ATCA Cyber Day 2017 Slides · PDF fileCNS/ATM & NextGen Services Communication Navigation &...

Aviation CybersecurityATCA presents

#ATCACyber

Registration#ATCACyber

Welcome!

FREE WIFINetwork: PSAV-DTCC

Passcode: atca17

#ATCACyber

Peter F. Dumont President and CEO

Air Traffic Control Association

Welcome

#ATCACyber

Steve CarverCyber Committee Chair


Opening Remarks

#ATCACyber

Richard MorganDirector

National Airspace Security and Enterprise OperationsFAA Technical Operations Services

Keynote Address

#ATCACyber

2

NASEO Security Roadmap CY 2021 2022+

Collaborative C

yber Oversight and M

anagement of the N

ASId

entif

y

Restricted Intel Comms

Prot

ect

Det

ect/R

espo

nd/R

ecov

er

IRAT Data

Auth Docs

Asse

tsTh

reat

sB

ound

ary

Syst

ems

Even

tsD

ata

Flow

2020201920182017

NCMS

NESG

Edge Defense-in-Depth

NAS System Boundary Protection Integration

Remote Management Access GatewayExternal Identity and Access Management (IAM)

NAS Lab Environment Segregation

Event Collection

Event Monitoring

NARUS

Coordinated Risk Management

POAM Prioritization/ Risk Translation

Standardized NAS Patch Management Reqs./ProcessesCentralized Software and Patch Management (CSPM)

Internal Identity and Access Management (IAM)

Operational Site Risk Assessment

Cyber Situational Awareness

NCO Event Collector Site Expansion/Tech Refresh

NAS System Event Collection Integration

NCO Intelligent Traffic Monitoring (ITM)

NCO NAS Data Flow Validation/Mapping

NCO NAS Data Flow Modeling/Alerting

NCO Event Collection Optimization (filtering, parsing, etc.)NCO Integrated Cyber Monitoring Suite

NCMS NAS Baseline/Maintenance

OMB 14-03 Compliance

Vulnerability Identification

POAM Generation

Cross-Domain NAS Lab Environs

Limited Intel Distribution

Centralized Asset Database (query, reporting, etc.)

Advanced Intel Collaboration

Integrated Intel and Threat Assessment Capability

(NCO, FAA SOC, AEO)FAA-wide Classified Comms

Automated Intel Distribution

NAS Threat Model

Security Enterprise Asset Management (SEAM)

NAS Assets Dashboards

Operational Risk Management

Low Altitude UAS Cybersecurity

#ATCACyber

Panelists: Tim Bennett, DHS

Erin Joe, FBILt. Col. John R. Ladino, USAF

Stephen Van Trees, FAA

Moderator: Jennifer Richter, Akin Gump Strauss Hauer & Feld LLP

ATCAAviationCybersecurity

Friday,June23,2017Arlington,VA

LowAltitudeUASCybersecurity

Why Are We Concerned About Cybersecurity and UAS?

n FAA forecasts that US sales of sUAS will be 7 million units a year by 2020n Inherent Qualities of sUAS Can Lead to Security Concerns

● sUAS can fly in unpredictable patterns, they have a low acoustic signature, they can be modified to avoid geofencing restrictions

● sUAS offer a unique level of anonymity, plausible deniability, no required Remote ID and Tracking today, there are no controls at the point of sale, they can be easily assembled at home and built with off the shelf parts, registration is voluntary

n Types of Threats from sUAS● They could be weaponized (ISIS drone attacks disrupted airstrikes in Raqqa.

