SlideShare a Scribd company logo

Cyber security in_next_gen_air_transportation_system_wo_video

Download as PPTX, PDF
OWASP Delhi
OWASP Delhi

Federal Aviation Administration (FAA) is responsible for overseeing the US National Airspace System, which comprises ATC systems, procedures, facilities, and aircraft, and the people who operate them. FAA is implementing Next Generation Air Transportation System (NextGen) to move the current radar-based air-traffic control (ATC) system to one that is based on satellite navigation and automation. It is essential that FAA ensures effective information-security controls are incorporated in the design of NextGen programs to protect them from threats. This talk discusses the threats FAA faces and the cyber security controls adopted by FAA in implementation of these NextGen Air Transportation System.

Engineering
1 of 27
Cyber Security in NextGen Air Transportation System Dr Vippan Raj Dutt vrdutt@yahoo.com +91-9810297809
Presentation Flow  Introduction  Shortcomings of Existing Systems  NextGen Air Transportation System  NextGen Security Challenges  ATC Information Systems  Aircraft Avionics Systems  Cyber Security Framework for Aviation  Cyber Security Audit of NextGen
Air Transport Industry - Four Partners  Airlines  Ticketing systems  Credit card information  On-board Wi-Fi  Websites  ERP  Airports  Business systems  Airport operation systems  Facilities systems  Terminal and off-site concessions  FAA / DGCA  • Air Traffic control  Aircraft Manufacturers  Avionics  Communication systems
ICT Environment for Aviation
Cyber Threats  ON 7 AUGUST 2015, it was disclosed that the databases of American Airlines (AA) and Sabre Corp., one of the largest clearing houses for travel reservations, were hacked.  On June 21, 2015, LOT Polish Airlines had its flight operations system hacked, resulting in disruption or cancellation of 22 flights. (DDoS attack)  In April, 2015, American security researcher Chris Roberts claims to have accessed flight-critical controls through the in-flight entertainment system  U.S. airport computer and communications systems were among the targets announced by the Tunisian Hackers Team in April 2014.  Miami International Airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattacks.  Istanbul’s Atatürk International Airport had password control systems shut down by what is believed to have been a malware attack resulting in departure delays and extended waiting time for passengers.
Aviation Continuum of Risk
The Sky is Falling ! Next time you are about to board a flight, please consider this  On any given day  More than 85,000 flights are in the skies in the United States  Only 1/3 of those are Commercial Carriers  2/3 are general aviation, private planes  5000 : Average number of aircraft in the skies at any given moment of peak travel time  15,000 : Average number of air traffic controllers required in airport traffic control facilities to guide pilots  Controllers provide Air Navigation Services to aircraft in ALL domestic airspace and to 24.6 million square miles of international oceanic airspace  The flight you’re about to board is 1 of 1,000s of blinking green dots on a radar screen display for busy Air Traffic Controllers, who rely on pilot communication and slips of paper printed from computer terminals to safely coordinate your flight.  1950s : The decade the current Air Traffic Control system was implemented
A Day in the Life of Air Traffic in USA
Shortcomings of the existing ATC system  System handles over 85,000 flights a day on average… all with the best technology the 1950s had to offer.  Technologically, it is outdated and limited in its capabilities.  It relies on ground-based radar for surveillance and navigation, and voice communications to relay instructions between controllers and pilots.  ATC system is slow and cumbersome. These limitations force operational procedures such as separation standards and indirect point-to-point routings that are inefficient because they appropriately put safety first. As civil aviation has grown and become more complex the ATC system has become strained and, in some geographic areas, overwhelmed.
What is NextGen Air Transportation System
NextGen Addresses Critical Needs  Capacity. NextGen will enable more precise spacing of aircraft and flight paths, which will allow FAA to handle safely and efficiently the traffic growth that it forecasts.  Efficiency and Productivity. NextGen will enable more efficient flying by taking full advantage of available and emerging technology.  NextGen will enable: optimized, direct routings between airports; reduced aircraft spacing; continuous descent arrivals, precise arrival and departure routings, and closely spaced approaches on parallel runways in instrument flight rule conditions.  Environmental Benefits, Operational Integrity and Customer Satisfaction, Safety, Scalability  The downside of NextGen technology is the magnitude of air service disruption should the system fail. For example, a computer glitch at an air traffic centre in Virginia caused more than 440 flights to be cancelled along the East Coast of the United States in August 2015. While not a cyberattack, this incident showed the vulnerability of NextGen technology in civil aviation.
Components of NextGen Program
