Electronics & Connectivity - September 5, 2012 - 19

e
for which cause and failure are both security events, such as the successful attack and disabling of a firewall to bypass network protection. It is important to distinguish between the different classes because failures of security functions (i.e., “security failures”) are easy to identify. If the list of security functions installed on an aircraft is known, a process can be established to immediately report an incident on this function. For the other class, an analysis must first be performed to determine whether the failure is caused by an intentional attack or inadvertent action (i.e., “security fault”) or not. This implies that aircraft IT system maintenance and support teams must be aware of security risks to identify failures that are potentially caused by a security fault.

c

IT security deficiencies can cause services to be unavailable or, even worse, to be exploited by intentional attacks or inadvertent actions. their findings can also be reported. The second type of external faults is unanticipated attacks. For unanticipated attacks, it is more difficult to define reliable indicators. But technical measures like a Host-based Intrusion Detection System can help detect modifications to the system, especially since a classic system administration is not foreseen for the aircraft IT system. For a ground system, the modification of a firewall may be a routine change, but for an aircraft IT system, it is a very reliable indicator for an external fault. Failures due to unidentified external faults will most likely induce a software reinstallation or removal of the LRU followed by reinstallation. In both cases, the data on the systems will be overwritten, and even if the possibility of a security event being the cause of the failure is identified later, all evidence will be destroyed. Therefore, the capability of the aircraft system to reliably detect but also to quickly report security events to the aircraft operator as quickly as possible can initiate a “quarantine process” in which further investigation can be performed. This can significantly improve the quality of the operational security management process (and the number of No Faults Found). To enable a quick reporting capability, there needs to be a close link to the aircraft health-management system, usually referred to as the Central Maintenance Function or Onboard Maintenance System. Sensing and responding to security faults in real time, coupled with the ability to engage a global community of resources and expertise to resolve issues, would enable the industry to move from reactive, to proactive, to predictive strategies.
This article is based on SAE technical paper 2011-01-2717 by Gernot Ladstaetter, Nicolas Reichert, and Thomas Obert, Airbus.

Assigning faults

To improve the detection of failures for which security faults are the cause, indicators need to be defined. These can be associated to two types of external faults (i.e., intentional attacks or inadvertent actions). The first type is anticipated external faults. During the design phase, all anticipated external faults to the system are collected in the risk analysis and technical measures are then defined to detect and defend these. Examples of anticipated external faults include viruses that may be loaded inadvertently onto a system via an infected USB stick, or data loads that have been intentionally modified. Since technical measures like anti-virus software and integrity check functions are implemented in the system design to detect these deviations from the intended state,
SAE electronics+connectivity

September 5, 2012

19



Electronics & Connectivity - September 5, 2012

Table of Contents for the Digital Edition of Electronics & Connectivity - September 5, 2012

Electronics & Connectivity - September 5, 2012
Contents
The Ups and Downs of Connectivity
Tech Report
Securing IT in the sky
Data Collection Made Easy
Ad Index
Resource Links
Upcoming from the Editors
Electronics & Connectivity - September 5, 2012 - Cover1
Electronics & Connectivity - September 5, 2012 - Electronics & Connectivity - September 5, 2012
Electronics & Connectivity - September 5, 2012 - Contents
Electronics & Connectivity - September 5, 2012 - The Ups and Downs of Connectivity
Electronics & Connectivity - September 5, 2012 - Tech Report
Electronics & Connectivity - September 5, 2012 - 5
Electronics & Connectivity - September 5, 2012 - 6
Electronics & Connectivity - September 5, 2012 - 7
Electronics & Connectivity - September 5, 2012 - 8
Electronics & Connectivity - September 5, 2012 - 9
Electronics & Connectivity - September 5, 2012 - 10
Electronics & Connectivity - September 5, 2012 - 11
Electronics & Connectivity - September 5, 2012 - 12
Electronics & Connectivity - September 5, 2012 - 13
Electronics & Connectivity - September 5, 2012 - Securing IT in the sky
Electronics & Connectivity - September 5, 2012 - 15
Electronics & Connectivity - September 5, 2012 - 16
Electronics & Connectivity - September 5, 2012 - 17
Electronics & Connectivity - September 5, 2012 - 18
Electronics & Connectivity - September 5, 2012 - 19
Electronics & Connectivity - September 5, 2012 - Data Collection Made Easy
Electronics & Connectivity - September 5, 2012 - 21
Electronics & Connectivity - September 5, 2012 - 22
Electronics & Connectivity - September 5, 2012 - 23
Electronics & Connectivity - September 5, 2012 - 24
Electronics & Connectivity - September 5, 2012 - Upcoming from the Editors
https://www.nxtbook.com/nxtbooks/sae/12DEC1128
https://www.nxtbook.com/nxtbooks/sae/12DEC0905
https://www.nxtbook.com/nxtbooks/sae/12DEC0530
https://www.nxtbook.com/nxtbooks/sae/12DEC0301
https://www.nxtbook.com/nxtbooks/sae/ec_prototype
https://www.nxtbookmedia.com