Presentation is loading. Please wait.

Presentation is loading. Please wait.

Safety & Security of future SATCOM based Aviation Data Links

Published bySuzan Parks Modified over 6 years ago

Similar presentations

Presentation on theme: "Safety & Security of future SATCOM based Aviation Data Links"— Presentation transcript:

1 Safety & Security of future SATCOM based Aviation Data Links
Paul Hampton April 2018

2 Contents Introduction to Datalink Safety and Security Challenges
Current Approach The Future

3 Introduction to Datalink

4 Air Traffic Control Communications
Voice is primary communications between controller and pilot Common voice channel for all aircraft in a sector Channels increasingly congested 4

5 Datalink Concepts Data communications HF / VHF + Satcom
Air Traffic Services (ATS) Airline Operational Comms (AOC) 5

6 Datalink Services (CPDLC) (ADS-C)
Controller Pilot Datalink Communications (CPDLC) Automatic Dependent Surveillance - Contract (ADS-C) 6

7 Smarter Skies

8 Iris Programme SATCOM based datalink service for Air Traffic Navigation Based on evolution of Inmarsat SwiftBroadband infrastructure Complements the terrestrial infrastructure initially Iris Precursor: , Iris Service Evolution:

9 Inmarsat SwiftBroadband (SBB)
Higher capability & capacity Supports IP Data Services to 432kbps Standard voice channel VoIP Worldwide coverage via Inmarsat 4 SBB Safety Datalink + 2 channel voice Oceanic / remote airspace Location reporting built-in 9

10 Safety - What are we worried about?
Datalink Separation Standards Loss of Separation Überlingen 2002

11 Security - What are we worried about?
Many Claims about vulnerabilities and level of control achieved – often disputed

12 Iris High Level Architecture

13 Safety & Security Challenges

14 Safety Regulations demand that Iris Precursor is sufficiently Safe
Essential Requirements Implementing Rules: Reg. (EC) No 29/2009 Common Requirements: Reg. (EU) No 1035/2011 There are established and mature processes & practices Safety concerning itself with unintended, unintentional, inadvertent functional behaviour (addressed by eg. CS , SAM, ED-109A, DO-178C) “Protecting the people from the system”

15 Safety Process - Summary
Operational Assessment Operational Safety Assessment (OSA) Safety & Performance Reqs (SPR) System Definition System Functional Hazard Assessment (FHA) Safety Objectives and Requirements Hazards Severity Classification Failure Conditions System Design Preliminary System Safety Assessment (PSSA) Product Assurance Mitigations System Requirements Assurance Approach System Design and Architectural Components System Implementation & Operation System Implementation System Safety Assessment (SSA) Verification Evidence

16 Safety Assessment The highest severity class for Iris is SC4 (Minor)
Safety objective: detected 1x10-3 pfh Minor (SC4) Safety objective: undetected 1x10-5 pfh Major (SC3) Operational Layer SRs SRs ATSP/Aircraft Application Layer ATSP/Aircraft Hazard Detection Mechanism Hazards: Detected loss of capability (Availability) Hazards: Undetected loss of capability, corruption, unintended, interrupted Hazards: Detected corruption, unintended, interrupted (Integrity) ACSP Comms Service (Iris) The highest severity class for Iris is SC4 (Minor) SC3 related hazards mitigated by ATSP Assurance Level for Iris is ED-109A AL5

17 Security Regulations demand that Iris Precursor is sufficiently Secure
Essential Requirements Implementing Rules: Reg. (EC) No 29/2009 Common Requirements: Reg. (EU) No 1035/2011 There are established and mature processes & practices Security concerned with protecting confidentiality, integrity and availability of the system from unauthorised interaction (eg. ISO2700X) “Protecting the system from people”

18 Security Process - Summary
Establish Context Security Scope Definition and Policy System Security Requirements Identify, Analyse, Evaluate Risk Security Risk Assessment Security Objectives and Requirements Threat Risk Classification Compromise Method Security Risk Treatment Treat Risk (Design) Product Assurance Measures System Requirements Assurance Approach System Design and Architectural Components Treat Risk Implementation & Operation System Implementation Security Verification Verification & Effectiveness Evidence