Potential NextGen Vulnerabilities  NextGen rely on satellite-based aircraft navigation and tracking and digital voice and data communications between controllers and pilots, tied together using an integrated information management network called SWIM. This high degree of interconnectivity and access by both FAA employees and airspace users is expected to increase the capacity of the air traffic control system and improve safety, but it raises significant cybersecurity concerns.  The backbone of NextGen is a technology called Automated Dependent Surveillance-Broadcast, or ADS-B, which is slated to replace radar as the primary means of tracking and monitoring aircraft. ADS-B is inherently vulnerable to hacking, jamming, signal flooding, and spoofing because of its open architecture and unencrypted signals. Government Accountability Office (GAO) cautioned that FAA's current approach to cybersecurity does not adequately address the interdependencies between aircraft and air traffic systems, and consequently may hinder efforts to develop a comprehensive and coordinated strategy.  GAO recommended that FAA develop a comprehensive cybersecurity threat model, better clarify cybersecurity roles and responsibilities, improve management security controls and contractor oversight, and fully incorporate National Institute of Standards and Technology (NIST) information security guidance throughout the system life cycle.
NextGen Cybersecurity Challenges  Protecting air-traffic control (ATC) information systems  July 2012: ADS-B hack: a security researcher demonstrated how easily an air traffic control tower could be manipulated.  Ruben Santamarta – 2014 Backdoors and remote control of SatCom Military & Civil Aviation radios http://bit.ly/SatComHack (Paper)  Protecting aircraft avionics used to operate and guide aircraft  Chris Roberts – 2015 Manipulation of Flight Controls via under-seat entertainment unit http://bit.ly/EICASHack (Reuters)  Hugo Teso – 2013 Remote manipulation of Flight Management System through ACARS http://bit.ly/FMSHack (Forbes)
ATC Information Systems
Cybersecurity Challenges to Protect ATC Information Systems • ATC-related information systems are currently a mixture of old, legacy systems and new, IP-networked systems. • New information systems for NextGen programs are designed to interoperate with other systems and use IP networking to communicate • New Networking Technologies Expose ATC Systems to New Cybersecurity Risks • If one system connected to an IP network is compromised, damage can potentially spread to other systems on the network, continually expanding the parts of the system at risk. • FAA Is Designing and Deploying an Enterprise Approach Intended to Strengthen the Cybersecurity of Its Information Systems
Aircraft Avionics Systems
Cyber Security Risks to Aircraft Avionics  IP networking may allow an attacker to gain remote access to avionics systems and compromise them  If the cabin systems connect to the cockpit avionics systems (e.g., share the same physical wiring harness or router) and use the same networking platform, in this case IP, a user could subvert the firewall and access the cockpit avionics system from the cabin  The presence of personal smartphones and tablets in the cockpit increases the risk of a system’s being compromised by trusted insiders, both malicious and non-malicious, if these devices have the capability to transmit information to aircraft avionics systems  The second source of the problem can come from the internet, since the aircrafts use IP protocols like anyone, meaning that can make the aircraft vulnerable for instance for a hacker to be able to install malware  FAA yet to develop new regulations to certify cybersecurity assurance for avionics systems
Cybersecurity framework for Aviation  Establish common cyber standards for aviation systems  Establish a cybersecurity culture  Understand the threat  Understand the risk  Communicate the threats and assure situational awareness  Provide incident response  Strengthen the defensive system  Define design principles  Define operational principles  Conduct necessary research and development  Ensure that government and industry work together
FAA’s Acquisition Life Cycle
Aviation Continuum of Risk Mitigation
Cyber Security Audit of NextGen  Performance Audit conducted by GAO from Sept 2013 to March 2015  Two key NextGen components, SBSS and Data Comm audited  While FAA has integrated six activities into the AMS lifecycle, audit revealed instances in which some of these activities were not completed properly or were completed in an untimely manner  SBSS was deployed in 2008 with weaknesses in the program’s intrusion detection system, a shortcoming that was still unresolved as of early 2015.  Of 26 SBSS Problem Tickets that were completed during 2014, 25 were at least 6 months late, and 12 of these were more than 1 year late.  As Data Comm is still under development, its security requirements and selected controls continue to evolve. As of October 2014, Data Comm had included approximately 60 percent of the more than 250 controls listed in the third version of the NIST 800-53 guidelines  Delays in adopting the latest standards extend the amount of time that system security requirements may not adequately mitigate system exposure to the newest threats
Security Activity’s Progress
Cyber Security Standards used by Aviation  ISO/IEC 27000 to 27006— Information security management systems  NIST Special Publication 800-53 — Recommended Security Controls for Federal Information Systems and Organizations  DO-236 Security Assurance and Assessment Processes for Safety-related Aircraft Systems  ICAO Annex 17- Security  ICAO Document 9985- Air Traffic Management Security Manual  NIST SP800-30 — Risk Management Guide for Information Technology Systems  NIST SP800-53 — Information Security  NIST SP800-82 — Guide to Industrial Control Systems (ICS) Security  RTCA DO160 – Environmental Conditions and Test Procedures for Airborne Equipment  RTCA DO178 – Software Considerations in Airborne Systems and Equipment Certification  RTCA DO-254 – Design Assurance Guidance for Airborne Electronic Hardware  RTCA DO-233 – Portable Electronic Devices Carried on Board Aircraft
Glossary  ACARS : Aircraft Communications Addressing and Reporting System  ADS-B : Automatic Dependent Surveillance-- ‐Broadcast  ATC : Air Traffic Control  FAA : Federal Aviation Administration  NIST : National Institute of Standards and Technology
Any Queries
Thank You

