170 likes | 484 Views
Unmanned Aircraft Systems Communications Security. Michael Neale – RTCA SC203 Control and Communications Chair. Overview. RTCA and Special Committee 203 Unmanned Aircraft Communications Security Requirements Risk Assessment Process Current Status of SC 203 Security assessment.
E N D
Unmanned Aircraft Systems Communications Security Michael Neale – RTCA SC203 Control and Communications Chair
Overview RTCA and Special Committee 203 Unmanned Aircraft Communications Security Requirements Risk Assessment Process Current Status of SC 203 Security assessment
Who are RTCA and What is Special Committee 203? RTCA RTCA functions as a Federal Advisory Committee. Its consensus-based recommendations are used by the Federal Aviation Administration (FAA) as the basis for policy, program, and regulatory decisions and by the private sector as the basis for development, investment and other business decisions. Special Committee 203 Tasked with developing recommended standards for Unmanned Aircraft Systems (UAS), Sense and Avoid and Control and Communications.
The UAS Market UAS quantity estimates for the US National Airspace Substantial quantities of UA will be in operation by 2025/2030 Government market growth levels out in 2020 Commercial market growth is low until certification regulations are in place
Line Of Sight Operational View OPTIONAL RELAY UA MISSION UA LOS DATALINK TERMINAL MANNED AIRCRAFT DIRECT DISSEMINATION AND PAYLOAD CONTROL CONTROL STATION & PILOT DIRECT DISSEMINATION
Beyond Line Of Sight Operational View SATELLITE MISSION UA DISTANT USERS MANNED AIRCRAFT DIRECT DISSEMINATION AND PAYLOAD CONTROL SECURE NETWORK DISTANT CONTROL STATION & PILOT TAKE OFF AND LANDING CS & PILOT COMMAND CENTER DIRECT DISSEMINATION
Navigation Other Airspace Users Party Line (Voice) GPS VOR DME ILS UAS Internal and External Information Exchange ATC ACL ACM AMC ATSA-ITP COTRAC D-ATIS DCL D-FLUPDLIC D-OTIS D-RVR D-TAXI FLIPNT NOTAM VOLMET 4DTRAD Clearances Status Flight Plan Requests ATC Ground Surveillance Transponder ADS-B ADS-R TIS-B COMMUNICATIONS (VOICE AND DATA) FIS-B ADS-C UAS Telecommands UA PILOT CONTROL Telemetry AIS Dispatches Flight Planning TCAS ADS-B Weather Sense and Avoid Cooperative and Non Cooperative Objects Owner Operator or Mission Controller
Communications Security Requirements Eavesdropping and Confidentiality Exploitation Jamming and Availability Denial of Service Spoofing and Non-Repudiation Integrity Required Communications Security Performance Security Threat
Currently used Security Controls Intercept and Detection Reduce power spectral density on any particular frequency Reduce power spectral density in any non-required direction Exploitation Encryption - NSA Type 1, Triple DES, AES, HAIPE Physical Security Guarding Control Station and Unmanned Aircraft
UAS Control Link Security What level of communications security will be required? FAA currently does not have clear UAS security policy so cannot provide guidance on required levels of risk No national or international agreement on likelihoods of exploitation of UAS Control Link vulnerabilities Some encryption methods may not be viable Shared key systems may be impractical to use in commercial applications due to key management logistics
Security Law and Regulations USA EUROPE • Federal Information Security Management Act (FISMA) • Federal Information Processing Standards (FIPS) • Publication 199 - standards for security • Categorization of federal information and information systems • National Institute of Standards and Technology Special Publication series SP-800 • FAA Order 1370.82 • UAS have not yet been considered as a core element of current aviation security development work • Safeguarding International Civil Aviation Against Acts of Unlawful Interference (SARP) • ICAO Annex 17 to the Convention on International Civil Aviation on Security • Security Assessment Methodology in NATO/ Eurocontrol ATM Security Coordination Group (NEASCOG)
FISMA Security Assessment Process Determine security category for the UAS system Impact on confidentiality, integrity and availability High, moderate or low Determine the accreditation boundary Select security controls Perform risk assessment Identify threats, vulnerabilities, likelihoods, impacts Determine risk and recommend security controls Develop security plan Implement security controls Assess security controls Authorize system operation Monitor ongoing performance
Risk Assessment Can a Threat exploit a Vulnerability? Given enough time and money vulnerabilites can be exploited Can the security control be strong enough to deter the threat from exploiting the vulnerability Risk is a combination of Likelihood and Impact Likelihood of a threat exercising a vulnerability Frequent, Probable, Remote, Extrememly Remote, Extremely Improbable. Impact if vulnerability is exploited High-Catastrophic, High-Severe, Medium, Low, None
Risk Assessment Must protect against any vulnerability where impact is high even if likelihood is extremely improbable NAS safety levels are very high Focussed malevolent activity Must protect against vulnerabilites where likelihood is frequent even if impact is low Nuisance hacker
UAS Security Considerations Assess threats from operational scenarios Define levels of risk required to maintain National Airspace safety based on threat likelihood and impact effect on confidentiality, availability and integrity Evaluate Mitigations Crypto security strength Key distribution Impact on bandwidth requirements Infrastructure, logistics and cost Security Gain concensus on international security levels Agree on likelihoods and impacts
Support Your Standards Development Organization This presentaion is based on the work of a number of people. Further detail can be found in the following RTCA SC-203 documents; RTCA SC-203 WG2 002 - UAS Control and Communicaitions Security Considerations RTCA SC-203 WG2 010 - Approach for Certification and Accreditaiton Analysis for Security of the Control and Communications Link for Unmanned Aircraft Systems. RTCA SC-203 Control and Communications Working Group Contact Michael Neale - michael.neale@uav.com