Aerospace Village - Critical Aerospace Cybersecurity
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Untertitel |
| |
| Serientitel | ||
| Anzahl der Teile | ||
| Autor | ||
| Lizenz | CC-Namensnennung 3.0 Unported: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/49198 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
00:00
HilfesystemGasströmungWeb-SeiteEDV-BeratungOperations ResearchProdukt <Mathematik>Schreib-Lese-KopfInformationCybersexProgrammierparadigmaPhysikalisches SystemEDV-BeratungComputersicherheitCybersexSchreib-Lese-KopfProdukt <Mathematik>Nichtlinearer OperatorOffice-PaketCoxeter-GruppeInformationSoftwareentwicklerEinfach zusammenhängender RaumAnnulatorFokalpunktTafelbild
00:36
DigitalsignalTransformation <Mathematik>CybersexComputersicherheitHackerKette <Mathematik>VerschiebungsoperatorGüte der AnpassungAnnulatorProgrammierparadigmaCybersexPhysikalisches SystemComputersicherheitKette <Mathematik>DatenverwaltungSignalverarbeitungFokalpunktHackerComputeranimation
01:18
Dienst <Informatik>GeradeSignalverarbeitungGamecontrollerSoftwarewartungCybersexComputersicherheitFlächentheorieRechenschieberCoxeter-GruppePhysikalisches System
02:22
Physikalisches SystemProgrammierumgebungKonditionszahlEinfach zusammenhängender RaumSelbst organisierendes SystemComputersicherheitCybersexDreiecksfreier GraphComputerspielHilfesystemSignalverarbeitungZweiAnalytische FortsetzungNichtlinearer OperatorDigitale SignalverarbeitungHacker
03:18
HackerDean-ZahlAnalysisSoftwaretestHackerTypentheorieTermProgrammierumgebungUmwandlungsenthalpieVirtuelle RealitätInternetworkingDienst <Informatik>Service providerPhysikalisches SystemDesign by ContractSoftwareschwachstelleServerGamecontrollerRechenschieberGüte der AnpassungAnnulatorComputersicherheit
05:43
Produkt <Mathematik>Wort <Informatik>PunktProgrammierparadigmaSchlussregelAggregatzustandSoftwaretestComputersicherheitCybersexCASE <Informatik>GeradeSondierungMultiplikationsoperatorTeilbarkeitMereologiePhysikalisches SystemTypentheorieLeistung <Physik>AnnulatorProdukt <Mathematik>Inverser LimesProgrammierumgebungZahlenbereichZusammenhängender GraphComputerarchitekturVektorraumEndliche ModelltheoriePersönliche IdentifikationsnummerUmsetzung <Informatik>QuaderInformationVektorpotenzialSoftwareschwachstelleDatenverwaltungVerschiebungsoperatorAbgeschlossene MengeMAP
09:04
Dienst <Informatik>Ordnung <Mathematik>EvoluteZahlenbereichTermInterface <Schaltung>Physikalisches SystemTouchscreenInformationComputersicherheitMathematikSoftwaretestGüte der AnpassungInternetworkingTrennschärfe <Statistik>FlächeninhaltMereologieAnnulatorNichtlineares GleichungssystemBenutzerfreundlichkeitInhalt <Mathematik>Kartesische KoordinatenSpieltheorieGoogolKonfiguration <Informatik>App <Programm>InformationsspeicherungFastkörperComputeranimation
11:40
Public-domain-SoftwareDatenverwaltungWorkstation <Musikinstrument>RechnernetzInternetworkingPersönliche IdentifikationsnummerAnnulatorRPCProdukt <Mathematik>MultiplikationsoperatorWeb SiteKollaboration <Informatik>BenutzeroberflächeDifferenteProgrammierumgebungEvoluteFlächeninhaltÄhnlichkeitsgeometrieFeuchteleitungProzessfähigkeit <Qualitätsmanagement>VektorraumCASE <Informatik>ForcingEuler-WinkelSichtenkonzeptComputersicherheitCybersexMathematikZahlenbereichPhysikalisches SystemSoftwaretestProgrammierparadigmaGüte der AnpassungVerschiebungsoperatorHackerLaurent-ReiheRechter Winkel
14:00
