Several years ago, aviation OEMs began creating crypto graphically signed parts (called Loadable Software Aircraft Parts-LSAP) to be installed onboard an aircraft; this was true not only for the latest e-Enabled aircraft such as the Boeing 737MAX/787 Dreamliners, or Airbus A220s, but also older aircraft such as the Airbus 319s, and includes software updates, configurations, and carrier-specific data such as thrust control, and navigation data.
While understanding that maintaining the integrity of onboard components and assuring that aircraft are safe to operate, or that changes came only from a valid and authorized source, LSAPs introduced several potential issues for aircraft operators. You might even ask how does one compare aviation to ICS? Well...
To contrast aviation against the ICS/SCADA and critical infrastructure world, aircraft share many commonalities such as uptime, safety, reliability, third-party vendors and more. And, in fact, there are hundreds of embedded parts onboard each aircraft, and might even be akin to roaming "sites" that require the utmost rigor when managing, operating, and maintaining. Therefore, it might be fair to assume - aviation may have arrived at signed firmware before the ICS/critical infrastructure world.
Unfortunately, the advent of new secure industrial devices are upon us with standards such as ISA-62443, and so many of the short falls/challenges that are present when dealing with large scale Public Key Infrastructure (PKI), certificates, signing, part/firmware/project stores and skills/resources will likely rear their heads in the near future for asset owners. And it is here that, we as a community need to create solutions that automate, minimize solution overhead, and properly enable critical infrastructure operators to employ adequate security when managing cryptographic primitives, lists, and secure files.
This session is dedicated to: