Download pdf - 2nd Cybersecurity Workshop Test and Evaluation to Meet the ...itea.org/.../022615_1100_Francy_AISAC_ITEA_FINAL.pdf · Faye Francy, Executive Director. [email protected] 703-861-5417

2nd Cybersecurity Workshop Test and Evaluation to Meet the

Advanced Persistent Threat

Faye Francy Aviation ISAC February 2015

Aviation ISAC Proprietary. All rights reserved.

Company Organization

Engineering, Operations & Technology

Boeing Capital Corporation

Shared Services Group

Commercial Airplanes

Defense, Space & Security

Corporate

Founded in 1916 in Seattle Became a leading producer of military and commercial airplanes

R&D, BTE & IT

Presenter

Presentation Notes

Boeing is organized into two business units: Boeing Commercial Airplanes and Boeing Defense, Space & Security. Supporting these units are Boeing Capital Corporation, a global provider of financing solutions; Boeing Engineering, Operations & Technology, which helps develop, acquire, apply and protect innovative technologies and processes and the Shared Services Group, which provides a broad range of services to Boeing worldwide.

Testing Early interaction with design teams (validate requirements, test objectives, testability)

Simulate cyber properties before prototypes/hardware available

Corporate Test Capabilities (dedicated networks, labs for LRUs, virtual cyber range)

Tailored to Domain and End Users

Internal IT: protect Intellectual Property (static/dynamic code analysis, pen testing+)

Military: “Contract requirements”, need clear RFP guidance, especially DT&E

Commercial Air: Safety driven (DO178-C); need security certification guidance

Threat-Based Test Planning and Beyond

Understand the threat (specific to the environment)

Determine what to test, how to test

Share Threat Data with Industry–more on this….

Tactically Important

Operational test and evaluation (OT&E), Pen/Red

Expensive (Time, $$$: need more trained personnel)

Hard Sell to Management (need requirements from customers) 3

T&E Approach

4

Airplane Technology is Evolving Global Mobility is a Requirement

Hardware functions transitioning to

software- hosted features

Advanced features added to airplane

Connectivity demands increasing

Resilient systems a requirement Software assurance, systems engineering, supply chain risk

Ku

L Band

Air/Gnd

None

Connectivity 2010 Ku

Ka

L Band

Air/Gnd

None

Connectivity 2014 777 787Data Transmitted

(MB / Flight)

~ 28MB


5

Guiding Principles Build it Right, Continuously Monitor

Airplanes are Safe Design guidelines / Test protocols Cyber Issue Papers FAA regulatory compliance

Special Conditions

Layered protection FAR 25.1309 – Equipment, Systems, & Installations

Critical, Essential, Non-Essential

Failure modes

Domain separation Configuration control

Actively manage Fault reporting Log analysis Information sharing


An Adversary that – Possesses significant levels of

expertise / resources Creates opportunities to achieve its

objectives by using multiple attack vectors (e.g. cyber, physical)

Establishes footholds within networked architecture systems To exfiltrate information Impede critical mission or program

objectives Position itself to carry out objectives later

6

Advanced Persistent Threat

Critical to Protect Aircraft Design and IP

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRw&url=http://www.itbusinessedge.com/slideshows/the-most-famous-advanced-persistent-threats-in-history.html&ei=eibtVLOxPNfaoATdiID4CQ&bvm=bv.86956481,d.cGU&psig=AFQjCNEMVOfLKHl7YZ1SEFVPJ7nJmyiybA&ust=1424914416909243

The Threat A National Security Issue

Rapidly escalating cyber threats

Executive action

Comprehensive Global approach

Resiliency for our Critical Infrastructures

Cybersecurity is a National Security Issue

“Now our enemies are also seeking the ability to sabotage our power grid, our financial

institutions, and our air traffic control systems.”