Domestically, a man was charged in a plot to bomb the pentagon using a model airplane)

● They could be used for illicit activity (delivering drugs)● They can be used in a negligent manner, either ignorantly (White House event) or

willfully

n What do we need to protect? ● Critical infrastructure, power plants, military bases, public gathering places

(stadiums, amusement parks)

Presentedto:

By:

Date:

FederalAviationAdministrationSecurityOverviewfor

UASOperationsintheNAS

ATCA2017

Stephen Van Trees, FAA Aircraft Certification Service

06/23/2017

10FederalAviationAdministration

Agenda:• National Aviation System (NAS)• Unmanned Aircraft System

– Integrated, concern-driven approach– Significance of Multi-agency participation

• Standards and System implementation• Rules and Regulations on UAS

– Example in upcoming FAA advisory material


E-enabled Aircraft Evolution

11


Notional Aircraft Domains

CNS/ATM & NextGen ServicesCommunication

Navigation & Surveillance

Air Traffic Control Centers

GPS & Ground Navigation Aids

Airline Networks

(ACARS)

Internet / Public Networks

Con

trols

1

3

1

2

3

2

Network Security Access Points

Air Traffic Services (ATS) Provider Non-Air Traffic Services Provider

Aircraft Systems Information Security Protection (ASISP)

FAA Air Traffic Services Connectivity

Internal Aircraft Network Security Controls

E-Enabled Aircraft Connectivity including FLS

12


Physical security from UAS• Non-cooperative drones can do harm and even attack value targets. The primary concern here is

detecting/countering non-cooperative drones and protecting targets before any harm.• Jamming & spoofing technologies that hackers might use to cyberattack unmanned aircraft may also

be useful for counter-UAV.

Safety and security risks from UAS to NAS• When a normal UAS operation is interrupted (via cyber/physical threats or loss of command/control),

it may become a risk to NAS, potentially impacting and jeopardizing safety and security of NAS. Theprimary concern is to protect NAS from threats caused by UAS.

Security of UAS cyber space• There are multiple cyber attack vectors that can threaten normal operation of unmanned aircraft

system (unmanned aircraft, ground and air links and infrastructure) – spoofing, jamming, insiderattack, data hacking and manipulations. Detecting//protecting UAS from various cyber attacks maybe the main concern here.

UAS: Safety and Security

Threatto UAS Threatfrom UAS

NAS

Safety

NationSecurity


Detect Inform

Respond Avoid

Preempt Evaluate NationalSecurityRisk

SocietalSafetyIssues

RisktoNAS

EconomicsImpact

RisktoAircraft

PhysicalRisk

Intentional Cooperative

Safety&Security:Government,Industry&Society

DoD DHS FAA OEMs Users


End-to-End Security Goals• Based on government determination of threats to

civil UAS Command and Control– Threats not isolated to ‘C2 Link’ and SC-228– SC-228 has a role in threat countermeasures, however

• End-to-End security needs to be part of an overall Defense in Depth strategy

• Longevity of Security Controls – Overall Risk Management

• End-to-End à These controls are implemented onboard the UAS and at the ‘Control Source’(nowhere in the middle)

15


Topics Addressed in Advisory Circular 20-187 - UAS Link Security• Allowed cryptographic algorithms & strengths

– Key sizes– Algorithm modes– Sunset dates

• Confidentiality, integrity and entity authentication controls for end-to-end link security

• Data origin authentication (per message/frame) & strength

• Implementation flexibility for developers

16


Assurance Level Based Requirements?• Layered security levels (based on UAS type/size or

airspace participation) are possible– Potentially tailor all proposed security requirements for

class of service and/or size of UAS (or its operations in types of controlled airspace)

17


FAA Extension, Safety, and Security Act of 2016(a.k.a. 2016 FAA Funding Reauthorization Bill)SEC. 2111 AVIATION CYBERSECURITY(a) COMPREHENSIVE AND STRATEGIC AVIATION FRAMEWORK. --

(1) IN GENERAL. – Not later than 240 days after the date of enactment of this Act, the Administrator of the Federal AviationAdministration shall facilitate and support the development of a comprehensive and strategic framework of principles andpolicies to reduce cybersecurity risks to the national airspace system, civil aviation, and agency information systems using atotal systems approach that takes into consideration the interactions and interdependence of different component of theaircraft systems and the national airspace system.

