Helping the FAA Adapt to Evolving Cyber ThreatsJanuary 2011
Topics: Air Traffic Management, Computer Security, Improving National Airspace System Performance
With the national airspace system (NAS) increasingly interconnected to partners and customers both within and outside the U.S. government, the danger of cyber attacks on the system is increasing. Because of low-cost computer technology and easier access to malware, or malicious software code, it is conceivable for individuals, organized crime groups, terrorists, and nation-states to attack the U.S. air transportation system infrastructure. Given the advanced persistent threat of sophisticated cyber attacks, securing the Next Generation Air Transportation System, or NextGen, is paramount.
NextGen is the large-scale transformation of the NAS that will make the system more dynamic and flexible by enabling aircraft to fly more efficient routes. But NextGen also requires increased connectivity with commercial aviation entities and foreign civil aviation agencies, meaning more potential points of entry for cyber attacks. Computer and communications networks used in the NAS and NextGen, like networks everywhere, require new defenses against rapidly evolving cybersecurity threats. To help the Federal Aviation Administration address these threats, MITRE has developed the NAS Enterprise Information System Security Architecture.
"No Ordinary Business System"
An all-encompassing approach to airspace security is needed because the NAS "is no ordinary business system," explains MITRE's Joseph Veoni, Project Team Manager in CAASD's Communications and Information Security department. "The government has recognized that systems like the NAS are special. They can't be taken offline for maintenance. You can't allow the possibility of critical security controls failing."
The scope of the NAS makes the challenge that much more daunting. With some 21 air route traffic control centers, 512 air traffic control towers, 400 radar sites and 40,000 ground radios, according to the FAA Administrators' March 2010 Fact Book, there are numerous points of vulnerability. And with cyber attacks on all government infrastructures on the increase, the FAA wants to position itself to be prepared for the next wave of security threats, Veoni says.
"It used to be that the bad actors had to understand how software works to launch attacks, but that's no longer the case," Veoni says. "Now there are websites that sell malware, so it requires very little knowledge to launch an attack."
The goals of the NAS Enterprise Information System Security Architecture program are to help the FAA create an enterprise security infrastructure for the NAS, implement a basic set of security tools within this infrastructure, and perform ongoing research to continue developing these tools as new risks emerge and NextGen capabilities evolve. The program is divided into five components:
- External Boundary Protection: An effort to keep malware from entering the secured NAS and to limit the effects of any successful denial-of-service attacks.
- Internal Policy Enforcement: A capability designed to inhibit the spread of other types of attacks on the NAS by establishing cyber "partitions" between applications.
- Incident Detection and Response: An effort to detect compromised NAS elements by monitoring cyber traffic at the system's boundary and within the NAS. Analyses of traffic and log data are assimilated into a central dashboard.
- Certified Software Management: A process for verifying the safety of commercial off-the-shelf software to keep malware from entering the NAS through the software supply chain.
- Identity and Key Management: An effort to develop an identity verification system for all components within the NAS—both human and machine. This includes the use of public key infrastructure encryption for identity verification for external devices and users.
Through the NAS Enterprise Information System Security Architecture program, MITRE is working with the FAA to develop an infrastructure that provides cybersecurity controls for all NAS components. Ultimately, these controls will provide a boundary that will verify data and users before they come into contact with the NAS.
"The ultimate objective is to keep the system from being affected by cybersecurity threats," Veoni says.
A Civilian-Defense Partnership
The program objectives were developed in response both to the FAA's estimates of existing security challenges and to research by MITRE and other entities, including the Department of Defense. The DoD has a keen interest in NAS security, given that nation-states can potentially attack other cyber infrastructures.
"We're working with the DoD to get its perspective on the threat and to find out its requirements," explains Ted Signore, a MITRE principal information security engineer who also works on the project. "Ultimately, the DoD depends on the FAA to fly in civil airspace."
Intelligence agencies, too, have an interest in understanding the cybersecurity status of the NAS. "We're working across MITRE to develop responses to these threats, including leveraging our connections within the intelligence community," Signore says. "We've had some of our greater successes with this—bringing together people from the FAA, DoD, and intelligence agencies to examine the issues and develop responses."
While the FAA has long been concerned about the risk of NAS equipment failures, the agency is now working hard to address the potential for "malicious failures," he adds.
NAS Security Architecture Benefits: Improved Security, Reduced Costs
Once the FAA implements the five major components of the program, the result will be a more consistent level of security across the entire NAS. Signore believes that consolidating enterprise-wide security controls and improving the capacity and scalability of security controls will help pave the way for more secure communication functions as part of NextGen and also reduce costs for the FAA. These expected benefits are in line with the FAA's own performance targets for the next five years.
"This work will prepare the NAS today for its future transformation to NextGen," Veoni says.
—by Maria S. Lee