EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk,...
Transcript of EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk,...
![Page 1: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/1.jpg)
EUROCONTROL’s view on cyber risk, threats and challenges in ATMPatrick MANAEATM-CERT Manager
![Page 2: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/2.jpg)
Complexity of Securing the Aviation Ecosystem
![Page 3: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/3.jpg)
EUROCONTROL 3
Evolution of ATM – towards digitalization
=>
![Page 4: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/4.jpg)
Cyber threat/risk dynamic
4EATM-CERT
![Page 5: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/5.jpg)
State-sponsored / Geo-political
5EATM-CERT
![Page 6: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/6.jpg)
Non aviation specific
6EATM-CERT
![Page 7: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/7.jpg)
7
Cyber-crime …
EATM-CERT
it’s an industry
![Page 8: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/8.jpg)
Cyber-crime e.g. ransomware
8EATM-CERT
![Page 9: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/9.jpg)
![Page 10: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/10.jpg)
EATM-CERT 10
Hackers groups (APTs) … some !
![Page 11: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/11.jpg)
Hacktivism more and more e.g. environmentalists
11EATM-CERT
![Page 12: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/12.jpg)
12
ATM Stakeholder SOC (1)
ATM Stakeholder SOC (1)ATM Stakeholder
ATM Stakeholder(1)
ATM Stakeholder
Alerts/other Incidents - intelligence/services
EATM-CERT
EUROCONTROL SOCs
Logs Recommendations
CERT-EU
EUROPOL
ENISA
System
NATO/EDA
EASA ECCSA
Cyber intelligence
Provider
Alerts/Incidents
Cyber intelligence
ProviderCyber
intelligenceProvider
CyberIntelligence
Intelligence/services
ATM CI Provider (US & other Regions
ATM CERT)
Thematic CERTs
National CERTs
EA-ISAC
SOC SOC
SOC
National CERTsNational CERTs
Alerts/Incidents
- intelligence
Significant Incidents - intelligence
EUROCONTROL
ATMManufacturerATM
ManufacturerATMManufacturer
ATM StakeholderATM
Stakeholder
EACCC
A-ISAC
![Page 13: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/13.jpg)
EATM-CERT servicesInitial set of services:1. Penetration test (EUROCONTROL services & products + Aviation stakeholders)2. Bank transfer scams via email3. Credentials leaks detection4. Sensitive document leaks detection5. Cyber Threat Intelligence (CTI) and feeds for aviation6. Quarterly cyber threat landscape report for senior management7. Support to incident response / Artefacts analysis8. Training - workshop for aviation Stakeholders9. TLP:WHITE CTI tools – raising awareness
Future services:1. Vulnerability scanning of Aviation Stakeholders2. Vulnerability watch3. Training exercises (table-top & technical)
![Page 14: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/14.jpg)
Penetration test / Vulnerabilities
![Page 15: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/15.jpg)
2 - Bank transfer scams via emailFrom: Veronique Martou] mailto:[email protected] [Sent: Tuesday, January 30, 2018 9:08 AMTo: XXXXSubject: RE: Payment Query/Eurocontrol Charges
Dear Sirs,we have sent a couple of emails to your accounts payable team without receiving any responses. please kindly avail us with the status of the invoices sent to you for the months of September to December 2017, to enable us reconcile our accounts and update your records in preparation of the upcoming audit of accounts. we regret allinconveniences and plead that you bear with us.note also that EUROCONTROL will not hesitate to take a strict enforcement measures and possible detention of your aircraft will be the inevitable consequence if you delay further to comply with this demands.
NB;PLEASE KINDLY FORWARD A COPY OF YOUR RESPONSES TO TO OUR ACCOUNTS TEAM AT [email protected] FOR PROMPT ACTIONS.
thanks for your cooperation and understanding.
we await your prompt response.
my best regards
Veronique MartouFinance and Revenue ManagerCollection of ChargesCRCO/R4 EUROCONTROL96Rue de la Fusee 1130Brussels.Email:[email protected]
EATM-CERT 15
![Page 16: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/16.jpg)
2 - Bank transfer scams via emailDomain name Domain closure: status Attempts counteurcontrolint.net Suspended 51eurocontroladmin.net Suspended 29euro-controlint.net Suspended 16euro-control-int.org Suspended 14eurocontrotint.net Suspended 13euro-control.net Suspended 9eurocontolint.net Suspended 7eurocontrolaudits.net Suspended 4euro-control.org Suspended 3eurocontrolaudit.net Suspended 3euro-controlinc.com Suspended 2eurocontroint.net Suspended 1eurocontrolints.net Suspended 1
![Page 17: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/17.jpg)
3 - Credentials leaks service
• EUROCONTROL: since 01/2018 (provided by SpyCloud)• Test phase till end 2018
• Many Stakeholders subscribed (approx. 90: ANSPs, AUs, AOs) • Very positive feedback
• As conclusive, then the service is proposed to be provided for the next 3 years + 2 optional one-year to all those willing to benefit from it:– Procurement (open CFT) by EUROCONTROL– Service paid using EUROCONTROL budget
17
![Page 18: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/18.jpg)
password leaks:97%
3 - Credentials leaks service
![Page 19: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/19.jpg)
3 - Credentials leaks service
![Page 20: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/20.jpg)
4 - Document/information leak service
• 1st 6-month Service test phase – completed (June 2019)• S2-2019 contract signed
• Some ANSPs - candidate testers - joined
• Main lessons learned:– 80-90% of leaks are coming from contractors– Service that requires to be further investigated– Need to be a first level of centralisation as it requires a pre-analysis
(reduce false/positive)20
![Page 21: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/21.jpg)
4 - Cyber-security service: doc/info leaks
![Page 22: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/22.jpg)
5 – Cyber Threat Intelligence (CTI) and feeds for aviation
• 1st 6-month Service test phase – completed (June 2019)• S2-2019 contract signed
• Main lessons learned:– Lot of information - need to sort out what is relevant – big data/AI
tool needed– Resource consuming– Are CTI vendors the best source of information for aviation vs
aviation stakeholders ?– Valuable for feeds not originating from aviation but relevant to
aviation22
![Page 23: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/23.jpg)
6 - Raising Senior Management awareness
EATM-CERT 23
![Page 24: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/24.jpg)
![Page 25: EUROCONTROL’s view on cyber risk, threats and challenges ......EUROCONTROL’s view on cyber risk, threats and challenges in ATM. Patrick MANA. EATM-CERTManager](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e78c868afdd2e004a0d9b2a/html5/thumbnails/25.jpg)