(2) SCOPE.—In carrying out paragraph (1), the Administrator shall—(A) identify and address the cybersecurity risks associated with—

(i) the modernization of the national airspace system;(ii) the automation of aircraft, equipment, and technology, and(iii) aircraft systems

….(Total 5 pages)Reference: https://www.congress.gov/bill/114th-congress/house-bill/636/text#toc-HDBDD3B2849AD44FD86E5E77E4616F085


19

Questions?• Stephen Van Trees• FAA/AIR-132• (202) 267-8546• [email protected]

Tim Bennett, PMPBorder and Maritime Security Division

Air Based Technologies

21

FY16 FY17 FY18 FY19Mid-Term

FY20 FY21 FY22Long-Term Mission Areas

Air

Bas

ed

Tech

nolo

gies SUASDataProtocols

ISRandSensors

SUASSensors

ModernizationofMissionManagementSystems&DataLink

InnovativeTechnologiesandTacticsforSUAS

Air Surveillance

RAPSPhaseII

SenseandAvoidSystemsforUAS

Tunn

el

Det

ect

RobotsforTunnelInvestigations. Underground

Portand

Co

astal

Surveillance

PortandCoastalSurveillance

UnmannedSystemSensorEvaluationandDevelopment(Surface)

Robotic R&D Plan

22

RoboticAircraftSensorProgram(RASP)

Demonstrate&AnalyzethepotentialimpactsofsmallUnmannedAircraftSystems(sUAS)technologyonmaritime,borderandlawenforcementactivitiesandoutcomestobetterunderstandtherisks,benefitsandlimitationsofoperatingexistingCommercialofftheShelf(COTS)sUAStechnology.Also,providetrainingopportunitiesformaritimeandbordersecurityoperatorstoassesssUASsuppliersystemsundertypicalmaritimeandbordermissionscenarios

NeedStatement

ProjectObjective

• Maritime,customsandborderlawenforcement

• Searchandrescue• Harmagainstofficersafety• Situationalawareness• Hazardousmaterialincidentresponse• Border,ports,waterways,andcoastalsecurity

&counter-terrorism

• Provideincreasedairsupporttoagentsandfirstrespondersasneeded• IncreaseairsupporttoUSCGofficersduringoperationsinthelittoral• ofDHSComponentsandfirstrespondersonthecurrentstateofthe

artinunmannedairplatformssensorsystems• EducatesuppliersonthespecificneedsofDHSComponentsandfirst

responders

Capabilityneedsinoverwatch &intelligencedatafor:

LeadingTo

Approach:• LeverageS&T’sInvestmentsinsUASevaluationsthroughRobotic

AircraftforPublicSafety(RAPS)• SelectsUASsuppliers basedontheinitialassessmentresults,to

performinborderenforcementandmaritimeenvironments• AssessSuppliers’PlatformsusingS&T’srobuststandardized

assessmentmethodologyforsUAS• AnalyzeResultsandDevelopaReport basedonthefindingsofthe

finalassessment

DesiredOutcomes:• Oneyeardemonstrationusingbothfixedandrotary

wingUAS• Creationofaknowledgeresourcedatabase;onetest

reportpersupplierassessedaspartofRASP• Provideinformationaboutperformanceinrealistic

operationaltestscenariosandenvironments;emergencyresponse,beaconresponse,injuredoperator/search&rescue,borderandmaritimesurveillance.

• In-depthinformation&guidanceforfuturesensorsandsUASdevelopmenttomeetborderandlawenforcementrequirements

LeadingTo

23

ResilientGPS

Providequantitative/qualitativeassessmentsofhowcapablyCOTSsUASsystemscanaugmentCBPandUSCGpersonnelintheconductofBMDmissionsinborder/marineenvironmentswhereGPSthreatsarepresent.DocumentspecificattributesandimplementationdetailsofRASPsUAScollectedduringinteractionswithmanufacturers,andprovideanassessmentofvulnerabilitiesimplicitinthedesignoftheseaircraft.Identifytechnologiesandtechniquesthatcouldbeusedtocounter GPSthreatsinfuturesUAS systemsandenhanceresilience.