Feb, 2013

Executive Order 13636: Improving Critical Infrastructure

Cybersecurity

Presidential Policy Directive 21: Critical Infrastructure Security and

Resilience


Presenter

Presentation Notes

We all rely on critical infrastructure to travel and communicate, work and play. The assets and systems we depend on are essential to our way of life. Networks are embedded in our economies and our political and social lives. While this interconnectedness creates immense economic value, we now realize is a major source of risk to commerce and our nation. Our Nation's critical infrastructure is complex and interconnected, and we must understand not only its strengths, but also its vulnerabilities to these emerging threats. In October of 2012, Defense Secretary Leon E. Panetta warned that the United States was facing the possibility of a “cyber-Pearl Harbor” . Cyber incidents can have devastating consequences on both physical and virtual infrastructure. We must all take responsibility to fortify against cyber risks - improving infrastructure security, and enhancing cyber information sharing between government and the private sector. Physical threats put our Nation's most important assets at risk. Imagine the impact of both a physical and cyber attack? What would 9-11 have looked like with the added cyber attack? Not a good thought. We must fortify the partnerships between the USG and businesses in our private sector. We must continue to modernize our critical infrastructure and bolster our ability to overcome whatever challenges we may face. Cyber is not only a national security issue but a team sport. Or to coin an old phrase from Hilary Clinton “It takes a Village”. All Americans have a part to play in protecting our critical infrastructure and making it more resilient. President Obama announced two policies in February, 2013: Executive Order 13636: Improving Critical Infrastructure Cybersecurity Presidential Policy Directive 21: Critical Infrastructure Security and Resilience Together, they create an opportunity to effect a comprehensive national approach Implementation efforts will drive action toward system and network security and resiliency

Encourages the formation of communities to share information broadly across regions, sectors and industries, and to rapidly respond to emerging threats.

Voluntary establishment of Information Sharing and Analysis Organizations (ISAOs), includes Information Sharing & Analysis Centers (ISACs) Open and collaborative approach

Omni-directional communication

Bridges gap between the public/private sector

Voluntary standards for sharing.

Efficient means for granting clearances

8

Promoting Private Sector Cybersecurity Information Sharing Executive Order (EO) 2/13/15


Working Together is Critical

Presenter

Presentation Notes

Encourages the formation and widening of communities to share information broadly across regions, sectors and industries, and to rapidly respond to emerging threats. Voluntary establishment of Information Sharing and Analysis Organizations (ISAOs), which includes Information Sharing and Analysis Centers (ISACs), such as the Aviation ISAC. Provides the platform for an open and collaborative approach that facilitates omni-directional communication for effective action, and can leverage the strong partnerships and information sharing already underway to help further bridge the gap between the public and private sectors. Calls for the development of voluntary standards for interoperable information sharing between and among the government and private sector. A-ISAC applauds the Administration’s proactive steps to further strengthen information sharing and providing actionable intelligence between public and private sectors. The EO provides a heightened awareness and a call for increased and improved engagement. Although much attention has been given to the issues, action-oriented solutions and effective results are desperately needed. The Administration’s support of a multi-layered approach, focused on effective collaboration between the public and private sectors, is critical.

9

Newly-formed Aviation ISAC Working Together across the Aviation Sector

Incorporated September 2014 Building membership International engagement

Leveraging other ISACs Services Available

Focused Intelligence Information/Briefings

Cyber-Physical Integration

Member to Member Sharing

Distribute Information Gathering Costs across the

Sector and with other Sectors

Non-attribution and Anonymity of Submissions

Information source for the entire organization

Risk mitigation for aviation sector

Comparative advantage in risk mitigation

Security and Resiliency

National Council of ISACs


Disseminate timely, actionable intelligence to Aviation Sector

Establish 3rd party organization dedicated to Aviation Focus on cyber & physical threats to aviation Fusion of private sector & USG info

NCCIC – Cross Sector Awareness ADIAC – Intel sharing focused on Aviation A-ISAC – Dissemination private sector / share anonymously

Intelligence “watch floor” for sector intel Analysis, production, reporting of threats / intel Protocols for info sharing & attribution (TLP) Virtual, leveraging partners analytical capabilities

Info sharing roles & responsibilities Collection & sharing of member reporting Dissemination of USG reporting Liaise with USG Coordinate with ISACs from other critical infrastructure sectors

10

Operational Model for A-ISAC Shared Situational Awareness across Aviation Sector

Presenter

Presentation Notes

Establish 3rd party organization dedicated to Aviation Legally separate entity (503c) Focus on cyber & physical threats to aviation Fusion of private sector & USG info Leader engaged with aviation industry and USG Intelligence “watch floor” for sector intel Small staff – Director, Ops, (2-4) fulltime intel analysts Analysis & production of intelligence Reporting and alerting of threats Protocols for info sharing & attribution (TLP) A-ISAC info sharing roles & responsibilities Collection & sharing of member reporting; dissemination of USG reporting Liaise with USG Sector-Specific Agencies (SSAs) & US Intel Community Coordinate with ISACs from other critical infrastructure sectors