HackerPhysikalisches SystemPunktwolkeKlassische PhysikSoftwaretestProgrammierungPhasenumwandlungReelle ZahlHackerMultiplikationsoperatorPatch <Software>Physikalische TheorieWeg <Topologie>PrimzahlzwillingeCybersexFlächeninhaltProdukt <Mathematik>Interaktives FernsehenInternetworkingSimulationWellenpaketGüte der AnpassungInformationstechnikDreiecksfreier GraphNichtlinearer OperatorService providerProgrammierparadigmaFramework <Informatik>NebenbedingungIdentifizierbarkeitIntelligentes NetzAnnulatorPortal <Internet>ProgrammfehlerBaum <Mathematik>MereologieAFDXProtokoll <Datenverarbeitungssystem>RelativitätstheorieKlasse <Mathematik>Folge <Mathematik>FunktionalSelbstrepräsentationInstantiierungNational Institute of Standards and TechnologyZweiLaurent-ReiheIntegralWeb SiteRankingDiagramm
19:53
Wiederherstellung <Informatik>HilfesystemExplosion <Stochastik>Physikalisches SystemPatch <Software>SoftwareschwachstelleSoftwaretestDatenfeldMAPCASE <Informatik>KonfigurationsraumPhasenumwandlungFramework <Informatik>Produkt <Mathematik>TeilmengeAnaloge SignalverarbeitungSoundverarbeitungExogene VariableMultiplikationsoperatorMaschinenschreibenGüte der AnpassungInzidenzalgebraComputersicherheitDienst <Informatik>InternetworkingHackerReelle ZahlBetragsflächeBitrateKartesische KoordinatenBitQuellcodeKonfigurator <Softwaresystem>Deskriptive StatistikSoftwarewartungEreignishorizontProgrammierungVideokonferenzAnnulatorTypentheorieNichtlinearer OperatorStandardabweichungNebenbedingungVerkehrsinformationComputeranimation
25:35
SoftwareschwachstelleNichtlinearer OperatorInzidenzalgebraExogene VariableKanalkapazitätArithmetisches MittelComputersicherheitSoftwarewartungInformationCybersexPhysikalisches SystemInteraktives FernsehenHackerPunktGemeinsamer SpeicherComputeranimationDiagramm
27:24
NebenbedingungNichtlinearer OperatorPhasenumwandlungSelbstrepräsentationPhysikalisches SystemAutomatische HandlungsplanungEingebettetes SystemKette <Mathematik>Güte der AnpassungHackerSoftwareschwachstelleMereologieProgrammierparadigmaMaschinenschreibenWeb SiteSoftwaretestSichtenkonzeptIntegralLorenz-KurveAnnulator
29:36
QuantenzustandFreewareProdukt <Mathematik>ComputersicherheitMaschinenschreibenAdressraumTouchscreenArithmetisches MittelExogene VariablePhysikalisches System
Transkript: English(automatisch erzeugt)
00:04
Aerospace Systems, a changing paradigm and how you can help. First let me quickly introduce you to our presenters from TALIS. We have Yannick Laray, head of pre-sales and international development for cyber security consulting and operations.
00:22
We also have Lawrence Rowell who's the director of product cyber security for our connected cabin and in-flight entertainment systems. And finally we have Natalie Fate who's chief information and product security officer for our global avionics systems. The focus of today's session is to show
00:41
how industry design, attack, learn, and improve critical aerospace systems to cyber secure avionics, passenger systems, and air traffic management systems. First we will speak to the changing requirements and what digital transformation has done for cyber security. Then we will explain our paradigm shift with respect to the
01:02
design of our systems. And finally we will talk about how we integrate good faith hacking and create a chain of trust. So let's start with Yannick to talk about digital transformation and cyber security. Yannick over to you. Thank you Adam. We wish we would be there physically,
01:23
however due to COVID-19 we're in this virtual presentation. Hopefully we'll be there all together next year for the next DEFCON. So now let's talk about digital transformation and cyber security. Today aviation sector is leading to digital transformation.