19 Security From the Security Analysis
The highest Impact Level for security is ‘Moderate’ as effects are comparable to SC3 (Major) based on the Operational Safety Assessment cf. safety impact of compromising communication integrity (eg. controller masquerade) Security risks mitigated through appropriate security measures with effectiveness assured to a level commensurate with ‘Moderate’ impact

20 Safety & Security Historically separate disciplines but are now being brought together eg. ED-202A (2014) - Airworthiness Security Process Specification for airborne systems But no clear industry methodology on how to bring safety and security together for ground system

21 Current Approach

22 Interpretation of ED-202A for Ground
No current standards/guidance for combined safety and security for ground systems ED-202A is relevant but intended for airborne systems Common guidelines can be drawn from ED-202A # Guideline Section 1 Establish differentiated but interacting security and safety processes 2.1.3 2 Maintain overall consistency by ensuring the security process considers outputs of the safety assessment processes 3 Threat conditions having an identical safety effect as a previously identified failure condition shares its severity 4 Security requirements are subject to the same development requirements and assurance actions as other safety related mitigations 2.1.2

23 Integrated Safety and Security

24 Combined Safety & Security - Implications
From the Safety Analysis The highest severity class for Comms Service Provider is SC4 (Minor) Development Assurance Level for Comms Service is ED-109A AL5 From the Security Analysis The highest Impact Level for security is ‘Moderate’ as effects are comparable to SC3 (Major) based on the Operational Safety Assessment Challenge is with Assurance: ED-202A Guideline 4: Security requirements are subject to the same development requirements and assurance actions as other safety related mitigations

25 Interpreting ED-202A Guideline 4
Security requirements are subject to the same development requirements and assurance actions as other safety related mitigations One interpretation of this is that Security Measures addressing SC3 hazards must be developed to ED-109A AL3 (SC3, Major impact) , however: Likely precludes use of industry certified security COTS products Duplicates assurance activities already required to assure security measures Does not specifically improve the security of the solution Another interpretation is to apply security verification techniques that are commensurate with the impact level (as informed by safety criticality) Applies a level of verification rigour commensurate with risk Security verification activities are more effective in assuring the security measures Use of certified products leverages independent security verification, history etc Safety Assurance Level based verification applied to residual risk

26 Safety & Security Integration Approach
ISP Service Management Enhanced Inmarsat SSB Service Management Systems PKI Systems SwiftBroadband Service Security Barriers Aero Rack Aero Ground Gateway Secure VPN Ground Security Gateway Air-Ground Router Key Security Assurance commensurate with SC3 ED-109A AL5 (SC4) ED-109A AL5 (SC4) alternative means 26

27 The Future

28 Existing and Future Relevant Standards
Existing Aviation standards ED-202A - Airworthiness Security Process Specification ED Airworthiness Security Methods And Considerations ED Information Security Guidance For Continuing Airworthiness Future Aviation standard ED-203 revision A ED Security accreditation of ATM systems Other challenges Remotely Piloted Aircraft System Command and Control ATN Baseline 3 (full 4D)

29 Our commitment to you We approach every engagement with one objective in mind: to help clients succeed

Download ppt "Safety & Security of future SATCOM based Aviation Data Links"

Similar presentations

1 Documentation Legal Framework Air Navigation Orders Guidelines ATS Manual Airport Manual Safety Management Manual ICAO Annexes Licenses / Certificates.

1 Documentation Legal Framework Air Navigation Orders Guidelines ATS Manual Airport Manual Safety Management Manual ICAO Annexes Licenses / Certificates.
Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
Module N° 3 – ICAO SARPs related to safety management

Module N° 3 – ICAO SARPs related to safety management
1 Reporting April 2006. 2 Safety Policy Regulator Service Provider Service Provider Service Provider Regulator to established SRF to harmonize reporting.