• Maritime,customsandborderlawenforcement• Searchandrescue• Harmagainstofficersafety• Situationalawareness• Hazardousmaterialincidentresponse• Border,ports,waterways,andcoastalsecurity&

counter-terrorism

• SmallUnmannedAircraftSystems(sUAS)beingassessedinRASPmaritimeandbordersecurityscenariosarenothardenforGPSthreats

• WhenCBPagentsleveragesUASforairsupportinborderregionscouldexperiencesignificantmissiondegradationinresponsetoinexpensiveGPSjammersemployedagainstthem

• VulnerabilitiesofCOTSsUASneedstobeunderstoodanddocumentedsothatsystemscanbemodified

InabilityofcurrentCOTSsUAStoprovideintelligencefor:

Approach:• ExtendpreviousS&T’sInvestmentsfromRASP• AssesscandidatesUASandbaselineexpected

performancethroughmanufactureroutreach,simulationandanalysis,anddemonstrationofjammer/spoofer impact

• ArticulatemitigationstrategiesbasedonchangestosUAS technicalimplementation,TTPandCONOPS

• Synthesizeresultsin aReport basedonassessmentfindings

DesiredOutcomes:• EstablishbaselineperformanceexpectationsforunmodifiedCOTSsUASsubjectedtoGPSthreats

• Provideroadmapofhigh-levelapproachestoincreasesituationalawarenessofthreatsandgeolocate them

• SystemlevelsUASrequirementsthatinformfutureS&Tinvestmentsandacquisitionstrategy

• EngagemanufacturerswithassessmentresultsandnegotiatetechnicalenhancementsonbestperformingRASPsUAStoincreaseresiliencetoGPSthreats

NeedStatement

ProjectObjective

LeadingToLeadingTo

24

DHSFirstResponderElectronicJammingExercise

Demonstrate&AnalyzetheimpactsofElectronicthreatsonSmallUnmannedAircraftSystems(sUAS)technologyanditseffectivenessinsupportingpublicsafetyincludingborderandlawenforcementactivities.Also,providetrainingopportunitiesforbordersecurityoperatorstoassesssUASsuppliersystemsundertypicalbordermissionscenarios

• ProvideancontrolledenvironmenttoevaluateFirstResponderandUASequipmentagainstanumberofcommerciallyavailablejammers

• Assessthetraining,techniquesandproceduresusedbytheFirstResponderwhenencounteringelectronicthreats

• AssesstheeffectivenessofUASsinexecutingFirstResponderScenariosinathreatrichenvironment

• Expectedincreaseinincidentsofjammingduetotheavailabilityoflowcostjammers

• Firstresponderssystemsmaybeeffectedbythesejammers

DHSFirstResponderExerciseatWhiteSandsMissileRangewill:

Approach:• LeverageS&T’sInvestmentsinsUASevaluationsthroughRAPSI/RAPSII

• LeverageS&T’sInvestmentsintheWhiteSandsMissileRangetesting

• ProvideSupplierswithauniqueenvironmenttounderstandandevaluateemergingthreatsfromCommercialOfftheShelfJammingsystems

• AssessSuppliers’PlatformsusingS&T’srobuststandardizedassessmentmethodologyforUASinaJammingenvironment

DesiredOutcomes:• UnderstandingofvulnerabilitiesofUASinajammingenvironment

• Creationofaknowledgeresourcedatabase;developandunderstandingofanygapsintechnologiesortrainingtoovercomejammingandinterference

• EvaluateeffectivenessofUASsystemsinaRFstressedenvironmentinrealisticoperationaltestscenariosandenvironments;emergencyresponse,beaconresponse,injuredoperator/search&rescue,bordersurveillance

• Identifylessonslearnedandanalysisthatwouldleadtoimprovedtechnologiesthatwouldberesilienttoelectronicthreatsorjamming