01:41
This playground represents an international and complex ecosystem with a wide threat surface exposure for attackers. As you can see in this slide there are many targets to be protected and some of them we can talk about the air traffic control and air navigation systems, we can talk about the connected aircraft,
02:02
the airport, the airline maintenance control center, as well as the UAVs and drones. These targets are associated with multiple risks and have risk exposure and therefore we need to be coherent and with a global approach to better understand and reduce the risk. As I said previously
02:25
aeronautics environment is leading to digital transformation with an open and connected world. Digital transformation leads to data driven organization and therefore cyber security. Knowing that for aeronautics safety is the first priority.
02:40
We must secure stakeholders trust as well as safety critical aeronautics system putting the passenger as our first priority. No digital transformation without trust, no trust without cyber security. This connected environment raises two challenges for aerospace ecosystem. First safety and security stake requiring to keep up
03:03
hackers in a safety environment setting up cyber secure conditions across all system life cycle. And second business continuity needing to value cyber security to help prevent business operational disruptions. Now let's talk about the hackers in these environments. We're going to talk about ethical
03:23
good faith hackers and at this we aim to provide the best possible practices and we want to make sure our solutions and services as well as our customers infrastructures are cyber secure and would therefore we perform for example risk analysis
03:40
and pen test using our own active hackers sorry and for sure we're talking about ethical hackers and ethical talent hackers. These hackers can act through the internet. For example from one of our air navigation service provider customer we've been able through some services that we provided to them
04:02
through a contract we've been able to penetrate their power generation systems and this was enabling us to go into their their server which turned on and off the whole air traffic center. All this through our own facilities in France
04:23
going in their own air traffic control where it was not for sure in France. And other tools that we have are specific simulation environments. As you can see in this slide we have the red team versus the blue team. With our simulation environments
04:42
we're able to implement the infrastructure of our customer their operational infrastructure where the red team is our own hackers which mission is to of course attack and vulnerabilities of the system and the blue team is our customers. Our customers in this environment are there to be trained and see if they are cyber secured also
05:05
their system is cyber secure. More and more we need ethical hackers able to master specific sector expertise. This sector expertise is very specific we're not talking about only ISIT we're talking about operational technologies. More and more we're
05:23
facing attackers who are aiming at this type of equipment and trying to be more and more specific to attacking. And I know the floor to Lawrence will develop more on what we do in terms of avionics.
05:41
Lawrence. Thanks Yannick. Okay so when we're talking about this changing paradigm it's really important to understand the current and historical state of affairs. In other words how has security been managed to this point and why? And then we're also going to talk about what is changing to drive
06:01
the new paradigm. So at Talos the high level approach to cybersecurity is defined by nine cybersecurity rules. One of the rules is really important to this audience in this conversation because it speaks directly to penetration testing. Oftentimes we use a gray box approach
06:20
with third-party pin testers and we give them a limited amount of information so they have some understanding about the system components and overall architecture and they can test all the threat vectors. This is good and it's a great start considering where we are today but it
06:40
also serves as a very good example of a security practice that does not really reach its full potential. The model I just described is performed by a limited number of people for a limited amount of time. They also only have a limited amount of information and it's done in a closed environment
07:06
that is not really remotely accessible due to policy and other technical limitations today. This approach does not really leverage the full power of the good faith hacking community and ultimately it results in what can only be called
07:24
a limited snapshot into a product's security posture. We must admit the culture of aerospace and aviation has really kind of contributed to this approach that we have today.