1 Reporting April Safety Policy Regulator Service Provider Service Provider Service Provider Regulator to established SRF to harmonize reporting.
1 Welcome Safety Regulatory Function Handbook April 2006.

1 Welcome Safety Regulatory Function Handbook April 2006.
1 Regulation. 2 Organisational separation 3 Functional Separation.

1 Regulation. 2 Organisational separation 3 Functional Separation.
Session No. 3 ICAO Safety Management Standards. The Big Picture Two audience groups Two audience groups States States Service providers Service providers.

Session No. 3 ICAO Safety Management Standards. The Big Picture Two audience groups Two audience groups States States Service providers Service providers.
The Future Air Traffic Control System Presented by: Geoffrey BaileyKors van den BoogaardDon Willis EurocontrolInternational Air Transport AssociationU.S.

The Future Air Traffic Control System Presented by: Geoffrey BaileyKors van den BoogaardDon Willis EurocontrolInternational Air Transport AssociationU.S.
SESAR position on ATM Communication Technologies and future trends Kors VAN DEN BOOGAARD, SESAR CIT Hanspeter KULHEN, SESAR Task 2.5 R - EADS Astrium Cedric.

SESAR position on ATM Communication Technologies and future trends Kors VAN DEN BOOGAARD, SESAR CIT Hanspeter KULHEN, SESAR Task 2.5 R - EADS Astrium Cedric.
Service Technique de la Navigation Aérienne NexSAT: Mission Hypothesis 20 may, 2003 STNA/31 ATM issues at horizon 2015 over ECAC Capacity: - VHF spectrum.

Service Technique de la Navigation Aérienne NexSAT: Mission Hypothesis 20 may, 2003 STNA/31 ATM issues at horizon 2015 over ECAC Capacity: - VHF spectrum.
Module 1 Evaluation Overview © Crown Copyright (2000)

Module 1 Evaluation Overview © Crown Copyright (2000)
A Joint Code of Practice Objectives and Summary Presentation

A Joint Code of Practice Objectives and Summary Presentation
ACI/GM/3011/1.0 ACI's Portable ATN Software Products & Services Technology for next-generation aviation data communication… Presented by Forrest Colliver.

ACI/GM/3011/1.0 ACI's Portable ATN Software Products & Services Technology for next-generation aviation data communication… Presented by Forrest Colliver.
PETAL A major step Towards Cooperative Air Traffic Services Patrice BEHIER Manager of the Air/ground Co operative ATS Programme Directorate Infrastructure,

PETAL A major step Towards Cooperative Air Traffic Services Patrice BEHIER Manager of the Air/ground Co operative ATS Programme Directorate Infrastructure,
ATN ‘99, London, 23 September 1999 David Russell ATS Market Manager, SITA AIRCOM SITA AIRCOM Data Link Service.

ATN ‘99, London, 23 September 1999 David Russell ATS Market Manager, SITA AIRCOM SITA AIRCOM Data Link Service.
Air-Ground Data Link - DFS Strategy

Air-Ground Data Link - DFS Strategy
International Civil Aviation Organization Aviation System Block Upgrades Module N° B0-40/PIA-4 Improved Safety and Efficiency through the initial application.

International Civil Aviation Organization Aviation System Block Upgrades Module N° B0-40/PIA-4 Improved Safety and Efficiency through the initial application.
Environment case Episode 3 - CAATS II Final Dissemination Event Brussels, 13 & 14 Oct 2009 Hellen Foster, Jarlath Molloy NATS, Imperial College London.

Environment case Episode 3 - CAATS II Final Dissemination Event Brussels, 13 & 14 Oct 2009 Hellen Foster, Jarlath Molloy NATS, Imperial College London.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Aviation Safety, Security & the Environment: The Way Forward Vince Galotti Chief/Air Traffic Management ICAO Safety and Efficiency An ICAO Perspective.

Aviation Safety, Security & the Environment: The Way Forward Vince Galotti Chief/Air Traffic Management ICAO Safety and Efficiency An ICAO Perspective.

Similar presentations

Ads by Google