etsi 2019 for the supply chain in the aircraft exportable · stéphane chopart - airbus helicopters...
TRANSCRIPT
![Page 1: ETSI 2019 For the supply chain in the aircraft exportable · Stéphane Chopart - AIRBUS Helicopters ETSI Security Week 2019 For the supply chain in the aircraft Cyber-Security & Dynamic](https://reader033.vdocument.in/reader033/viewer/2022053003/5f078c1a7e708231d41d868c/html5/thumbnails/1.jpg)
Stéphane Chopart - AIRBUS Helicopters
ETSI Security Week 2019
For the supply chain in the aircraft
Cyber-Security & Dynamic Nature of the Technology, Networks and Society
![Page 2: ETSI 2019 For the supply chain in the aircraft exportable · Stéphane Chopart - AIRBUS Helicopters ETSI Security Week 2019 For the supply chain in the aircraft Cyber-Security & Dynamic](https://reader033.vdocument.in/reader033/viewer/2022053003/5f078c1a7e708231d41d868c/html5/thumbnails/2.jpg)
THE EMERGING REGULATORY LANDSCAPE
1
2
3
4
AIRCRAFT SECURITY THREAT PANORAMA
THE DIGITAL SIGNATURE SOLUTION
5 CONCLUSION
AIRCRAFT SECURITY OVERVIEW
A regional regulation
![Page 3: ETSI 2019 For the supply chain in the aircraft exportable · Stéphane Chopart - AIRBUS Helicopters ETSI Security Week 2019 For the supply chain in the aircraft Cyber-Security & Dynamic](https://reader033.vdocument.in/reader033/viewer/2022053003/5f078c1a7e708231d41d868c/html5/thumbnails/3.jpg)
Aircraft Security Scope
Safety Vs Security
Security breach can lead to Safety Impact
![Page 4: ETSI 2019 For the supply chain in the aircraft exportable · Stéphane Chopart - AIRBUS Helicopters ETSI Security Week 2019 For the supply chain in the aircraft Cyber-Security & Dynamic](https://reader033.vdocument.in/reader033/viewer/2022053003/5f078c1a7e708231d41d868c/html5/thumbnails/4.jpg)
Aircraft Security Scope and Threats panorama
Aircraft architecture
1 Aircraft is : • 1000+ applications, • 100+ interconnected computers, • 10+ operating systems,• Connectivity : Wi-Fi, Bluetooth, internet connections, USB keys...
BUT…
… No Security administrator on-board
![Page 5: ETSI 2019 For the supply chain in the aircraft exportable · Stéphane Chopart - AIRBUS Helicopters ETSI Security Week 2019 For the supply chain in the aircraft Cyber-Security & Dynamic](https://reader033.vdocument.in/reader033/viewer/2022053003/5f078c1a7e708231d41d868c/html5/thumbnails/5.jpg)
5
Airbus Helicopters Signature Platform
repository
Sign service
Auth. service
Software Parts
How it works:
� Software as a Service (SaaS):• Complexity is in the Cloud
� Light client allows you to:
• Create digital signatures of Software parts
• Verify digital signatures of Software parts
Digital Signature Next steps:
2020
![Page 6: ETSI 2019 For the supply chain in the aircraft exportable · Stéphane Chopart - AIRBUS Helicopters ETSI Security Week 2019 For the supply chain in the aircraft Cyber-Security & Dynamic](https://reader033.vdocument.in/reader033/viewer/2022053003/5f078c1a7e708231d41d868c/html5/thumbnails/6.jpg)
Bottom-up evolution of the regulation
A threatA technical
solution
A set of aeronautical standards
A regional regulation
Civil Aviation WW regulation
![Page 7: ETSI 2019 For the supply chain in the aircraft exportable · Stéphane Chopart - AIRBUS Helicopters ETSI Security Week 2019 For the supply chain in the aircraft Cyber-Security & Dynamic](https://reader033.vdocument.in/reader033/viewer/2022053003/5f078c1a7e708231d41d868c/html5/thumbnails/7.jpg)
Digital signature Standard for Software Parts protection
• Digital Signature is an aeronautical standard widely deployed:o ATA Spec 42 Aviation Industry Standards for Digital Information Securityo ARINC 835 and 827
• Digital signature ensures:o Authenticity: origin of the Software Parts is guaranteedo Integrity: any modification (corruption) of the Software Parts or its signature is detected during the verification of
the signature
![Page 8: ETSI 2019 For the supply chain in the aircraft exportable · Stéphane Chopart - AIRBUS Helicopters ETSI Security Week 2019 For the supply chain in the aircraft Cyber-Security & Dynamic](https://reader033.vdocument.in/reader033/viewer/2022053003/5f078c1a7e708231d41d868c/html5/thumbnails/8.jpg)
European Strategic Coordination Platform
8
An Executive Committee (ESCP-EC) at the higher political levelA Technical Advisory Committee (ESCP-TAC) : to set-up the EUROPEAN aviation cybersecurityregulation
safety
cybersecurity
cyber resilient aviation system
![Page 9: ETSI 2019 For the supply chain in the aircraft exportable · Stéphane Chopart - AIRBUS Helicopters ETSI Security Week 2019 For the supply chain in the aircraft Cyber-Security & Dynamic](https://reader033.vdocument.in/reader033/viewer/2022053003/5f078c1a7e708231d41d868c/html5/thumbnails/9.jpg)
ESCP - Technical Advisory Committee
Regulation
RMT.0720RMT.0648
NIS
In order to coordinate : • NIS directive; • RMT.0648 focussing on the aircraft; • RMT.0720 enforcing an ISMS in organizations (including the supply chain)
![Page 10: ETSI 2019 For the supply chain in the aircraft exportable · Stéphane Chopart - AIRBUS Helicopters ETSI Security Week 2019 For the supply chain in the aircraft Cyber-Security & Dynamic](https://reader033.vdocument.in/reader033/viewer/2022053003/5f078c1a7e708231d41d868c/html5/thumbnails/10.jpg)
The regulatory overview
RMT.0720 RMT.0648
![Page 11: ETSI 2019 For the supply chain in the aircraft exportable · Stéphane Chopart - AIRBUS Helicopters ETSI Security Week 2019 For the supply chain in the aircraft Cyber-Security & Dynamic](https://reader033.vdocument.in/reader033/viewer/2022053003/5f078c1a7e708231d41d868c/html5/thumbnails/11.jpg)
11
Conclusion
Aircraft security is addressed since ~15 years by Aircraft manufacturers
Securing the (software) SupplyChain is one of the top security objectives since the beginning of Aircraft Security
Three pillars:1. Secure the source of software by improving Security level of suppliers (currently
including security clauses in contracts) 2. Protect the distribution of software E2E using Advanced / Qualified Digital Signature3. Promote and help to set-up the Civil Aviation CyberSecurity regulation in order to
reach a worldwide ICAO Trust Framework
What is still missing?:1. A mature Security Assurance framework fitting aviation industry expectations (SoS)2. Insufflate Security in the DNA of every aerospace company