07:42
Vulnerability management in aerospace and aviation is pretty difficult. Updating the product in most cases is not easy and this is even true for the non-safety critical part of the aircraft. It usually takes a lot of time, a lot of money
08:02
and usually a lot of lost revenue to update the system, the aircraft systems. Historically this has kind of contributed to a closed type of thinking. You know along the lines of hey if we don't look hard enough we'll never find anything
08:23
and therefore we must not have a problem. The good news is that this mentality we're seeing a change with this. In a recent Atlantic Council survey 84% of aviation professionals that were polled
08:40
indicated that cyber security researchers are good for aviation. So now is the time for the industry to improve and we can do better but first it's under it's important to understand the factors that are driving this shift in thinking before we try to answer the
09:01
question of how we do better. Let's use the cabin of today's commercial aircraft as an example. It makes sense to look here first for a couple of reasons. This portion of the aircraft is not deemed safety critical therefore it lends itself to the fastest changes
09:22
and is going through a rapid evolution in terms of the technologies and systems deployed to satisfy the airline customer. This means this area of aviation will embrace the good faith hacking community the fastest and with relative ease
09:42
and it will likely influence other areas of aviation. So everyone knows the majority of commercial aircraft are connected to the internet as wi-fi is viewed as critical for today's passenger. There are also several other changes that are that are bringing the comforts of the living room
10:02
into the cabin in today's passenger. So if we take a look at the in-flight entertainment system it's a really good example it's becoming much more complex in several ways. There's an increasing selection of movies and other entertainment content that has not been released to the public.
10:22
This requires protection and ongoing security testing. There's a large influx of third-party applications and games and these are games that are not from the Apple App Store or Google Play and have been validated by Apple and Google. These require ongoing security testing as well. E-commerce
10:43
and shopping options are constantly expanding along with more convenient ways to pay for your goods and services and this includes the introduction of technologies like near-field communication. The amount of personal information is
11:01
increasing with airlines providing a much more personalized service with more convenient payment systems and this also includes the introduction of advertising that is targeted to specific passengers with their demographic information. In order to support all of this
11:20
the number of interfaces that on the aircraft that are accessible by the passenger from their seat is increasing. This includes things like USB, Bluetooth, touchscreen, near-field communication, and Wi-Fi. Now consider this is only part of the overall equation. All of these solutions I just described
11:44
to support e-commerce, entertainment, and personalization are supported by constantly expanding ground infrastructure. In this ground infrastructure it has similar cyber security risks. It's exposed to the same regulatory requirements like PCI and GDPR
12:01
but there's a big difference. These environments look and feel much more like a traditional IT environment. So one positive aspect of this is that IT oriented DevOps teams have already started to embrace practices like crowdsource pin testing. So in the case of aviation and aerospace
12:25
this will be a force that will drive the overall industry towards engaging the good faith hacking community. So before I finish there's one last thing I'd like to mention about how we are seeing the COVID pandemic impact this paradigm shift.
12:42
Third-party pin testers who were previously required to be on premise to pin test certain products and solutions cannot travel and be on site to do this yet the pin testing still must be conducted. So we are seeing companies quickly adapting, changing their policies
13:02
and methods to do remote pin testing whenever possible. Obviously this is going to be a challenge when it comes to systems and products with physical interfaces but we still see a rapid evolution coming in this area. So COVID is actually knocking down some of the previous barriers when it comes
13:23
to embracing the good faith hacking community. To summarize these changes have increased the number of assets that need protection while also increasing the number of threat vectors. At the same time we see the aviation community's attitude and view on embracing the good
13:41
faith hacker is changing. This means now is the time to do this it's time to embrace the good faith hacking community and look at changing the traditional approach to cyber security. Now I'll hand it over to Natalie to talk about how we can do this in collaboration with the good faith hacking community.
14:00
Thank you, Laurent. You're right. We need to see more on how to integrate those hacking activities in our engineering and operations. So I will use the NIST framework which is what we are following to explain our constraints about that. So when we discuss with Laurent on when in this cycle it will be easiest to integrate good faith
14:25
hackers. During the identify protect phase it's more aware we do risk assessments not the theoretical part not that easy but definitely during the the design phase it's important and more naturally into the in-service
14:45
phase. So those two phases, the during design phase and in-service phase seems natural to me. Today it's obviously during in-service and that we have already interactions with hackers.
