1 / 14

Нормативная документация по кибербезопасности для авиационного применения

18.09.18 ФГУП ГосНИИ ГА. Нормативная документация по кибербезопасности для авиационного применения. 1/14. Булатов Денис. Example of the threat of cybersecurity. Trojan. Vulnerability database. Secretariat Study Group on Cybersecurity ИКАО.

eharold
Download Presentation

Нормативная документация по кибербезопасности для авиационного применения

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. 18.09.18 ФГУП ГосНИИ ГА Нормативная документация по кибербезопасности для авиационного применения 1/14 Булатов Денис

  2. Example of the threat of cybersecurity Trojan

  3. Vulnerability database Secretariat Study Group on Cybersecurity ИКАО European Centre for Cyber Security in AviationEASA https://nvd.nist.gov/vuln

  4. To find a common language /Найти общий язык EUROCAE ER-013 AERONAUTICAL INFORMATION SYSTEM SECURITY GLOSSARY https://www.icao.int/cybersecurity/Pages/default.aspx

  5. Обзор мероприятий зарубежных авиационных властей - Special Conditions No. 25–07–01-SC (Boeing Model 787-8) - … 2007 FAA The design shall prevent all inadvertent or malicious changes to, and all adverse impacts upon, all systems, networks, hardware, software, and data in the Aircraft Control Domain and in the Airline Information Domain from all points within the Passenger Information and Entertainment Domain. Конструкция должна предотвращать все непреднамеренные или вредоносные изменения и все неблагоприятные последствия для всех систем, сетей, оборудования, программного обеспечения и данных в Домене управления воздушными судами и в Информационном домене авиакомпаний со всех точек в пределах Информационно-развлекательного домена для пассажиров. - Special Conditions No. 25–534–SC (Airbus Model A350–900) - Special Conditions No. 25–505–SC (Boeing Model 777-200, -300, 300ER) - … 2014 FAA PS-AIR-21.16-02. Establishment of Special Conditions for Cyber Security - Special Conditions F-22 (Boeing 747) - Special Conditions F-38 (Airbus A350-941) -… 2016 EASA RMT.0648 Aircraft cybersecurity

  6. Как оценить? FAA AC 20-140C Guidelines for Design Approval of Aircraft Data Link Communication Systems Supporting Air Traffic Services Developing a Framework to Improve Critical Infrastructure Cybersecurity (Boeing/NIST) CCIMB 2004-01 Common criteria for information technology security evaluation EASA FAA and others CybersecurityAssessment And Risk Management Approach for the aviation subsector (CARMA)

  7. Применимые руководства? EUROCAE ED-202А / RTCA DO-326A. Airworthiness Security Process Specification 1 Меры; Ответственность держателя сертификата типа; Ответственность эксплуатанта. ПО; Компоненты; Организация оценки рисков; Управление инцидентами; Наземное оборудование; Точки доступа к сетям ВС; Наземное оборудование и системы… EUROCAE ED-204 / RTCA DO-355. Information Security Guidance for Continuing Airworthiness 2 EUROCAE ED-203 / RTCA DO-356. Airworthiness Security Methods and Considerations EUROCAE ED-203 / RTCA DO-356. Airworthiness Security Methods and Considerations 3

  8. EUROCAE ED-202А / RTCA DO-326A

  9. EUROCAE ED-203 / RTCA DO-356 Methods And Considerations

  10. Это NIST SP 800-30 Rev. 1Guide for Conducting Risk Assessments NIST SP 800-53A Rev. 1Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans NIST SP 800-82Guide to Industrial Control Systems Security NIST SP 800-115 Technical Guide for Information Security Testing and Assessment NIST SP 800-131ATransitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths ISO/IEC 27001 Information technology - Security techniques - ISMS requirements ISO/IEC 27002Information technology - Security techniques - Code of practice for information security management ISO/IEC 27005 Information technology - Security techniques - Information security risk management ARINC Report 811 Commercial Aircraft Information Security Concepts of Operation and Process Framework ABN-035AConsiderations for the Incorporation of Cyber Security in the Development of Industry Standards MEHARI 2010 : Risk analysis and treatment guide Common Vulnerability Scoring System (CVSS) COBIT EVITA-project PRESERVE-project все?

  11. PRACTICE • ICAO Doc8973 • Серия IEC62443 • DHS/NPPD/PIA-006(a). Protected Critical Infrastructure Information Management System (PCIIMS) Final Operating Capability (FOC) • NIST SP800 • Документы ARINC/AEEC • RTCADO-326A, DO-355, DO-356 • FAA АС 119. Airworthiness and Operational Approval of Aircraft Network Security Program (ANSP) SystèmesEmbarquésInformatisés, SûrsetSécurisés(SEISES) Компьютеризированные безопасные и защищенные встроенные системы Systèmesembarquésetdistribués, sécurisésetsûrs (SEDSES) Встроенные и распределенные системы, безопасные и защищенные Architectures de Sécurités (ArSec) Защищенная архитектура 12 RTCA DO-326A DO-356 DO-355

  12. EUROCAE ED-202А / RTCA DO-326A. Airworthiness Security Process Specification EUROCAE ED-204 / RTCA DO-355. Information Security Guidance for Continuing Airworthiness CYBER SECURITY FIND YOUR CYBERSECURITY GAPS BEFORE HACKERS DO EUROCAE ED-203 / RTCA DO-356. Airworthiness Security Methods and Considerations 13

  13. БУЛАТОВ Денис Георгиевич Инженер 1 категории +7 (985) 159-44-86 dgbulatov@2100.gosniias.ru Сертификационный центр ФГУП ГосНИИАС +7 (499) 759-00-75 info@gosniias.ru г. Москва, ул. Викторенко, дом 7 Экспертиза и сертификация

More Related