Visible to the public Securing Trajectory based Operations Through a Zero Trust Framework in the NAS

TitleSecuring Trajectory based Operations Through a Zero Trust Framework in the NAS
Publication TypeConference Paper
Year of Publication2020
AuthorsNace, L.
Conference Name2020 Integrated Communications Navigation and Surveillance Conference (ICNS)
Date Publishedsep
Keywordsaccess network data, aerospace computing, Air traffic control, aircraft communication, authorisation, boundary protections, castle-moat approach, critical data, ever-evolving threat sophistication, FAA systems, FAA Telecommunications Infrastructure network, human factors, hybrid ZTX approach, insider threats, internal network devices, NAS Zero Trust, NAS.ZTF, national airspace system, network perimeter, operating costs, policy-based governance, pubcrawl, resilience, Resiliency, Scalability, strong boundary security protections, TBO infrastructure, TBO objectives, time-based management data, tool availability, trajectory based operations, verify approach, zero trust, zero trust framework, ZTF theory
AbstractCurrent FAA strategic objectives include a migration to Trajectory Based Operations (TBO) with the integration of time-based management data and tools to increase efficiencies and reduce operating costs within the National Airspace System (NAS). Under TBO, integration across various FAA systems will take on greater importance than ever. To ensure the security of this integration without impacting data and tool availability, the FAA should consider adopting a Zero Trust Framework (ZTF) into the NAS.ZTF was founded on the belief that strong boundary security protections alone (traditionally referred to as the castle-moat approach) were no longer adequate to protecting critical data from outside threats and, with ever-evolving threat sophistication, contamination within a network perimeter is assumed to already exist (see Figure 1).To address this, theorists developed a framework where trust is controlled and applied to all internal network devices, users, and applications in what was termed a "Never Trust; Always Verify" approach to distinguish the authorized from the unauthorized elements wanting to access network data.To secure achievement of TBO objectives and add defensive depth to counter potential insider threats, the FAA must consider implementing a hybrid approach to the ZTF theory. This would include continued use of existing boundary protections provided by the FAA Telecommunications Infrastructure (FTI) network, with the additional strength afforded by the application of ZTF, in what is called the NAS Zero Trust eXtended (ZTX) platform.This paper discusses a proposal to implement a hybrid ZTX approach to securing TBO infrastructure and applications in the NAS.
Citation Keynace_securing_2020