NeedStatement

ProjectObjective

LeadingToLeadingTo

DRONES, SECURITY, PRIVACY AND RIGHTSSECURITY CONCERNS v. LAW

Section Chief Erin JoeCyber Division

UNCLASSIFIED

FBI Cyber Strategy

• Constant development of FBI technical expertise

• “Shrinking the world” through global partnerships

• Imposing costs on malicious actors• Helping state and local partners to

develop cyber capabilities• Striving to work more effectively

with the private sector

27UNCLASSIFIED

Social Media Romance/Confidence

Cyber Attacks and Trends

DDoS

Theft of IP

Theft of PII, PHI

Point of SaleBreaches

Doxing

False Tax Return Filings

Network Destruction Attacks

Ransomware and Extortion

Business E-mail Compromise

Website Defacements

28UNCLASSIFIED

FBI Liaison Alert System Messages, or FLASHs, provide indicators of compromise to private industry and law enforcement partners.

FLASH Messages

PINs provide background information on trending cyber threats that inform private industry and law enforcement partners’ strategic decision making in the cyber threatscape.

Private Industry Notifications

PSAs provide general information on cyber threats to the public and recommendations for prevention and mitigation of these threats.

Public Service Announcements

Private-Sector Information Sharing Products

UNCLASSIFIED 29

Other Considerations

• Contacting Law Enforcement• Legal Issues and Media• Disruption; Interference with an Aircraft• Balance; Drone Threat v. Response Danger• Information Sharing

30UNCLASSIFIED

Bandwidth Hotspots

31UNCLASSIFIEDUNCLASSIFIED

Unclassified

UNCLASSIFIED

Questions?

32

Section Chief Erin M. [email protected] (desk)

I n t e g r i t y - S e r v i c e - E x c e l l e n c e

Headquarters U.S. Air Force

sUAS and Aviation Cyber Security

Lt Col John Ladino, CISSPMilitary-Civil Aviation Integration/Cyber

HQ USAF/A3OJ

CLASSIFICATION: UNCLASSIFIED

Office of the Secretary of Defense - Joint Chiefs of Staff – Army – Navy – Marine Corps – Air Force – NORTHCOM

DoD Equities as Air Navigation System User

n 9,808 Fixed Wing Aircraftn 1,498 Transport/Tanker Aircraft

n 5,268 Rotary Wing Aircraft

n 776 Full Sized UAS/RPAn Additional 7,244 Small UAS

34


B r e a k i n g B a r r i e r s … S i n c e 1 9 4 7

Aviation Cyber Security

n UAS are part of larger aviation ecosystem

n Need to assess threats from UAS as well as threats to UASn Threats common to air platformsn UAS-specific cyber concerns

35


Threat includes broad spectrum of vectors – impacts DoD/USG/Industry

n Expanding UAS/sUAS platform capabilities

n Undefined or poorly defined policy, especially for sUAS


sUAS Challenges

n Surveillancen Key to ensuring safety of aircraft operationsn Facilitate sUAS flights without impact military ops

n Airspace impacts – Increased potential disruptions by sUAS ops

n Counter UASn Technology to protect critical infrastructure, special eventsn Enable allowable operations and protect against bad actors

36

Drives need for a “UTM” system – ExCom partnership to develop and implement




Recognized “Holistic Approach”to Interagency Aviation Cybersecurity


Interagency Engagement for Aviation Ecosystem Cybersecurity

n DoD Policy Board for Federal Aviationn UAS subgroup and proposed Aviation Security subgroup

n Aviation Governance Coordinating Council (AGCC)n Cybersecurity Working Group

n DoD NextGen Lead Service Officen FAA Interagency Planning Office (ANG-I)

n Aviation Cybersecurity Initiative (ACI)n DHS-led Task Force (DoD, FAA, FBI, DNI) – updates to NSC

38


Questions?

Jennifer RichterAkin Gump Strauss Hauer & Feld LLP(202) [email protected]

Lt Col John Ladino, CISSPUSAF Military-Civil Aviation Integration/Cyber(703) [email protected]

Stephen Van Trees, FAAFAA Aircraft Certification Service(202) [email protected]

Tim Bennett, PMPDHS Science and Technology Directorate(202) [email protected]

Erin M. JoeFBI CyberDivision Section Chief (703) [email protected]

NETWORKING BREAK10:45 – 11:15 a.m.

