Integrated Risk Management - an EASA perspective RISK... · EFB . Asset diversion . SW tampering...
Transcript of Integrated Risk Management - an EASA perspective RISK... · EFB . Asset diversion . SW tampering...
Integrated Risk Management - an EASA perspective
Rachel Daeschler SM2017 EUR/NAT, Tallinn, Estonia 17 October 2017
2
What is our experience?
Managing the safety impact of security measures Cockpit doors Chemical Oxygen Generators in lavatories Laptop ban
Direct involvement in the mitigation of security risks Conflict Zones Cybersecurity in aviation
3
Laptop Ban
As a consequence of the potential ban of large Portable Electronic Devices (PEDs) from the passenger cabin, aviation safety authorities reviewed the potential safety impact.
Incidents involving lithium batteries in PEDs – 2012 - 2016
4
Laptop Ban
The transfer of large PEDs from cabin to cargo would increase significantly the risk of fire in the cargo compartment
And so would increase the risk of an uncontrollable fire
Additional safety measures would be necessary
5
Conflict Zones – what needs to be done?
Assessment of airspace security risks Mitigation: NOTAMs, Information, fly/no fly decisions
6
Conflict Zones – a European Alerting System
Cooperation between EU institutions, States, EASA, airlines Achieving a common EU risk assessment Using EASA’s Safety Publication system to support the mitigation
Conditions resulting from exploitation of vulnerabilities having an adverse safety
effect on the aircraft and/or its occupants
Cybersecurity in Aviation – what are we worried about?
Cybersecurity in Aviation – why are we worried…
EFB
ATM WWW
Pax Entert. Services
Software Hardware Software Software Hardware
Health and Usage Data
WWW
Flight Plans Weight & Balance
Manufacturer MRO Airline
Supp
liers
Software tampering Denial of SW crates distribution ICA modification
Maintenance data (e.g. lifing) corruption Tampering of GSE and EFB
Asset diversion SW tampering during shop maintenance
Denial of Service Attack Trojan, Virus and Malware infection
CNS Data spoofing CNS Data corruption
Cybersecurity: an example of integrated risk assessment
Cybersecurity in Aircraft Certification
9
10
Causes
Particular Risks
(System) Failures
(Human) Errors
Intentional Interaction
Cybersecurity in Aviation – Aircraft Certification
Maj
or
Min
or
Cata
stro
phic
Haza
rdou
s
Effects on
safety
Haza
rdou
s
Effects on
safety
Maj
or
Min
or
Haza
rdou
s
Effects on
safety
14
Closing remarks
Security risks vs safety risks: the notion of intent Integrating safety and security risk management is challenging
Organisations, Methodologies, Culture
But is needed when… there are interdependencies/conflicts in the risk mitigation strategies When the risk assessment is complex and better integrates upfront all sources of failures/errors/intentional interactions
Cooperation/Coordination between aviation security and aviation safety authorities can already achieve a lot
Thank you for your attention.