Transcript Slide 1

Federal Aviation
Administration
AMHS Security
Security Sub-Group Activities
ATS Message Handling System (AMHS )
Implementation Workshop
Chennai, India
December, 15-16th 2008
Vic Patel
Presentation
to:
FAA/ATO-P
Security Engineering Group
Name:
Date:William J. Hughes FAA Technical Center
Atlantic City International Airport
Atlantic City, NJ 08405
USA
Federal Aviation
Administration
1
Presentation
Overview
Our Vision:
Service
and Safety
Security Policy
 Security Checklist
 Security Guidance Document
 Technical Controls for AMHS Security
 Other Regional Security Documents
System-wide Risk Assessment
Contingency Plan
Incident Response Plan
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation
Administration
2
2
Asia/Pacific ICG Strategic Objective: Security
Our Vision: Service and Safety
 Task (1) Update System Integrity Policy as needed
Asia/Pacific ATN System Security Policy Document
 Adopted by ICAO Asia-Pacific as of October 2008
 Task (2) Develop Information Security Checklist
Asia/Pacific ATN Develop Security Checklist
 Task (3) Develop Information Security Guidance
 Asia/Pacific ATN Security Guidance Document
 Task (4) Develop Information Security Solution for Initial and Enhanced
Services
To be included in Asia/Pacific ATN Security Guidance Document
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation
Administration
3
3
Policyand Safety
Our Vision:Security
Service
•
The Asia/Pacific region has developed an ATN System
Security Policy
•
The Policy was previously called the “System Integrity
Policy” and was somewhat broader in scope.
–
It was agreed at the September Security Sub-Group meeting that the
requirements for Interoperability be removed from this document and
it was re-named the System Security Policy.
•
The policy requires that ATN systems be verified to have
appropriate security controls.
•
The policy requires that ATN systems be formally approved
for operation a Designated Approval Authority for each
state/organization.
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation
Administration
4
4
Policyand Safety
Our Vision:Security
Service
• Security Policy Outline:
– Purpose.
– Applicability.
– Authority.
– Implementation and Enforcement.
– System Integrity Requirements.
– System Integrity Services
• Confidentiality
• Data Integrity
• Authenticity.
• Availability.
• Accountability.
• Interoperability.
– System Integrity Policy Statements
• Functional Policy Statements
– Verification and Authorization
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation
Administration
5
5
Security
Checklist
Our Vision:
Service
and Safety
• A checklist serves to see that controls are in place
• It is generally the basis on which the Approving Authority grants approval
• At the April 2008 meeting of the Security Subgroup it was agreed that the
controls would be derived from the following document:
– NIST SP 800-53, Recommended Security Controls for Federal
Information Systems, December 2006
– The SP 800-53 controls were reviewed by the Security Subgroup and
the Subgroup identified which of the Technical, Operational, and
Management controls applied to an ATN system.
• At the September meeting of the Security Subgroup the controls were
converted to a Checklist format.
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation
Administration
6
6
Security Guidance
Our Vision:
ServiceDocument
and Safety
•
The Security Sub-Group is developing a region should develop a Security
Guidance Document which provides guidance on the implementation of
management, technical, and operational controls.
