Role of Trust in Intelligence Sharing and Automated Operations I
Facebook Twitter LinkedIn

Signed Control System Firmware, Parts, and Documents—Opportunity or Pain?

Combined Session
Thursday, October 10, 2019 13:00—14:00
Location: Murrow-White-Lisagor

Several years ago, aviation OEMs began creating crypto graphically signed parts (called Loadable Software Aircraft Parts-LSAP) to be installed onboard an aircraft; this was true not only for the latest e-Enabled aircraft such as the Boeing 737MAX/787 Dreamliners, or Airbus A220s, but also older aircraft such as the Airbus 319s, and includes software updates, configurations, and carrier-specific data such as thrust control, and navigation data.

While understanding that maintaining the integrity of onboard components and assuring that aircraft are safe to operate, or that changes came only from a valid and authorized source, LSAPs introduced several potential issues for aircraft operators. You might even ask how does one compare aviation to ICS? Well...

To contrast aviation against the ICS/SCADA and critical infrastructure world, aircraft share many commonalities such as uptime, safety, reliability, third-party vendors and more. And, in fact, there are hundreds of embedded parts onboard each aircraft, and might even be akin to roaming "sites" that require the utmost rigor when managing, operating, and maintaining.  Therefore, it might be fair to assume - aviation may have arrived at signed firmware before the ICS/critical infrastructure world.

Unfortunately, the advent of new secure industrial devices are upon us with standards such as ISA-62443, and so many of the short falls/challenges that are present when dealing with large scale Public Key Infrastructure (PKI), certificates, signing, part/firmware/project stores and skills/resources will likely rear their heads in the near future for asset owners.  And it is here that, we as a community need to create solutions that automate, minimize solution overhead, and properly enable critical infrastructure operators to employ adequate security when managing cryptographic primitives, lists, and secure files.

This session is dedicated to:

Ronald Brash
Ronald Brash
Verve Industrial

Tickets

CyberNext Summit & Borderless Cyber
€700
€1000
 
All days: Oct
Two day ticket
€550
€750
 
Day 1 + Day 2
€550
€750
 
Day 2 + Day 3
€550
€750
 
Day 1 + Day 3
€550
€750
 
One day ticket
€300
€500
 
Day 1
€300
€500
 
Oct
Day 2
€300
€500
 
Oct
Day 3
€300
€500
 
Oct
CyberNext Summit & Borderless Cyber - Gov. rate
€360
 
Government rate, All days: Oct
Two day ticket - Gov. rate
€295
 
Day 1 + Day 2
€295
 
Day 2 + Day 3
€295
 
Day 1 + Day 3
€295
 
One day ticket - Gov. rate
€230
 
Day 1
€230
 
Oct
Day 2
€230
 
Oct
Day 3
€230
 
Oct
Have you participated in our events?
Contact us to get a special discount
Subscribe for updates
Please provide your email address