PKI: An Aviation Case Study

Stage 2

Several years ago, aviation OEMs began creating crypto graphically signed parts (called Loadable Software Aircraft Parts) to be installed onboard an aircraft; this was true not only for the latest e-Enabled aircraft such as the Boeing 737MAX/787 Dreamliners, or Airbus A220s, but also older aircraft such as the Airbus 319s, and includes software updates, configurations, and carrier-specific data such as thrust control, and navigation data.

While understanding that maintaining the integrity of onboard components and assuring that aircraft are safe to operate, or that changes came only from a valid and authorized source, LSAPs introduced several potential issues for aircraft operators. You might even ask how does one compare aviation to ICS? Well…

To contrast aviation against the ICS/SCADA and critical infrastructure world, aircraft share many commonalities such as uptime, safety, reliability, third-party vendors and more. And, in fact, there are hundreds of embedded parts onboard each aircraft, and are even akin to roaming “sites” that require the utmost rigour when managing, operating, and maintaining. Therefore, it might be fair to assume – aviation got to signed firmware before the ICS world.

Unfortunately, the advent of new secure industrial devices are upon us with standards such as ISA-62443, and so many of the short falls/challenges that are present when dealing with large scale Public Key Infrastructure (PKI), certificates, signing, part/firmware/project stores and skills/resources will likely rear their heads in the near future for asset owners.

This session is dedicated to helping asset owners, product owners, integrators and any other party interested to learn from known challenges and provide insight/discussion allowing them to safely navigate those challenges as they deploy a product (and related infrastructure) that utilizes these new security features using a parallel based-on a real world aviation use-case.

Protocols Secure Design & Dev Supply Chain