Meeting the Information Needs of Aviation

For more information please contact:

info@airinformatics.com

Copyright © 2008-2016 Air Informatics® LLC

The e-Enabled Airplane brings forward a new generation of digital, connected aircraft. This class of aircraft present a new management challenge - cyber security. Thus, both the FAA and EASA require an Airplane Network Security Program. At Air Informatics® LLC a core and fundamental component of our e-Enabled ANSP® is a e-Enabled Security® Incident and Event Management Plan (e-Enabled SIEM®). This plan, fully considered, logically developed and consistently followed is critical for continued e-Enabled Airworthiness.

e-Enabled SIEM®

Air Informatics® LLC directly address your regulatory and e-Enabled Aviation® Security (e-Enabled AvSec®) challenges. Our team includes those who developed the manufacturers airplane e-Enabled Aviation Information Security (e-Enabled AvInfoSec®) guidelines, conducted the Red Team cyber security investigation of the airplane, built an OEM airplane cyber security penetration lab and have written FAA D301 OpSpec response documents. We have the direct knowledge, experience, certification and training to respond to FAA and CAA requirements, provide a robust Defense-in-Depth, multi-layered e-Enabled Security® technology solution, including:

  1. FAA, EASA and CAA Airplane Network Security Program (e-Enabled ANSP®) development, regulatory and certification response

  2. Effective Cryptographic, non-cryptographic, e-Enabled Digital Certificate, and e-Enabled PKI® development, distribution, storage, management and monitoring

  3. Full e-Enabled Security® tracking, recording, auditing, assessment, verification and validation

  4. Incident response, security log review, alerting and administration

  5. Airline e-Enabled Security® Risk Assessment Development

  6. e-Enabled Information Security Assessments (e-Enabled ISA)

  7. e-Enabled Security® Incident and Event Management (e-Enabled SIEM®) program design and review.

  8. e-Enabled SIEM® Rules-Based Event Correlation and Alerting Engine

  9. e-Enabled Security® Log Audit, Analysis, Trending, Forensics and Reporting

  10. e-Enabled Security® Real-Time Monitoring, Alerting, Report Generation and Dashboard

Federal Aviation Agency National Policy (N8900.189) has define the Operations specification (OpSpec) D301, e-Enabled Aircraft Network Security Program (e-Enabled ANSP®) requirements to support the operations of e-Enabled Digital Aircraft. The FAA instructions to inspectors call for a review of the airline ANSP e-Enabled Security® Risk Assessment. The OEMs have defined airplane network security operators guidance. Yet one noted manufacturer includes only a single requirement and a minimal set of recommendations for e-Enabled Security®. These actions addresses only the needs of the most minimal e-Enabled Airline enabling the airplane to the lowest level. Most airlines go significantly farther up the e-Enablement S curve, far beyond the minimal e-Enablement.

  1. OpSpec D301 is necessary to verify that operators have the skills, tools, and procedures in place to accomplish the requirements of the manufacturer’s aircraft security document and the recommended best practices appropriate to their operations.

  2. New aircraft designs use TCP/IP technology for the main aircraft backbone, connecting flight-critical avionics and passenger information and entertainment systems in a manner that virtually makes the aircraft an airborne, interconnected network domain server.

  3. The airline must establish a full scope e-Enabled Security® program addressing the deployed e-Enabled information, application and infrastructure architecture, including the Policy, Process, Procedures, People, Tools and Technology required for e-Enabled airline and e-Enabled Digital Airplane operations.

  4. The airline must establish an appropriate e-Enabled Security Incident and Event Management (e-Enabled SIEM) program that includes recognition, response, communication and analysis.

  5. The airline must establish an appropriate security awareness and training program.

  6. The airline must develop and periodically update the e-Enabled Security® Risk Assessment and establish on-going management program.

  7. The airline must establish an aircraft Security e-Enabled Log Management and tracking program.

With regards to e-Enabled Digital Aircraft, the airline must ensure the safety and continued airworthiness of the aircraft in all flight regimes, passenger cabin activities, ground operation, business operation, as well as the passenger and customer goodwill and reputation of the airline.