Electronics & Connectivity - September 5, 2012 - 16

Securing IT in the sky

The physical environment in which an aircraft is operated plays an important role in operational security management. a reduction of the accepted risk level. In other words, “an occurrence in a system that is relevant to the security of the system.” It therefore includes vulnerabilities from security advisories, findings from security audits, and incidents from reported system failures or logs. A security issue is a security event that has been analyzed and confirmed as having an impact on the accepted risk level.

Watching the detections

It is clear that there is a need to proactively identify as many aircraft IT system security deficiencies as possible during the design and development phases to limit the number of security events in-service. The most important step to achieve this is to perform a risk analysis of the aircraft IT system during the design. A high-level, risk-based information security process framework for airline and aircraft operations is provided

by ARINC Report 811. Risk analysis must not only identify technical measures, but also operational security measures—i.e., measures that need to be implemented to maintain the security level after system design, development, testing, and release. Since system design mainly focuses on development, the identification of operational security measures is easily missed. The catalog of operational security measures contains the activities that need to be performed to maintain a given aircraft IT system, such as data loading (e.g., integrity checks, anti-virus checks), as well as activities that need to be performed to detect security events. To ensure that the operational security measures selected by different departments at Airbus are harmonized, Airbus prepared a catalog of these measures. Measures are further grouped into services according to associated use-cases. The objective is not only to assist the risk analyst in selecting the appropriate operational security measures, but also to ensure that no operational security measures are accidently missed. It is important to note that not all aircraft IT systems require a monitoring for security events. For example, if the aircraft IT system is completely isolated and contains no COTS software, the system security risk analysis may conclude that there is no threat to the acceptable security level by security events and hence no monitoring needs to be performed. This is also the reason why a system security risk analysis is so cruSAE electronics+connectivity

16

September 5, 2012



Electronics & Connectivity - September 5, 2012

Table of Contents for the Digital Edition of Electronics & Connectivity - September 5, 2012

Electronics & Connectivity - September 5, 2012
Contents
The Ups and Downs of Connectivity
Tech Report
Securing IT in the sky
Data Collection Made Easy
Ad Index
Resource Links
Upcoming from the Editors
Electronics & Connectivity - September 5, 2012 - Cover1
Electronics & Connectivity - September 5, 2012 - Electronics & Connectivity - September 5, 2012
Electronics & Connectivity - September 5, 2012 - Contents
Electronics & Connectivity - September 5, 2012 - The Ups and Downs of Connectivity
Electronics & Connectivity - September 5, 2012 - Tech Report
Electronics & Connectivity - September 5, 2012 - 5
Electronics & Connectivity - September 5, 2012 - 6
Electronics & Connectivity - September 5, 2012 - 7
Electronics & Connectivity - September 5, 2012 - 8
Electronics & Connectivity - September 5, 2012 - 9
Electronics & Connectivity - September 5, 2012 - 10
Electronics & Connectivity - September 5, 2012 - 11
Electronics & Connectivity - September 5, 2012 - 12
Electronics & Connectivity - September 5, 2012 - 13
Electronics & Connectivity - September 5, 2012 - Securing IT in the sky
Electronics & Connectivity - September 5, 2012 - 15
Electronics & Connectivity - September 5, 2012 - 16
Electronics & Connectivity - September 5, 2012 - 17
Electronics & Connectivity - September 5, 2012 - 18
Electronics & Connectivity - September 5, 2012 - 19
Electronics & Connectivity - September 5, 2012 - Data Collection Made Easy
Electronics & Connectivity - September 5, 2012 - 21
Electronics & Connectivity - September 5, 2012 - 22
Electronics & Connectivity - September 5, 2012 - 23
Electronics & Connectivity - September 5, 2012 - 24
Electronics & Connectivity - September 5, 2012 - Upcoming from the Editors
https://www.nxtbook.com/nxtbooks/sae/12DEC1128
https://www.nxtbook.com/nxtbooks/sae/12DEC0905
https://www.nxtbook.com/nxtbooks/sae/12DEC0530
https://www.nxtbook.com/nxtbooks/sae/12DEC0301
https://www.nxtbook.com/nxtbooks/sae/ec_prototype
https://www.nxtbookmedia.com