Cybersecurity and Commercial Aviation · cyber security threats is getting bigger and bigger 1. Attractiveness : Increasing number of diversely motivated, dynamic and active threat
Post on 22-Jul-2020
4 Views
Preview:
Transcript
Cybersecurity and Commercial Aviation
Jim Vasatka Director, Aviation Security
Boeing Commercial Airplanes
Pascal ANDREI Chief Security Officer
Airbus Group
Aviation Cybersecurity
Agenda
External Drivers
Challenges
Drivers Influencing
our Success
Threat Outlook
Strategy
Next Steps
Conclusions
title line
subtitle line
content top margin
center
content bottom margin
title line
subtitle line
content top margin
center
content bottom margin
left margin center
right margin
left margin
center right margin
• Safety, security and efficiency of the air transportation
system is an imperative
• Economics and business drive increased connectivity
• Increasingly complex and dynamic environment
• Unintended consequences of enhancements to security
layers sought without full understanding of the impacts
• Players acting with malice
The External Drivers
3
title line
subtitle line
content top margin
center
content bottom margin
title line
subtitle line
content top margin
center
content bottom margin
left margin center
right margin
left margin
center right margin
• Aviation operates in silos
• Success depends on many stakeholders
• Slow, deliberative pace of change
• Broad spectrum of technology deployed
• Unwillingness to share data necessary for system-wide
risk management
The Challenges
4
Drivers Influencing our Success
a) Aviation cyber standards
b) Security culture
c) Understand the threats & vulnerabilities
d) Understand the risk end-to-end
e) Communicate the threats / vulnerabilities & assure situational awareness
f) Incident response
g) Strengthen the defensive system
h) Design principles
i) Operational principles
j) National R&D Plan
k) Work together on strategy, policy and plans
l) Ensure common (or compatible) management of security within and across civil aviation (all regions & countries)
5
2. Attack surface of civil aviation sector to
cyber security threats is getting bigger and
bigger
1. Attractiveness : Increasing number of
diversely motivated, dynamic and active
threat sources investigating/ targeting (or
not) air transport
The cyber security concerns in civil aviation sector mainly result from
the combination of two factors:
December 2016
The reasons for cybersecurity concerns
6
Hangar
Maintenance &
Engineering Centre
Warehouse
Aircraft data
& parts suppliers
Outstation
Gate
Operations &
Dispatch centre
7
7
Air/Ground
Links
Satellite Communications
(SATCOM)
GateLink
(Wireless)
Passenger Connectivity
HF & VHF
Non exhaustive list
CYBERSECURITY
THREATS
Electronic Flight Bag, BYOD,
Portable data Loader…
7
Improvement Tracks Civil Aviation Players: United in Multiplicity and Diversity
• Currently, not all civil aviation
players share a common set of
objectives, methods, and criteria
for evaluation
• Perception of Risk depends
upon region, culture, values,
practices, objectives, interests,
oversight, duties, roles
• “My defense is your protection” -
Only true if we are singing from
the same sheet of music!
But the Maestro is missing…
… or not ready
8
title line
subtitle line
content top margin
center
content bottom margin
title line
subtitle line
content top margin
center
content bottom margin
left margin center
right margin
left margin
center right margin
• Understanding the risk and the needs of all stakeholders
all over the world (no country/region left behind)
• Priority-driven, industry-wide alignment of organizational
strategies and courses of action
• Addressing technical, economic and political realities
• Government policy decisions based on data-driven, risk-
informed analysis
• Openness to consideration of emerging foundational and
mitigation technologies
Aviation’s Strategy Must Include
9
Next Steps
• Develop a cybersecurity roadmap for aviation
• Government-industry consensus on path forward
• Uniform, system-wide threat analysis capability
• In-common risk management methodology
• Information sharing
• Incident response capabilities
• Robust, ongoing assessment of emerging mitigation
technologies
• Define next-generation connectivity
• Define international norms of behavior
10
Lessons Learned on Global Threat
Sharing
Jeffrey Troy Executive Director
Aviation Information Sharing and
Analysis Center
Lessons learned in global threat sharing
Acceptance of Cyber RISK in aviation runs the entire
spectrum • Need industry-view of the cost to remediate
• C-Suite commitment
• Growing the capability of the under resourced companies
12
A community of TRUST is the key to successful risk reduction
• Across and within all industry segments
• Leaders are sharing
• War gaming, Red Teaming
Incident response is everybody’s business
• Individual, industry and government TTXs
top related