌ Cyber Threat is increasing

Public hacking tools
Multiplication of attacks
Highly sophisticated attacks against
Critical Infrastructures

2 GANIS/2 and SANIS/1 - Montreal – 11-15 December 2017

 What we learned from many non-aviation sectors
▌ Despite growing investment in Cyber-Security measures
part or disclosed to a third party without the prior written consent of Thales - © Thales 2015 All rights reserved.
This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in

Cyber-attackers continue to cause severe disruptions

Many victims had cyber-protection in place
No detection before the worst happens, surprise effect as amplifying factor
High effort in gaining confidence that same attack will not replicate

Protect 2000s Respond 2020s

1990s Detect 2010s

Resilience
Be able to maintain core
operations & services under
cyber-attack and after
security breach

Protection is required but not enough and it is time to be more resilient

3 GANIS/2 and SANIS/1 - Montreal – 11-15 December 2017

 Extending Contingency Planning to Cyber-Resilience in ATM

▌ Providing ATM critical services under

part or disclosed to a third party without the prior written consent of Thales - © Thales 2015 All rights reserved.
This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in

Contingency Planning
cyber-attack and after security breach Airspace Users
Policy
▌ Contingency Planning
Airport
ANSP
CONOPS Normal Consultation
Safety incident management Plan
Operation
including State
Fallback
Graceful degradation after loss and Military

disruption of services Contingency

Recovery Degraded
to Normal Process mode of
Operation Operation

▌ Cyber-Security incident management

Service
New capability in cyber-event detection, Continuity
Actions
analysis and management
Trusted platform for incident handling and
consultation / sharing across ATM Cyber-incident Management
stakeholders

4 GANIS/2 and SANIS/1 - Montreal – 11-15 December 2017

 Thales Solutions from Cyber-Safe Protection to Resilience in ATM
part or disclosed to a third party without the prior written consent of Thales - © Thales 2015 All rights reserved.

Secure architecture Cyber-Sensors Cyber- Cyber-Security Operation Center (CSOC)

This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in

& components & ATM Cyber-agents Supervisor & Services

Cyber-Incidents aggregation &

investigation for response

Aviation ISAC, CERTs, ..

Cyber-Events filtering &
TopSky-ATC qualification

TopSky-Tower

ECOsystem

Secure Vulnerability Management

Training communication Rapid Response Team

5 GANIS/2 and SANIS/1 - Montreal – 11-15 December 2017

 Extending Cyber-Resilience to Aviation
part or disclosed to a third party without the prior written consent of Thales - © Thales 2015 All rights reserved.

IDENTIFY &
This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in

SPACE PROTECT AIRCRAFT

Risks assessments
secure architectures & components
Trustiness in external systems
AIRPORT Trusted supply chain AOCC
Maintain security over lifecycle

ATC CNS
Cyber-Resilience
DETECT RESPOND &
RECOVER
Collection of cyber-events Incidents aggregation
Search of malicious activities Response analysis
inside collected elements Incident tickets management
Sectorial Threat Intelligence

Need for harmonized approach

Policy - CONOPS - Governance - Interoperability
6 GANIS/2 and SANIS/1 - Montreal – 11-15 December 2017
 On-going strong initiatives supported by Industry in Aviation
▌ Need for amplification of Trust and Cyber-Resilience building
part or disclosed to a third party without the prior written consent of Thales - © Thales 2015 All rights reserved.
This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in

initiatives (DETECT – RESPOND – RECOVER)

Policy framework including cyber-incident and vulnerability sharing:
Aviation ISAC, ECCSA, ATM CERT, Aviation Supplier CERT, ..
Contingency & Crisis management CONOPS: Local, Regional, Global
Governance and roles of Cyber-Security Authorities working with CAAs
Interoperability need
▌ Need for reinforcement of baseline (IDENTIFY – PROTECT)
Cyber-Security of data exchanges through standard evolutions
Recommendations for In-depth and by-design Cyber-Security for
critical systems and SWIM - Minimum protection in particular for
legacy systems
Cyber-Security Management System for all aviation stakeholders
Harmonized Safety/Cyber-Security framework

7 GANIS/2 and SANIS/1 - Montreal – 11-15 December 2017

 THANK YOU!
Philippe Jasselin
philippe.jasselin@thalesgroup.com

GANIS/2 and SANIS/1

Montreal, 11-15 December 2017

www.thalesgroup.com