15:01
I will tell a little story about a CV that has been published on the Thales cabin product and we all know that there is room for improvements in this area to render this interaction more fruitful and this dialogue more fruitful between industry and hackers. We will
15:23
discuss that afterwards. Now I would like definitely to focus on during design phase. Why? Simply because for us it's where it is the easiest to patch and to remediate and this is also the good place where
15:41
we can confront the theory of the attack path that we imagine with the real practice with hackers and have the good coverage about it and the most we spend time on cyber robustness the most we are saving also money to be honest in the operational phase and in the interface phase.
16:03
So now when we think about how we can manage this during design phase it's not easy. Today I have no example of our Airborne system being virtualized and put in a cloud
16:20
and accessible through a web portal for you to do pen tests. As explained by Lawrence, we are performing our own pen tests directly in our labs so you need to imagine fully representative labs. For example CABIN you have an instance of the economy class, first class,
16:43
business class and it's big balls running owned by us and they are running 24 hours a day and 356 days a year. So you can imagine how it's not easy to organize a pen test sequence in
17:04
in such labs which are used to improve our product and answer customers in new new functionalities. So to be clear there is also due to the fact we are on special technology
17:21
if you want to to get good face hackers working with us for example through a bug bounty program then there is an investment to be done on hacker sites because you need to enter into specific technology dedicated for aviation. For example we don't have Ethernet we have
17:41
AFDX which is a rank 664. This is a Ethernet oriented for safety and there are lots of examples of that on protocols on operating systems and this is driven by safety related requirements. So when we discuss about bug bounty company on how to
18:06
to organize better interactions with good face hackers and they mentioned to us they have already this kind of program for ICT suppliers or for example automotive system providers. But with the changing paradigm as
18:26
mentioned by Laurence I think that we are now moving to virtualized simulation benches and labs or connected simulation benches of labs and this is a kind of cyber
18:43
twin and I think it's promising for ground system and ground infrastructure we just need to follow what is a good practice in other sectors since they are more IT related and we can easily move to classical bug bounty programs.
19:02
So to summarize on how we can work together during the design phase I think there are two tracks we can work on. The first one is dedicated bug bounty programs where you come to our big halls and labs and the second would be more to develop
19:21
and it is more on our shoulder cyber twins which are helping for doing those pendants and perhaps being more agile doing it more often and with better coverage and not one or two person during some days. So okay I hope it's clear.
19:45
Now we'll go for the second phase which is the in-service phase to explore what we can do. So here this is another story and you see the title we call that managing continuous security is not for you it's for our customers to
20:03
for them to understand that security is a it's a long road where you need to update regularly due to the fact the new attacks are coming and in the in-service phase the framework is beginning by the detect. This detection comes to us either through
20:22
our customer services which is seeing an incident reporting by a customer or this might be an event found on internet so you know we have a threat intelligence team and services like that that help us in
20:41
grabbing kind of videos that may be published by hackers but also more in standard way CV that could be published on our products. So to explain what are the issues today I will give you an example I think it's the best. It was a story that happened to us I think
21:04
last year and in fact it was a CV published with a high score of eight which is high toxicity and the CVSS is between the one of them and so it was on the in-flight
21:22
entertainment systems. So first of all I would like to recall that in-flight entertainment systems are non-critical system if we consider safety so this rating is a bit high and when our incident response team our
21:41
pcerts investigate about that they learn that in fact it was a vulnerability exploited on the sub-party chat application and in fact the impact was just you at your seat hacking the chat application crashing and not propagating to any other seats just
22:02
standalone on the seat. So it was a bit surprising to us that Mitre even Mitre has ranked this vulnerability at a level of eight but finally we get in touch with a hacker we had a discussion and we say that this score was fast to high and
22:24
so when you see such a situation and we generalize it's often the case like that what are the drawbacks in such a way of managing vulnerability disclosure?
