www.thalesgroup.com
CybAIRVision®
International Cyber Warfare & Security Conference,
27 November 2014, Ankara
Cécilia Aguero
2 /
CybAIRVision®
CYBERSECURITY? CYBERDEFENSE? DCW? OCW?
Terms & Concepts
3 /
1.
Cyber-Security:
Status expected for an information system allowing it to withstand events from
cyberspace that may compromise the availability, integrity or confidentiality of data
stored, processed or transmitted and related services that these systems offer or make
accessible. Cyber ​security involves technical security of information systems and is
based on the fight against cybercrime and the establishment of a cyber defense.
2.
Cyber-defense:
All technical and non-technical measures allowing a country to defend cyberspace
information systems deemed essential.
3.
DCW and OCW:
With defensive cyber-war (DCW) and offensive cyber-war (OCW), cyber helps defend and
attack computers and networks of computers that control a country.
4.
The National Institute of Standards and Technology (NIST):
NIST is a US Department of Commerce agency, charged of norms & standards. The NIST
« cyber » framework is, since June 2014, the common Thales Group Cyber Security
framework.
4 /
Cyber & CybAIR® : 2 complementary approaches
The CYBER expert checks
information FLOW
(ipSec policies, interruption, leaks,…)
The CYBAIR® expert analyzes
information consistency
(multi source comparison)
The CYBER expert are IT Centric
e.g. checks known malware
The CYBAIR® expert checks
abnormal system behaviour
“Antivirus is dead”
said Brian DYE,
Symantec SVP,
the 6th of May 2014
IT- Centric AND Domain-Specific/Behavior analysis provides additional protection
It allows also the detection of dysfonctions
.
Model-based anomaly detection for integrity monitoring
5 /

Models capture information related to what is possible / not possible, what is
normal / abnormal regarding objects involved in air operations

TRS has deep knowledge about typical behavior of the following objects:
Aircraft
•Performance
Airspace and traffic
•Structure
•Aircraft presence/areas, traffic
flows
•ATC data links
Terrain, Sea, Sun
environment
• Effects on detection
Weather
environment
•Timely evolution,
•Effects on detection
Radars
•Coverage
•Data flow
•EW (jamming, spoofing)
Operations
•Mission plan, progress
Communications
• Bandwith, latency
• Topology
Computing
•Operational processes, data
flows
•Loads
Human activities
•Roles, working hours, activities
•Data production cycle
•Voice communication calls
Voice communication
•VoIP protocols
6 /
CybAIRVision®
BUSINESS ALTERATIONS ?
Business Alterations Examples (1/2)
7 /
Alterations by buffer cloning


Remanence effect:

copying all blocks of a radar detection to the following

The radar tracker will create new "ghost" tracks depending on the type of cloned
plots
Camera effect:


replace the actual flow by an older one, previously recorded
DoS (denial of service): 500 cloned plots
Business Alterations Examples (2/2)
8 /
Alterations by message generation

Claim / Signature: 2D plot line => message in 3D

Zone transposition : real "Red" area, destination "green" area
9 /
CybAIRVision®
OFFER OVERVIEW
10 /
CybAIRVision® Suite
CybAIR Radbox : the radar security solution
11 /

Real-time sensor that analyzes the information
provided by radars to detect possible intrusions
affecting the detection

Alerts the user upon occurrence of an abnormal
behavior and their operational consequences and
provide decision aids

Includes forensics and post-analysis features

Designed and prototyped HMI with the users
40-year of Air Defense experience embedded in the CybAIR Radbox
CybAIR® Radbox : Use cases
12 /
1
6
2
7
3
4
5
1
Secure the radar side interfaces : New radars
2
Secure the radar side interfaces : Legacy radars
3
Secure the radar side interfaces : Tactical radars
4
Connect a military radar to a civilian ATM center
5
Connect a radar with multiple clients
6
Add an operational supervision feature
7
Add CybAIR detection with CybAIR agents
CybAIR® Multilink : Principles
13 /
Military Radars
CybAIR
Com
Services
Military C²
CybAIR
ATC
Common
Services
CybAIR Analyze
CybAIR Flow
C-Box
Box optimized for center specificities :
 communication services : idem R-Box
 common services : idem R-Box
 technical & operational supervision :
 box HW & SW status,
 multi-radars data flow quality, center coverage, record & replay
 CybAIR detection :
 “AIR Operation” specific business probes
 real time events correlation engine
CybAIR® Multi-Link : Use cases
14 /
1
6
3
2
7
4
5
1
Secure the center side interfaces : Legacy radars
2
Secure the center side interfaces : New radars
3
Secure center to center interfaces
4
Connect a military center to a civilian ATM center
5
Connect a center with multiple clients
6
Add an operational supervision feature
7
Add CybAIR detection with CybAIR agents
CybAIR® Picture : Principles
15 /
Army
HMI NVG Flow
Navy
National or NATO
COP
AIR / IAMD
Space
Cyber
National Centre
or NATO
CybAIR Picture
P-Box
Analyzer optimized for National specificities :
 communication services : Spying HMI inputs NVG standard / Web portal
 CybAIR Picture :
 Up to 6D Awareness (5 battlefields + temporal dimension)
 Real time data confidence analysis
 Real time data inconsistencies analysis
CybAIR® Picture : Use cases
16 /
SWIM
JRE
1
2
3
4
5
1 Situation & threats awareness from NATO ACCS
Web Portal Interface
Army
2 Situation & threats awareness from NATO ACCS
(Awcies) Interface
Navy
AIR / IAMD
Space
3
4
Situation & threats awareness from NATO NCOP
(NVG) Interface
Situation & threats awareness from JRE Interface
Cyber
5
Situation & threats awareness from SESAR
SWIM Interface
17 /
CybAIR® Picture : HMI Overview
18 /
CybAIR® Picture : Focus on SupAIRVision
www.thalesgroup.com
Thank You for your attention
cecilia.aguero@thalesraytheon-fr.com