11

A-ISAC Info Sharing Relationships Timely, Actionable Intelligence, Anonymized

Open Sources

Other Industries & Sectors

Other Info Sharing

Orgs - NCI

Gov & All Other • Incident reporting •Tips / field reports

TLP TLP

• Intelligence • Incident reporting • Trends & analysis

• Analyzes, aggregates, fuses information • Filters & selects for Aviation relevance • Protects member info & attribution (TLP) • Creates alerts & analysis for members • Coordinates response & recovery • Interfaces with Gov / other sectors

• Urgent alerts & indicators • Intelligence reports • Best practices • Mitigation strategies

• Aviation expertise • Indicators • Incident reports • Mitigation actions

NCCIC ADIAC Other Govt

Govt & All Other A-ISAC Members

A-ISAC VOLUNTARY

Anonymized

10 Members

Airlines

Airports Suppliers

Service Providers

General Aviation

Manufacturers Industry

Associations

Air Cargo

MROs- FBOs

January 2015 Aviation ISAC Proprietary. All rights reserved.

Anonymized

Resilient / Trustworthy Systems Essential

Cybersecurity must be addressed throughout the lifecycle Aviation ISAC Proprietary. All rights reserved.

The Connected Airplane is here… Interoperability / Interconnections - shifting the paradigm Working Together across all disciplines is essential

Our Network Strategy is driving… A common cross model airborne infrastructure Common off-board communications links Common ground interfaces Application & service offerings

Addressing Cybersecurity is essential New territory for regulators and private sector Will drive service model to a “push” for in-service support

A Working Together Model is key Leveraging all stakeholders across the community Cyber security must be embedded across the aviation ecosystem

Presenter

Presentation Notes

Shared Situational Awareness and Collaboration is critical to address the cyber threat to aviation Aviation must - Define the threat, the risk, the boundary on what we need to protect, and the timeliness for responding to the threat Establish a closed, protected forum for industry and government information exchange on emerging cyber threats Establish a governmental and industry framework facilitating a coordinated international cyber security strategies, policies and plans for aviation Establish policy for the near- and long-term development of the cyber domain for aviation

Summary The Trajectory

Trusted environment for anonymized information sharing and collaboration

Shared situational awareness

Focused, actionable intelligence

Global engagement

Greater responsiveness and resilience

Reduced business risk

A Resilient Global Aviation Transportation System

Shared Situational Awareness and Collaboration


Presenter

Presentation Notes


Copyright © 2013 Boeing. All rights reserved.

Thank you!

Contact Information The Trajectory – Safe, Secure, Efficient and Resilient Global Air Transportation System

Faye Francy, Executive Director

[email protected]

703-861-5417

Terrance Kirk, Operations Manager [email protected]

301-346-0715

Douglas Blough, Senior Analyst [email protected]

609-775-8355

Candice Burke, Secretary [email protected]

425-238-1164

Working Together Across the Aviation System For A Resilient Global Aviation Transportation System


Presenter

Presentation Notes


mailto:[email protected]












Industry players join to improve global aviation security Annapolis Junction, MD, September 29, 2014– Private companies in the aviation sector are collaborating to create a means for analyzing and sharing information about physical and cyber security threats across the industry.

Seven airlines and manufacturers have established the Aviation Information Sharing & Analysis Center (A-ISAC), a non-profit organization based in Annapolis Junction, MD. A-ISAC will function as a specialized forum for managing security risks to the aviation industry as well as those encountered by companies directly linked to the broader aviation infrastructure.

A-ISAC will create a framework for government and industry stakeholders to enhance existing intelligence resources through quick and efficient information sharing. The Center also will establish initiatives to improve incident response time to security threats and be active in the development of policies on security, incident response, and information sharing issues.

About A-ISAC - The Aviation Information Sharing & Analysis Center, formed in 2014, is a non-profit and private aviation sector initiative. It was created and developed in conjunction with the Aviation Sector Coordinating Council and members from across the aviation industry. Its primary function is to allow member firms to share timely, relevant and actionable physical and cyber security information and analysis pertaining to threats, vulnerabilities and incidents. The A-ISAC also enables collaboration between member firms and government.

16

A-ISAC Press Release (September, 2014)