www.thalesgroup.com CybAIRVision® International Cyber Warfare & Security Conference, 27 November 2014, Ankara Cécilia Aguero 2 / CybAIRVision® CYBERSECURITY? CYBERDEFENSE? DCW? OCW? Terms & Concepts 3 / 1. Cyber-Security: Status expected for an information system allowing it to withstand events from cyberspace that may compromise the availability, integrity or confidentiality of data stored, processed or transmitted and related services that these systems offer or make accessible. Cyber security involves technical security of information systems and is based on the fight against cybercrime and the establishment of a cyber defense. 2. Cyber-defense: All technical and non-technical measures allowing a country to defend cyberspace information systems deemed essential. 3. DCW and OCW: With defensive cyber-war (DCW) and offensive cyber-war (OCW), cyber helps defend and attack computers and networks of computers that control a country. 4. The National Institute of Standards and Technology (NIST): NIST is a US Department of Commerce agency, charged of norms & standards. The NIST « cyber » framework is, since June 2014, the common Thales Group Cyber Security framework. 4 / Cyber & CybAIR® : 2 complementary approaches The CYBER expert checks information FLOW (ipSec policies, interruption, leaks,…) The CYBAIR® expert analyzes information consistency (multi source comparison) The CYBER expert are IT Centric e.g. checks known malware The CYBAIR® expert checks abnormal system behaviour “Antivirus is dead” said Brian DYE, Symantec SVP, the 6th of May 2014 IT- Centric AND Domain-Specific/Behavior analysis provides additional protection It allows also the detection of dysfonctions . Model-based anomaly detection for integrity monitoring 5 / Models capture information related to what is possible / not possible, what is normal / abnormal regarding objects involved in air operations TRS has deep knowledge about typical behavior of the following objects: Aircraft •Performance Airspace and traffic •Structure •Aircraft presence/areas, traffic flows •ATC data links Terrain, Sea, Sun environment • Effects on detection Weather environment •Timely evolution, •Effects on detection Radars •Coverage •Data flow •EW (jamming, spoofing) Operations •Mission plan, progress Communications • Bandwith, latency • Topology Computing •Operational processes, data flows •Loads Human activities •Roles, working hours, activities •Data production cycle •Voice communication calls Voice communication •VoIP protocols 6 / CybAIRVision® BUSINESS ALTERATIONS ? Business Alterations Examples (1/2) 7 / Alterations by buffer cloning Remanence effect: copying all blocks of a radar detection to the following The radar tracker will create new "ghost" tracks depending on the type of cloned plots Camera effect: replace the actual flow by an older one, previously recorded DoS (denial of service): 500 cloned plots Business Alterations Examples (2/2) 8 / Alterations by message generation Claim / Signature: 2D plot line => message in 3D Zone transposition : real "Red" area, destination "green" area 9 / CybAIRVision® OFFER OVERVIEW 10 / CybAIRVision® Suite CybAIR Radbox : the radar security solution 11 / Real-time sensor that analyzes the information provided by radars to detect possible intrusions affecting the detection Alerts the user upon occurrence of an abnormal behavior and their operational consequences and provide decision aids Includes forensics and post-analysis features Designed and prototyped HMI with the users 40-year of Air Defense experience embedded in the CybAIR Radbox CybAIR® Radbox : Use cases 12 / 1 6 2 7 3 4 5 1 Secure the radar side interfaces : New radars 2 Secure the radar side interfaces : Legacy radars 3 Secure the radar side interfaces : Tactical radars 4 Connect a military radar to a civilian ATM center 5 Connect a radar with multiple clients 6 Add an operational supervision feature 7 Add CybAIR detection with CybAIR agents CybAIR® Multilink : Principles 13 / Military Radars CybAIR Com Services Military C² CybAIR ATC Common Services CybAIR Analyze CybAIR Flow C-Box Box optimized for center specificities : communication services : idem R-Box common services : idem R-Box technical & operational supervision : box HW & SW status, multi-radars data flow quality, center coverage, record & replay CybAIR detection : “AIR Operation” specific business probes real time events correlation engine CybAIR® Multi-Link : Use cases 14 / 1 6 3 2 7 4 5 1 Secure the center side interfaces : Legacy radars 2 Secure the center side interfaces : New radars 3 Secure center to center interfaces 4 Connect a military center to a civilian ATM center 5 Connect a center with multiple clients 6 Add an operational supervision feature 7 Add CybAIR detection with CybAIR agents CybAIR® Picture : Principles 15 / Army HMI NVG Flow Navy National or NATO COP AIR / IAMD Space Cyber National Centre or NATO CybAIR Picture P-Box Analyzer optimized for National specificities : communication services : Spying HMI inputs NVG standard / Web portal CybAIR Picture : Up to 6D Awareness (5 battlefields + temporal dimension) Real time data confidence analysis Real time data inconsistencies analysis CybAIR® Picture : Use cases 16 / SWIM JRE 1 2 3 4 5 1 Situation & threats awareness from NATO ACCS Web Portal Interface Army 2 Situation & threats awareness from NATO ACCS (Awcies) Interface Navy AIR / IAMD Space 3 4 Situation & threats awareness from NATO NCOP (NVG) Interface Situation & threats awareness from JRE Interface Cyber 5 Situation & threats awareness from SESAR SWIM Interface 17 / CybAIR® Picture : HMI Overview 18 / CybAIR® Picture : Focus on SupAIRVision www.thalesgroup.com Thank You for your attention cecilia.aguero@thalesraytheon-fr.com