•
Management controls
•
focus on management of system and associated risks
•
Security reviews, security risk assessments
•
Technical controls
•
address specific types of threats
•
may be sub-typed as: preventative technical controls, recovery technical
controls, and support technical controls
•
Operational controls
•
•
focus on operational procedures, personnel security measures, and
physical security measures
This document was previously called the “Security Implementation Plan”
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation
Administration
7
7
Security Guidance
Our Vision:
ServiceDocument
and Safety
AMHS Technical Controls
• Network Security Provisions
• From User Terminal to Message Server or Between Message
Servers (Routers)
• End-to-End Security Provisions
• Defined in ICAO Doc 9705 Edition 3 using the ATN Digital
Signature Scheme
• May not be implemented if region does not move to ATN airground security provisions
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation
Administration
8
8
Our
Security Guidance Document
Vision:
Service
and Safety
AMHS Technical
Controls
User Terminals
Local
Access
Network
User Terminals
System and Communications Protection (SC)
- Local Network Dependent
- IPsec, TLS
- SSH
- PPTP, L2TP, L2F
ATS
Message
Server
Local
Access
Network
ATS
Message
Server
System and Communications Protection (SC)
- Dedicated Point-to-Point X.25 Connections
- IDRP Security
IDRP
X.25
ATN
Router
ATN
Router
X.25
IDRP
X.25
IDRP
ATN
Internet
Audit and Accountability (AU)
- X.25 Logs
- CLNP Logs
- IDRP Logs
ATN
Router
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation
Administration
9
9
Our
Security Guidance Document
Vision:
Service
and Safety
AMHS Technical
Controls
System and Communications Protection (SC)
- AMHS Security applied from
ATS Message User Agent to ATS Message User Agent
User Terminal
(w ATS Message
User Agent)
User Terminal
(w ATS Message
User Agent)
AMHS Security
AMHS
Message Transfer System
ATS
Message
Server
Internetwork
ATS
Message
Server
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation 10 10
Administration
Security Guidance
Our Vision:
ServiceDocument
and Safety
AMHS Technical Controls
Network Security
Secure Communications from User Agents to MTA Server
• Technique depends on connectivity
• Internet Protocol Security (IPsec)
• Transport Layer Security (TLS) (formerly Secure Sockets
Layer (SSL))
• Layer 2 Protocols (Point-to-Point Tunneling Protocol (PPTP),
Layer 2 Tunneling Protocol (L2TP), Layer 2 Forwarding (L2F)
• Secure Shell (SSH)
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation 11 11
Administration
Security Guidance
Our Vision:
ServiceDocument
and Safety
AMHS Technical Controls
Network Security
Secure Communications between Routers which support MTA Servers
• Communications Security
• IDRP Security
• Initially pre-shared keys
• Longer term - PKI
• Audit Logs
• TCP, IP, BGP Logs
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation 12 12
Administration
Our
Security Guidance Document
Vision:
Service
and
Safety
Technical Control Summary
• Technical controls may initially consist of securing IDRP router
connections
– Initially using pre-shared keys
– Migrate to limited use of certificates
• For TCP/IP MTA-to-MTA connections either TLS or IPsec may be used.
• For User Terminal to MTA connections layer 2 provisions may also be
used
• As the AMHS evolves to enhanced services, including directory services,
AMHS application security may be employed
• Firewalls and other security appliances should be introduced as needed.
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation 13 13
Administration
Contingency
Our Vision:
ServicePlan
and Safety
•
The Security Sub-group has been tasked to develop a
“Contingency and Disaster Recovery Plan.
•
This plan identifies the coordination activities, processes,
and procedures to be followed in the event that an AMHS
system is unavailable.
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation 14 14
Administration
Contingency
Our Vision:
ServicePlan
and Safety
•
NIST SP800-34, Contingency Planning Guide for Information
Technology Systems, June 2002
“IT contingency planning refers to a coordinated strategy involving plans,
procedures, and technical measures that enable the recovery of IT systems,
operations, and data after a disruption. Contingency planning generally
includes one or more of the approaches to restore disrupted IT services:
•
Restoring IT operations at an alternate location
•
Recovering IT operations using alternate equipment
•
Performing some or al of the affected business processes using non-IT
(manual) means”
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation 15 15
Administration
Incident
Responseand
Plan Safety
Our Vision:
Service
•
The Security Sub-group has been tasked to develop an
Incident Response Plan
•
The incident response plan would specify common
procedures for identifying, reporting, and responding to
computing incidents.
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation 16 16
Administration
•
Incident
Responseand
Plan Safety
Our Vision:
Service
NIST SP 800-61, Computer Security Incident Handling Guide,
January 2004, specifies that an incident response capability should
include the following actions:
•
Creating an incident response policy
•
Developing procedures for performing incident handling and
reporting, based on the incident response policy
•
Setting guidelines for communicating with outside parties
regarding incidents
•
Selecting a team structure and staffing model
•
Establishing relationships between the incident response team
and other groups, both internatl and external
•
Determining what services the incident response team should
provide
•
Staffing and training the incident response team
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation 17 17
Administration
Questions
Our Vision: Service and Safety
AMHS Security: Security Sub-Group Activities
Challenges of a Growing Aviation System
April 12, 2005
AMHS IMPLEMENTATION WORKSHOP, Chennai, India
December 15th-16th, 2008.
Federal Aviation 18 18
Administration