CyberInflight’s digest for Q2 2021 is out ! In this digest, we want to give an introduction to the CMMC framework (Cybersecurity Maturity Model Certification), which measures cybersecurity maturity and aligns a set of processes and practices with the type and sensitivity of information to be protected.
Here is the agenda for the digest:
I. Introduction to CMMC
What is CMMC ?
CMMC levels and domains
CMMC processes and practices
CMMC rollout phases
II. Threat Intelligence
Noticeable facts of Q2 2021 (1/2)
Noticeable facts of Q2 2021 (2/2)
III. Aerospace Tech Review webinar presentation
2021 threat timeline
Observed market forces
You can register to our Quarterly Digest service here or write us at digest@cyberinflight.com to submit a topic of your choice.
The NIST special publication SP 800-53 Rev. 5 entitled “Security and Privacy Controls for Information Systems and Organizations” provides a catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets.
Government programs and organizations have attempted to take portions of NIST governance documents and apply it to space systems. The Space Overlay takes the existing control sets (such as the CNSSI No. 1253 and the NIST 800-53 Rev. 5) and articulates what could be applicable to the spacecraft.
Find out more in our strategic market intelligence report dedicated to Space Cybersecurity. Participate to the interview process here: contact@cyberinflight.com
In April 2021, CyberInflight became a member of Space ISAC. CyberInflight is proud to be the first french company to be part of this prestigious association.
Space ISAC serves to facilitate collaboration across the global space industry to enhance the ability to prepare for and respond to vulnerabilities, incidents, and threats; to disseminate timely and actionable information among member entities; and to serve as the primary communications channel for space sector with respect to this information.
Space ISAC is the only all-threats security information source for the public and private space sector. It will be the most comprehensive, single point source for data, facts and analysis on space security and threats to space assets. Space ISAC also provides analysis and resources to support response, mitigation and resilience initiatives.
CyberInflight will bring its expertise in market intelligence in the domain of aerospace cybersecurity to help Space ISAC members. Our participation in this association will allow us to gather, consolidate and analyze information in order to provide comprehensive resources for the space industry.
Our new digest is out ! In this document, we provide a thorough review of all the patents related to the topic of aircraft cybersecurity. Did you know that there are approximately 180 patents on this topic and that 60% of them were issued in the last 2 years ? This certainly show a growing interest or a growing concern regarding potential cyberattack onboard an aircraft.
The scope covered by these patents is very broad and covers a wide set of topics. Look at the mindmap below to get a better idea.
In this digest, as usual, the list of noticeable facts, in particular cyberattacks, on aerospace stakeholders for Q1 2021.
Here is the agenda for the digest:
I.Patents on aircraft cybersecurity
Embedded cybersecurity timeline
Introduction on aircraft cybersecurity patents
Flashcard on Boeing’s patent
Aircraft cybersecurity patents per company
Aircraft cybersecurity patents per year
Mindmap of key patented topics
Key patented topics
II.Threat Intelligence
Noticeable facts of Q1 2021 (1/3)
Noticeable facts of Q1 2021 (2/3)
Noticeable facts of Q1 2021 (3/3)
You can register to our Quarterly Digest service here or write us at digest@cyberinflight.com to submit a topic of your choice.
On March 10, 2021, CyberInflight was honored to present some of its research work to one of the ICAO instance dedicated to the implementation of the AIDC protocol (Air Traffic Services Inter-Facility Data Communication).
This day of presentations and webinars was organized by ICAO’s NACCregional office (North American and Central America) to facilitate the deployment of the AIDC protocol among the various member states.
The AIDC protocol is a data link application that provides the capability to exchange data between air traffic service units during the notification, coordination and transfer of aircraft between flight information regions.
CyberInflight brought a general market approach to the implementation of this protocol which has been initially specified in 1999 and which implementation requires important coordination and bespoke adaptation in the various member states.
Thanks ICAO for your confidence and a special thanks to Avila Mayda for making this possible !
On March 8, 2021, CANSO published its Air Traffic Management Cybersecurity Policy Template to help states implement cybersecurity mechanisms and culture across entire ATM systems and security operations.
This document recommends the implementation of best practices based on a list of reference documents and provides a list of requirements to aviation stakeholders such as Civil Aviation Authorities, Air Navigation Service Providers, Airports Operators and any other aviation organization that is part of the State Aviation System to ensure the implementation of cybersecurity procedures and best practices.
This document has been written in cooperation with ICAO and Airbus.
For this occasion, we would like to share 4 mindmaps with our followers synthetizing information from the following documents. A complete description of these regulatory papers is explained in our Digest on Regulations.
Readers of the Aerospace Cybersecurity Market Intelligence report, Edition 2020, may recall one of our forecast indicating that the cybersecurity will be more and more present inside the aircraft.
“One of the expected trends is the development of onboard security enabling secure communications within the aircraft. To date, the cybersecurity of inflight systems (such as aircraft IFE or IFC) was directly taken care of by legacy equipment providers. With the development of cyberthreats, airlines are foreseen to consider third party cybersecurity suppliers to protect aircraft communication. The installation of dedicated cybersecurity equipment has already been witnessed in business and military aviation.“
This forecast was built based on a set of interviews with airlines from regional players to major international players. Recent patent publications from aircraft manufacturers seems to validate this forecast. In particular, we decided to take a detailed look at the last Boeing’s patent filled in June 2019 and which has just been published in December 2020. In this patent, Boeing describes a method for obfuscating the network mapping of the aircraft to passengers through the use of a dedicated network module. This methods presents to the passenger an artificial and dynamic network mapping and is particularly useful to impede any network reconnaissance from a ill-intended passenger.
Our next quarterly digest, to be published at the end of Q1, will provide a complete review of all the relevant patents on aircraft cybersecurity.
Find an excerpt below. Stay connected.
Recent Boeing’s patent on aircraft network cybersecurity
Did you miss our presentation during the Aircraft Commerce conference ? 2020 was definitively a busy year from the defense and the attack side.
Find out our 2020 timeline for the first 3 quarters of 2020. It seems that Q4 was even more busy with the publicly revealed cyberattacks on: Falcon, IndiGo, Embraer, Leonardo or Kopter…
Find the details of all attacks publicly revealed in Q4 in our last Quarterly Digest.
In this quarterly digest, we make a retrospective of the year 2020 which was definitively a busy year when considering the number of attacks on aerospace stakeholders 🏃♀️
In particular, during this last quarter, a significant number of attacks on aerospace stakeholders have been made publicly available. You will find 5 pages of noticeable facts within this digest.
Also we wanted to share our experience on a vulnerability disclosure process which we have followed and which didn’t prove convincing so far. However we hope that things will improve soon…👍
Here is the agenda for the digest:
I.Retrospective of the year 2020
Evolution of the cyberthreat level
Evolution of the information sharing landscape
Evolution of embedded security
II.Threat Intelligence
Noticeable facts of Q4 2020 (1/5)
Noticeable facts of Q4 2020 (2/5)
Noticeable facts of Q4 2020 (3/5)
Noticeable facts of Q4 2020 (4/5)
Noticeable facts of Q4 2020 (5/5)
III.Food for thoughts
Feedback on a vulnerability disclosure process
If you missed CyberInflight’s presentation during the Aircraft Commerce Virtual Conference in Nov. 2020, the presentation slides are included as part of this digest.
CyberInflight has just launched its Quarterly Digest Service 💡
This subscription allows you to receive a 15-pages consulting report every 3 months on the recent aerospace cybersecurity news, each digest diving into a specific topic 🔍
Subscribers can be active readers by voting and suggesting the topics to be addressed in the coming digests✋
