1 Michael Neale – RTCA SC203 Control and Communications Chair Unmanned Aircraft Systems...
-
Upload
kristian-strickland -
Category
Documents
-
view
220 -
download
1
Transcript of 1 Michael Neale – RTCA SC203 Control and Communications Chair Unmanned Aircraft Systems...
1
Michael Neale – RTCA SC203 Control and Communications Chair
Unmanned Aircraft Systems Communications
Security
2
Overview
• RTCA and Special Committee 203
• Unmanned Aircraft Communications
• Security Requirements
• Risk Assessment Process
• Current Status of SC 203 Security assessment
3
Who are RTCA and What is Special Committee 203?
• RTCA
– RTCA functions as a Federal Advisory Committee. Its consensus-based recommendations are used by the Federal Aviation Administration (FAA) as the basis for policy, program, and regulatory decisions and by the private sector as the basis for development, investment and other business decisions.
• Special Committee 203
– Tasked with developing recommended standards for Unmanned Aircraft Systems (UAS), Sense and Avoid and Control and Communications.
4
The UAS Market
• UAS quantity estimates for the US National Airspace
• Substantial quantities of UA will be in operation by 2025/2030
Government market growth levels out in 2020
Commercial market growth is low until certification regulations are in place
5
Line Of Sight Operational View
MISSION UA
OPTIONAL RELAY UA
LOS DATALINK TERMINAL
DIRECT DISSEMINATION
CONTROL STATION & PILOT
MANNED AIRCRAFTDIRECT DISSEMINATION AND
PAYLOAD CONTROL
6
Beyond Line Of Sight Operational View
MISSION UA
SATELLITE
DISTANT CONTROL
STATION & PILOT
DIRECT DISSEMINATION
TAKE OFF AND LANDING CS & PILOT
MANNED AIRCRAFT DIRECT DISSEMINATION
AND PAYLOAD CONTROLSECURE NETWORK
DISTANT USERS
COMMAND CENTER
7
UAS Internal and External Information Exchange
UA PILOT
ATC Ground Surveillance
Cooperative andNon Cooperative
Objects
ATC
Owner Operatoror
Mission Controller
COMMUNICATIONS
(VOICE AND DATA)
CONTROL
TCASADS-B
Weather
Transponder
ADS-BADS-RTIS-B
FIS-BADS-C
Sense and
Avoid
ACLACMAMC
ATSA-ITPCOTRAC
D-ATISDCL
D-FLUPDLIC
D-OTISD-RVRD-TAXIFLIPNTNOTAM
VOLMET4DTRAD
AISDispatchesFlight Planning
Telecommands
Telemetry
NavigationGPS VORDME ILS
Other Airspace Users
Party Line (Voice)
UAS
ClearancesStatusFlight Plan Requests
8
Communications Security Requirements
ConfidentialityEavesdropping and
Exploitation
AvailabilityJamming and
Denial of Service
Integrity Spoofing andNon-Repudiation
Required Communications
Security Performance
Security Threat
9
Currently used Security Controls
• Intercept and Detection
– Reduce power spectral density on any particular frequency
– Reduce power spectral density in any non-required direction
• Exploitation
– Encryption - NSA Type 1, Triple DES, AES, HAIPE
• Physical Security
– Guarding Control Station and Unmanned Aircraft
10
UAS Control Link Security
• What level of communications security will be required?– FAA currently does not have clear UAS security
policy so cannot provide guidance on required levels of risk
– No national or international agreement on likelihoods of exploitation of UAS Control Link vulnerabilities
– Some encryption methods may not be viable Shared key systems may be impractical to use in
commercial applications due to key management logistics
11
Security Law and Regulations
• Federal Information Security Management Act (FISMA)
• Federal Information Processing Standards (FIPS)
– Publication 199 - standards for security
– Categorization of federal information and information systems
• National Institute of Standards and Technology Special Publication series SP-800
• FAA Order 1370.82
• UAS have not yet been considered as a core element of current aviation security development work
• Safeguarding International Civil Aviation Against Acts of Unlawful Interference (SARP)
– ICAO Annex 17 to the Convention on International Civil Aviation on Security
• Security Assessment Methodology in NATO/ Eurocontrol ATM Security Coordination Group (NEASCOG)
USA EUROPE
12
FISMA Security Assessment Process
• Determine security category for the UAS system– Impact on confidentiality, integrity and availability– High, moderate or low
• Determine the accreditation boundary• Select security controls• Perform risk assessment
– Identify threats, vulnerabilities, likelihoods, impacts– Determine risk and recommend security controls
• Develop security plan• Implement security controls
• Assess security controls
• Authorize system operation
• Monitor ongoing performance
13
Risk Assessment
• Can a Threat exploit a Vulnerability?– Given enough time and money vulnerabilites can
be exploited– Can the security control be strong enough to deter
the threat from exploiting the vulnerability
• Risk is a combination of Likelihood and Impact– Likelihood of a threat exercising a
vulnerability Frequent, Probable, Remote, Extrememly Remote, Extremely
Improbable.
– Impact if vulnerability is exploited High-Catastrophic, High-Severe, Medium, Low, None
14
Risk Assessment
• Must protect against any vulnerability where impact is high even if likelihood is extremely improbable– NAS safety levels are very high– Focussed malevolent activity
• Must protect against vulnerabilites where likelihood is frequent even if impact is low– Nuisance hacker
15
UAS Security Considerations
• Assess threats from operational scenarios – Define levels of risk required to maintain National
Airspace safety based on threat likelihood and impact effect on confidentiality, availability and integrity
• Evaluate Mitigations– Crypto security strength
– Key distribution
– Impact on bandwidth requirements
– Infrastructure, logistics and cost• Security
– Gain concensus on international security levels– Agree on likelihoods and impacts
16
Support Your Standards Development Organization
• This presentaion is based on the work of a number of people. Further detail can be found in the following RTCA SC-203 documents;
• RTCA SC-203 WG2 002 - UAS Control and Communicaitions Security Considerations
• RTCA SC-203 WG2 010 - Approach for Certification and Accreditaiton Analysis for Security of the Control and Communications Link for Unmanned Aircraft Systems.
• RTCA SC-203 Control and Communications Working Group
– Contact Michael Neale - [email protected]