2nd Cybersecurity Workshop Test and Evaluation to Meet the...
Transcript of 2nd Cybersecurity Workshop Test and Evaluation to Meet the...
2nd Cybersecurity Workshop Test and Evaluation to Meet the
Advanced Persistent Threat
Faye Francy Aviation ISAC February 2015
Aviation ISAC Proprietary. All rights reserved.
Company Organization
Engineering, Operations & Technology
Boeing Capital Corporation
Shared Services Group
Commercial Airplanes
Defense, Space & Security
Corporate
Founded in 1916 in Seattle Became a leading producer of military and commercial airplanes
R&D, BTE & IT
Testing Early interaction with design teams (validate requirements, test objectives, testability)
Simulate cyber properties before prototypes/hardware available
Corporate Test Capabilities (dedicated networks, labs for LRUs, virtual cyber range)
Tailored to Domain and End Users
Internal IT: protect Intellectual Property (static/dynamic code analysis, pen testing+)
Military: “Contract requirements”, need clear RFP guidance, especially DT&E
Commercial Air: Safety driven (DO178-C); need security certification guidance
Threat-Based Test Planning and Beyond
Understand the threat (specific to the environment)
Determine what to test, how to test
Share Threat Data with Industry–more on this….
Tactically Important
Operational test and evaluation (OT&E), Pen/Red
Expensive (Time, $$$: need more trained personnel)
Hard Sell to Management (need requirements from customers) 3
T&E Approach
4
Airplane Technology is Evolving Global Mobility is a Requirement
Hardware functions transitioning to
software- hosted features
Advanced features added to airplane
Connectivity demands increasing
Resilient systems a requirement Software assurance, systems engineering, supply chain risk
Ku
L Band
Air/Gnd
None
Connectivity 2010 Ku
Ka
L Band
Air/Gnd
None
Connectivity 2014 777 787Data Transmitted
(MB / Flight)
~ 28MB
Aviation ISAC Proprietary. All rights reserved.
5
Guiding Principles Build it Right, Continuously Monitor
Airplanes are Safe Design guidelines / Test protocols Cyber Issue Papers FAA regulatory compliance
Special Conditions
Layered protection FAR 25.1309 – Equipment, Systems, & Installations
Critical, Essential, Non-Essential
Failure modes
Domain separation Configuration control
Actively manage Fault reporting Log analysis Information sharing
Aviation ISAC Proprietary. All rights reserved.
An Adversary that – Possesses significant levels of
expertise / resources Creates opportunities to achieve its
objectives by using multiple attack vectors (e.g. cyber, physical)
Establishes footholds within networked architecture systems To exfiltrate information Impede critical mission or program
objectives Position itself to carry out objectives later
6
Advanced Persistent Threat
Critical to Protect Aircraft Design and IP
The Threat A National Security Issue
Rapidly escalating cyber threats
Executive action
Comprehensive Global approach
Resiliency for our Critical Infrastructures
Cybersecurity is a National Security Issue
“Now our enemies are also seeking the ability to sabotage our power grid, our financial
institutions, and our air traffic control systems.”
Feb, 2013
Executive Order 13636: Improving Critical Infrastructure
Cybersecurity
Presidential Policy Directive 21: Critical Infrastructure Security and
Resilience
Aviation ISAC Proprietary. All rights reserved.
Encourages the formation of communities to share information broadly across regions, sectors and industries, and to rapidly respond to emerging threats.
Voluntary establishment of Information Sharing and Analysis Organizations (ISAOs), includes Information Sharing & Analysis Centers (ISACs) Open and collaborative approach
Omni-directional communication
Bridges gap between the public/private sector
Voluntary standards for sharing.
Efficient means for granting clearances
8
Promoting Private Sector Cybersecurity Information Sharing Executive Order (EO) 2/13/15
Aviation ISAC Proprietary. All rights reserved.
Working Together is Critical
9
Newly-formed Aviation ISAC Working Together across the Aviation Sector
Incorporated September 2014 Building membership International engagement
Leveraging other ISACs Services Available
Focused Intelligence Information/Briefings
Cyber-Physical Integration
Member to Member Sharing
Distribute Information Gathering Costs across the
Sector and with other Sectors
Non-attribution and Anonymity of Submissions
Information source for the entire organization
Risk mitigation for aviation sector
Comparative advantage in risk mitigation
Security and Resiliency
National Council of ISACs
Aviation ISAC Proprietary. All rights reserved.
