INFOSEC - Information Security was developed due to the implementation of open architectures and communications protocols throughout the National Airspace System (NAS) which has increased the vulnerability to information security attacks.
BCI is currently supporting the InfoSec by performing the following: development of the Security Test and Evaluation (ST&E) Laboratory, definition of objectives for Independent Penetration Testing, Security System (Intrusion Detection Systems, Firewalls, Virtual Private Networks, etc.), Evaluation, Security System Prototyping, and Security Certification Support. BCI has specific experience in certification under the FAA's Information Systems Security Policy.
CASSNET - BCI is currently supporting AAR-510 in development of the Civil Aviation Security System Network (CASSNET) Architecture. BCI has developed and produced the CASSNET Architecture Standard, which profiles interface requirements for securely integrating information from various airport security systems. By providing a common architecture, CASSNET may permit evolution of security requirements not otherwise possible with independent systems.
BCI's support includes development of a prototype laboratory for validation of the architecture and development of advanced airport security services.
ATN SECURITY - The ATN SARPS have recently been extended to provide security for ATN air-to-ground and ground-to-ground communications. The ATN security approach is utilizing state-of-the-art Elliptic Curve Cryptography (ECC) for authentication of ATN communications in a constrained bandwidth environment.
BCI personnel served as editors for Sub-Volume VIII (Security) of ICAO Doc. 9705, and for the security enhancements to Sub-Volume V (Internet Communications Service). BCI's implementation of the ATN ECC schemes was instrumental in validation of the SARPS. BCI also developed the guidance material for the SARPS. BCI is currently working to specify support for confidentiality as an enhanced ATN security feature.
DATA LINK SECURITY - BCI is working with the FAA towards the next generation of Controller-Pilot Data Link (CPDLC) programs to define the requirements for ATN and other security measures.
PUBLIC KEY INFRASTRUCTURE - BCI is supporting the FAA in evaluating Public Key Infrastructure (PKI) systems by examining Certification Authority (CA) systems to determine whether they support the ATN unique & NAS general requirements including support for industry standards (i.e. Internet Protocol Security (IPSec)).
NAS SYSTEM SECURITY - BCI is currently supporting in developing the requirements for secure management of NAS Subsystems. Specifically, BCI is supporting development of interface requirements using the industry standard Simple Network Management Protocol Version 3(SNMPv3). SNMPv3 will provide enhanced services, which include access control, authentication, integrity, and privacy.
Working with Industry - BCI works closely with other industry leaders in the fundamental technologies for information security and, as a member of the Standards for Efficient Cryptography Group (SECG), closely monitors the latest industry developments. Our implementation of elliptic curve cryptography is used for validation of FAA systems and has been used for independent validation of SEC2:Recommended Elliptic Curve Domain Parameters, and we are familiar with the application of industry initiatives including the use of Protection Profiles under the Common Criteria.
For further information on any of the services that we provide, please contact our Corporate Office at 856-778-1660. Visit SECG's website at: www.secg.org.