The problem statement for the project is "How can an aircraft system domain be emulated and tested for cybersecurity?" The project involves the development and configuration of an Aircraft Information Services Domain (AISD) emulation, and a compatible penetration testing kit. The aircraft domain security enhancement is intended to provide a testing ground for aircraft networks before they are implemented with real networks.
There are two stages of development for this project. First, the AISD will be emulated allowing for remote testing and configuration. The emulated network will encompass several medium to low priority components to the network. This will involve several connected software applications specific to the aircraft domain. Second, a penetration testing kit will be developed to test the security of the aircraft’s network. The aircraft domain is a complex system containing many communicating critical and non-critical components. Testing these systems becomes increasingly difficult as more components are added which further leads to the importance of a flexible emulated environment.
The completion of this project will provide a virtual environment for the security of the aviation domain to be evaluated. This virtual environment will be on a host machine that members of the team can remotely access to run tests on the network. A greater focus on the system functioning as a CTF has also led to the design of the keyhunts that will be conducted on the system, as well as the design of the interface used to pentest the system with. These two facets will heavily prioritize usability for the pentester. Another focus will be the testing standards used to evaluate security of the network. These will be well defined corresponding to NIST standards to be incorporated into the CTF to accurately evaluate network security. To comply with NIST standards, new expectations of the network include ability to detect and adapt to intrusions.