Photos: Corel, Photodisk; Photodisk; Photodisk; Comstock; DOT Airborne Network Security Simulator (ANSS) Master Plan Overview Presented by: Chris Riley (DOT/Volpe) November 3,

Agenda ANSS Experiment 1 ANSS Experiment 2 ANSS Master Plan 2

Airborne Network Security Simulator (ANSS) Goals Identify potential information security threats in synthetic environment by simulating next generation aircraft communications systems Share knowledge, tools and methodologies with academia and other interested stakeholders to extend research value Act as coordinating authority for cyber security risk mitigation within the international aerospace & aviation community Recommend appropriate technical & procedural standards for security risks to aid in the development of regulatory guidelines and policies Influence industry bodies on cyber security best practices with respect to specifications, procedures, and recommendations used by the industry 3

Master Plan Overview – Phase 1 Inside Aircraft Network –Simulates a standard airborne network architecture including real and synthetic components –Interconnects with disparate aviation simulators to include real-world information in its experiments –Engages industry, academia and government in its experiments and recommendations –Design experiments to explore stakeholder identified issues and concerns 4

Demonstration Scenario; Airline AOC to Aircraft IEEE HLA /RTI Via Internet IEEE HLA /RTI Via Internet ANSS at WSU ANSS Operational Enclave Gatelink OPS Controller Firewall Aircraft Network Control Domain Information Domain Passenger Domain TWLU EFB Load & Balance Data Performance Calculation Performance Calculation 5 LaTech Ops-Center Simulator

Experiment 1 Scenario Final Pre-Flight Data Man-in-the- Middle device captures data and sends it to the Internet Modified Pre-Flight Data Hacker 6

ANSS Experiment 2 7

ANSS Phase 1 Experiment 2 Working with several aviation vendors to add Experiment 2 Functionality –Aircraft Control Domain (ACD) – Pratt & Whitney (P&W) FAST (Flight-data Acquisition, Storage and Transmission ) -- Engine Wireless Maintenance Toolset –ACD – General Electric (GE) Intelligent Platforms AFDX (Avionics Full Duplex Network, Switched Ethernet) simulated configuration –In Flight Entertainment (IFE) – Panasonic Inc. Simulated 3 seat suite of Wi-Fi equipment Developing operational scenarios/uses cases, e.g. –Intrusion Detection, Wireless data transfer, Engine Data/Gatelink interfaces UK Partners to provide Penetration Testing support 8

9 Aircraft Data Network (ADN) ANSS Phase 1 – Experiment 2 Aircraft controlAirline Information Services Passenger Information and Entertainment Services Passenger- Owned Devices Flight and Embedded Control Systems Cabin Core Admin Passenger Support Control the Airplane Operate the Airline Entertain the Passengers ClosedPrivatePublic Source –ARINC 664, Aircraft Data Network, Part 5, Network Domain Characteristics and Interconnection FAST (P&W) IFE(Panasonic)AFDX (GE) EFB/Gatelink

ANSS Master Plan 10

Master Plan Overview – Phase 2 External Interconnections –Include a SOA interface based on current Nextgen Standards –Build synthetic capabilities to evaluate cyber issues when the aircraft is both a SOA provider and consumer –Participate in FAA/DOD experiments to understand the commercial impact of cyber security in this environment –Identify issues and restrictions of global trust in the AN environment –Identity issues associated with centralized auditing, intrusion detection/prevention and a global view of the operation’s theater. 11

ANSS Phase 2 NEXTGEN Simulations 12 Trajectory/clearance changes Acknowledgmen ts TDL S NNE W ERA M Characteristics Situational awareness - advisory Commercial spectrum Limited or No source Authentication Low or no design assurance User specified QoS –RMA –Delivery (e.g. best effort) –Latency International usage based on reach of service provider User designed/directed controls and displays User specified FMS integration Weather Airspace status NOTAMS Characteristics Command and Control – safety critical Protected spectrum Source Authentication High safety assurance levels QoS dictated by safety case –High reliability, maintainability & availability –Guaranteed delivery –Low latency Harmonization based on International agreements Standardized controls and displays FMS integration TDL S ERA M Deviation requests Acknowledgments TF M

Master Plan Overview – Phase 3 Virtual World Training, Modeling and Simulation –Skill development plays a critical role in the cyber protection. Special skills will be needed to address the mobility, public safety and critical infrastructure components of this environment. –Gaming technology is successfully used to build virtual worlds and train the workforce through realistic scenarios. Scenario based training also allows researcher to observe student attack strategies in anticipation of the next level of attack. Learning attack approaches and exploits in a controlled environment feeds the development of predictive and adaptive defense strategies –Leveraging all of these assets, ANSS would develop a gaming environment where security teams from government, academia and industry will compete in “capture the flag” type scenarios. First line defenders, modes, methods and approaches captured in the experiments would prove invaluable to researchers in proactively protecting the AN environment 13

ANSS Phased Approach 14 Phase 1 Phase 2 Phase JFMAMJJASONDJFMAMJJASONDJFMAMJJASOND External Interconnections Experiment 1 – EFB/Gatelink (June 2010) Experiment 2 – Databuses, Wireless Maintenance, and In Flight Entertainment (Spring 2011) NextGen Simulations Experiment 1 - TBD Experiment 2 - TBD Experiment 1 - TBD Experiment 2 - TBD Virtual World Training, Modeling and Simulation

15 Astronautics Corporation of America Contributing Organizations to the ANSS Demonstration/Technical Workshop

Kevin Harnett, Volpe Center Cyber Security Program Manger – – Phone: Chris Riley, Volpe Center Cyber Security Researcher – – Phone: Contact Information 16