Disseminate timely, actionable intelligence to Aviation Sector
Establish 3rd party organization dedicated to Aviation Focus on cyber & physical threats to aviation Fusion of private sector & USG info
NCCIC – Cross Sector Awareness ADIAC – Intel sharing focused on Aviation A-ISAC – Dissemination private sector / share anonymously
Intelligence “watch floor” for sector intel Analysis, production, reporting of threats / intel Protocols for info sharing & attribution (TLP) Virtual, leveraging partners analytical capabilities
Info sharing roles & responsibilities Collection & sharing of member reporting Dissemination of USG reporting Liaise with USG Coordinate with ISACs from other critical infrastructure sectors
10
Operational Model for A-ISAC Shared Situational Awareness across Aviation Sector
11
A-ISAC Info Sharing Relationships Timely, Actionable Intelligence, Anonymized
Open Sources
Other Industries & Sectors
Other Info Sharing
Orgs - NCI
Gov & All Other • Incident reporting •Tips / field reports
TLP TLP
• Intelligence • Incident reporting • Trends & analysis
• Analyzes, aggregates, fuses information • Filters & selects for Aviation relevance • Protects member info & attribution (TLP) • Creates alerts & analysis for members • Coordinates response & recovery • Interfaces with Gov / other sectors
• Urgent alerts & indicators • Intelligence reports • Best practices • Mitigation strategies
• Aviation expertise • Indicators • Incident reports • Mitigation actions
NCCIC ADIAC Other Govt
Govt & All Other A-ISAC Members
A-ISAC VOLUNTARY
Anonymized
10 Members
Airlines
Airports Suppliers
Service Providers
General Aviation
Manufacturers Industry
Associations
Air Cargo
MROs- FBOs
January 2015 Aviation ISAC Proprietary. All rights reserved.
Anonymized
Resilient / Trustworthy Systems Essential
Cybersecurity must be addressed throughout the lifecycle Aviation ISAC Proprietary. All rights reserved.
The Connected Airplane is here… Interoperability / Interconnections - shifting the paradigm Working Together across all disciplines is essential
Our Network Strategy is driving… A common cross model airborne infrastructure Common off-board communications links Common ground interfaces Application & service offerings
Addressing Cybersecurity is essential New territory for regulators and private sector Will drive service model to a “push” for in-service support
A Working Together Model is key Leveraging all stakeholders across the community Cyber security must be embedded across the aviation ecosystem
Summary The Trajectory
Trusted environment for anonymized information sharing and collaboration
Shared situational awareness
Focused, actionable intelligence
Global engagement
Greater responsiveness and resilience
Reduced business risk
A Resilient Global Aviation Transportation System
Shared Situational Awareness and Collaboration
Aviation ISAC Proprietary. All rights reserved.
Copyright © 2013 Boeing. All rights reserved.
Thank you!
Contact Information The Trajectory – Safe, Secure, Efficient and Resilient Global Air Transportation System
Faye Francy, Executive Director
703-861-5417
Terrance Kirk, Operations Manager [email protected]
301-346-0715
Douglas Blough, Senior Analyst [email protected]
609-775-8355
Candice Burke, Secretary [email protected]
425-238-1164
Working Together Across the Aviation System For A Resilient Global Aviation Transportation System
Aviation ISAC Proprietary. All rights reserved.
Industry players join to improve global aviation security Annapolis Junction, MD, September 29, 2014– Private companies in the aviation sector are collaborating to create a means for analyzing and sharing information about physical and cyber security threats across the industry.
Seven airlines and manufacturers have established the Aviation Information Sharing & Analysis Center (A-ISAC), a non-profit organization based in Annapolis Junction, MD. A-ISAC will function as a specialized forum for managing security risks to the aviation industry as well as those encountered by companies directly linked to the broader aviation infrastructure.
A-ISAC will create a framework for government and industry stakeholders to enhance existing intelligence resources through quick and efficient information sharing. The Center also will establish initiatives to improve incident response time to security threats and be active in the development of policies on security, incident response, and information sharing issues.
About A-ISAC - The Aviation Information Sharing & Analysis Center, formed in 2014, is a non-profit and private aviation sector initiative. It was created and developed in conjunction with the Aviation Sector Coordinating Council and members from across the aviation industry. Its primary function is to allow member firms to share timely, relevant and actionable physical and cyber security information and analysis pertaining to threats, vulnerabilities and incidents. The A-ISAC also enables collaboration between member firms and government.
16
A-ISAC Press Release (September, 2014)