22:41
So today there is no direct notification to our incident response team product incident response team so as a consequence they might be very long time more than two weeks before we get in touch really with the the good face hacker and understand
23:00
and also as this is illustrated here our sector is not real really and understand today you have seen the high rating by Mitre so we need to to have this kind of education and hopefully there are major airlines
23:21
and so they are kind enough since they are doing their own risk assessment to tune the level of patching but if it wouldn't have been the case in this in this story we had imagine you need to know the exact configuration product configuration which aircraft
23:43
replace the exploit on our big labs find the source code develop the patch then again test in the big labs and it's not finished you need to go to a real aircraft to obtain what is called the field supplier acceptance tense which is provided by the airline for
24:07
them to deploy the patch by ensuring it has no secondary effects on the system and believe me the best we did for this type of operation was something like three weeks
24:20
and even today there are some patches that we delivered something like more than one year that are not yet deployed by by some airlines because it's a long process to deploy on all fleets a patch and knowing that some aircraft are under maintenance and things like that so what i would like to have in the
24:44
future in a in a better disclosure program would be the following first establishing direct exchange with the good face hacker i think it's really important for us to understand and for the hacker to understand also better then establishing care remediation time
25:03
and steps before going to publication because depending on on what is uh what has been found and what it is impacting you understand that we don't have the same constraints than in it world so we need more time in some cases so now if it's better that's where you
25:24
would say okay if i have a vulnerability to disclose what are what are my possibility to it today and how can i interact with us with you so this is why we have set up first for the whole
25:40
ecosystem sharing information capacities when i say the whole ecosystem i mean airport airlines aircraft manufacturers suppliers um we have very few maintenance operator but it's becoming it has been set up some the first one more than four years ago so now um what are the one you can use
26:06
i i would advise uh aviation isaac aviation isaac it's an information it's an aviation information sharing community and they are providing sports they have incident response capacity
26:20
to facilitate the interactions between the hacker community and the industry also so it's a it's a good point for for you if you need now a second one particularly in europe is exa it's european center for cyber security in aviation so they they don't have an incident response capacity
26:43
but last year for defcon for aerospace delayed they were okay so they set up a portal for you to enter the different subject you would like to discuss and not telling the details but tell i don't know i have something to say about an airport or something to say about
27:05
the system airborne system and and then they are putting you through um the good stakeholders that are referenced at exa which is uh which is important also so i hope it helps and it will be
27:22
easier for you now so to recap don't tell a site we are definitely considering that with the changing paradigm we need to set up plans to embed
27:41
good face hackers in our design and operation phase and to do this with a win-win situation for both sides to tell you to be honest without this covid crisis we have scheduled with with Lawrence to to come to to defcon and what was scheduled is to
28:03
bring to you a mini lab representative of an in-flight entertainment system one of our latest generation so that you can have a hands-on exercise on it and also you can learn and try so now we have done
28:24
this webinar this webinar is there to explain what we do what are our constraints and challenges and you have heard Yannick telling how the aircraft is is and is the part of the whole
28:42
ecosystem and there is not only aircraft to consider but all the rest of the ecosystems Lawrence has explained how is the changing paradigm or the paradigm is changing particularly post-covid with the need of our pen tests to to be done in a distant way and i've turned my views on how
29:06
we are seeing the integration of good face hackers in our design and how to improve the vulnerability disclosure for for for you for us and for our industry so i'm sure
29:22
that good face hacker can be part of the chain of cross-in aviation and we need to keep in mind that we are talking about safety critical system so now i will tell you that if we want to get in touch with us
29:42
um we have a dedicated address you can you can see it on the screen so it's a short i mean it's product security and systems response so it's really dedicated to to to what we are delivering i hope it helps again so thank you for your attention and now i let you the floor for the
30:02
patience