#ATCACyber


Passcode: atca17

#ATCACyber

Larry GrossmanDeputy Director, Information Security & Privacy

FAA

Keynote

#ATCACyber

Presented to:

By:

Date:

Federal AviationAdministration

Federal AviationAdministration

Cybersecurity Update

ATCA Cybersecurity Day

Larry Grossman, FAA Deputy CISO

June 23, 2017

44Federal AviationAdministrationJune 2017

AIS Organizational Structure


FAA Cyber Initiatives

Protect

Detect

Governance• Cybersecurity Steering Committee

• CSC Working Group

• Aviation Systems Cyber Vulnerability Working Group

• Updated Information Security & Privacy Policy (Order 1370.121)

• FAA Cybersecurity Strategy 2017-2022

• NAS Cybersecurity Framework

• CyTF

• Enterprise Security Architecture

• Simulated Phishing Attacks

• Security and Privacy Awareness training

• FAA SOC Transformation

• Vulnerability Scanning

• Continuous Diagnostics & Mitigation (CDM)

• Data Loss Prevention (DLP)

• IR Plan

• IR Exercises

• Multi-Agency Cyber Exercises

• COOP

• Annual ISCP Testing

• Resiliency

Identify

• Enterprise Cyber Threat Model

• Cybersecurity R&D Plan

• High Value Risk process

• ASISP ARAC

• Cyber threat, vulnerability, incident sharing

Recover

Respond


FAA Cyber Initiatives – CSF Aligned

Larry GrossmanDeputy Director, Information Security & Privacy

FAA

Keynote

#ATCACyber

Industry Initiatives in the Ever-Changing Cyber World

#ATCACyber

Panelists: Jonathan Couch, ThreatQuotient

Mark Heck, RaytheonNeil Hyland, ICAO

James Menendez, CGI Federal, Inc.

Moderator: David Almeida, LS Technologies

FlightPrep&Departure En-route/Oceanic Approach&GroundOps

GroundComms (private/internet)SWIM,FICE,etc.(Datacom)CloudInfrastructureIPaddressableA/Gradios

Satcom,GPSA/Gcommerciallinks(A/GSWIM)On-boardsystemsSWIMacrossregions

VoiceComms (NVS),datalinksGroundoperations(AOC),A-CDMUAS/UTMonapproachSWIMacrossstakeholders

UTM

UAS

Transition Transition

Industry Initiatives in the Ever-Changing Cyber World

#ATCACyber

Panelists: Jonathan Couch, ThreatQuotient

Mark Heck, RaytheonNeil Hyland, ICAO

James Menendez, CGI Federal, Inc.

Moderator: David Almeida, LS Technologies


Passcode: atca17

#ATCACyber

Interactive Tabletop Exercise

#ATCACyber

Peter F. Dumont President and CEO


Closing Remarks

#ATCACyber

Steve CarverCyber Committee Chair


Closing Remarks

#ATCACyber


#ATCACyber

Registration


#ATCACyber

RegistrationTHANK YOU TO OUR TITLE

SPONSOR:


#ATCACyber

Registration


#ATCACyber

RegistrationTHANK YOU TO OUR EVENT SUPPORTERS:

www.atca.org/cyber

Engage with ATCA

#ATCACyber

www.facebook.com/AirTrafficControlAssociation

www.facebook.com/AirTrafficControlAssociation

www.twitter.com/ATCA_Now

www.youtube.com/ATCANow

YAPPY HOURDoubletree Lobby Bar

#ATCACyber

Sponsored by:

Join ATCA’s Young Aviation Professionals (YAPs) for


#ATCACyber

Registration#ATCACyber

Thank you for joining us!

ATCA Cyber Day 2017 Slides · PDF fileCNS/ATM & NextGen Services Communication Navigation &...

Documents

Transcript of ATCA Cyber Day 2017 Slides · PDF fileCNS/ATM & NextGen Services Communication Navigation &...