Argus Cyber Security Consulting Services for Aviation
As aircraft come online, they become vulnerable to cyber attacks. Aircraft connectivity can adversely affect passenger safety, brand liability, and shareholder value. In this new reality, airframers and Tier 1s, as well as commercial airlines, must identify and close security gaps to mitigate potential damage and avoid cyber-related costs. Moreover, early identification and mitigation of security risks are requirements of the existing and proposed regulation on aircraft cybersecurity.
Argus provides consulting services to aviation OEMs, Tier 1s, IFEC providers and airlines, designed to prevent cyber-related recalls, identify cyber risks and help with responding to cybersecurity threats and real-time incidents. These services help customers integrate cybersecurity practices, processes, and solutions throughout the development and lifespan of an airborne system and connected aircraft.
The Argus Aviation research team includes expertise in modern avionics systems (e.g., A653, AFDX, A825), IFE/ IFC systems (usually using Ethernet, embedded Linux and Android), analyzing e-enabled aircraft security logs (e.g., Argus is a provider of a dedicated SIEM system to e-enabled aircraft) as well as hard-core cyber security engineering capabilities in hardware chips, software libraries, operating systems, communication protocols and more.
TARA projects are conducted in the design stage and during the system’s life span to identify potential security gaps and cyber threats within the architecture of airborne systems and components. When completed, the customer receives a detailed technical report that includes a list of identified cyber threats as well as recommendations for how best to prepare for and reduce identified security gaps.
TARA projects can be performed in accordance with the ASISP recommendations, with industry standards DO-326A/ED-202A, DO-356A/ED-203A or other customer-specific guidelines to comply with local regulation. The TARA process can be used as the basis for a system or component security concept.
Typically, a TARA process will include identification of the assets, threats, and vulnerabilities in the target system and an estimation of the risk level associated with different threat scenarios. TARA reports recommend security measures and controls that could be utilized in order to mitigate the level of risk identified.
PT helps the customer identify vulnerabilities within a specific network and components of a target system (e.g., IFEC system vulnerabilities could be found within access points, smart screens, crew panel, switches, etc.) Possible attack scenarios are composed based on the identified vulnerabilities and the resulting security status of the system is measured against the security requirements defined by the customer. At the conclusion of PT projects, Argus delivers a report including technical explanations of the identified vulnerabilities, as well as recommendations for improving the cyber resilience of system components and overall system security.
Threat Analysis and Risk Assessment (TARA)
Penetration Testing (PT)
Security Requirements Specification (SRS)
Argus Security Requirements Specification (SRS) services provide OEMs and Tier-1s with cybersecurity requirements for target networks, components or systems that are focused on achieving the stated cyber-security objectives. Based on customer inputs and relevant regulation, the Argus Research Team defines the features and methodologies through which cybersecurity objectives can be met. SRS projects are conducted in close co-operation with the customer and ensure that verification and validation methods are in place so that customer input and objectives are accounted for. For the most effective results, SRS services should be introduced at the earliest possible stage of aircraft, system or network design. The service is provided in accordance with the guidelines of IDO 326A/ED 202A.