Recommended

Cyber Security in Civil Aviation
Cyber Security in Civil AviationCyber Security in Civil Aviation
Cyber Security in Civil Aviation
Network Intelligence India
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Operational Security
Operational SecurityOperational Security
Operational Security
Splunk
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
Graham Mann
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 

Recommended

Cyber Security in Civil Aviation
Cyber Security in Civil AviationCyber Security in Civil Aviation
Cyber Security in Civil Aviation
Network Intelligence India
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Operational Security
Operational SecurityOperational Security
Operational Security
Splunk
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
Graham Mann
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
Radar Cyber Security
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
Amir Hossein Zargaran
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
Sibghatullah Khattak
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
The Concept of Network Centric Warfare feat. India
The Concept of Network Centric Warfare feat. IndiaThe Concept of Network Centric Warfare feat. India
The Concept of Network Centric Warfare feat. India
Subhasis Hazra
 
NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in Depth
North Texas Chapter of the ISSA
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
Schneider Electric
 
Soc
SocSoc
Soc
Mukesh Chaudhari
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
Network Centric Warfare - An Introduction
Network Centric Warfare - An IntroductionNetwork Centric Warfare - An Introduction
Network Centric Warfare - An Introduction
D.A. Mohan
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Sirius
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
Netpluz Asia Pte Ltd
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
OWASP Delhi
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
DexterJanPineda
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
Ahmed Habib
 
Cyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesCyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation Slides
SlideTeam
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Cybersecurity - Dominic Nessi, Former CIO, Los Angeles World Airports
Cybersecurity - Dominic Nessi, Former CIO, Los Angeles World AirportsCybersecurity - Dominic Nessi, Former CIO, Los Angeles World Airports
Cybersecurity - Dominic Nessi, Former CIO, Los Angeles World Airports
SITA
 
Cyber Security in Transportation
Cyber Security in TransportationCyber Security in Transportation
Cyber Security in Transportation
Oren Elimelech
 

More Related Content

What's hot

NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in Depth
North Texas Chapter of the ISSA
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
Schneider Electric
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Sirius
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 

What's hot (20)

Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
The Concept of Network Centric Warfare feat. India
The Concept of Network Centric Warfare feat. IndiaThe Concept of Network Centric Warfare feat. India
The Concept of Network Centric Warfare feat. India
 
NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in Depth
 
Cyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutionsCyber security: A roadmap to secure solutions
Cyber security: A roadmap to secure solutions
 
Soc
SocSoc
Soc
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
Network Centric Warfare - An Introduction
Network Centric Warfare - An IntroductionNetwork Centric Warfare - An Introduction
Network Centric Warfare - An Introduction
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service Netpluz Managed SOC - MSS Service
Netpluz Managed SOC - MSS Service
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
 
Cyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesCyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation Slides
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 

Viewers also liked

Managing aircraft security january 2013 fast_51
Managing aircraft security january 2013 fast_51Managing aircraft security january 2013 fast_51
Managing aircraft security january 2013 fast_51
fEngel
 
Smart & Secure City Solutions by Rupinder Singh
Smart & Secure City Solutions by Rupinder SinghSmart & Secure City Solutions by Rupinder Singh
Smart & Secure City Solutions by Rupinder Singh
IPPAI
 

Viewers also liked (20)

Cybersecurity - Dominic Nessi, Former CIO, Los Angeles World Airports
Cybersecurity - Dominic Nessi, Former CIO, Los Angeles World AirportsCybersecurity - Dominic Nessi, Former CIO, Los Angeles World Airports
Cybersecurity - Dominic Nessi, Former CIO, Los Angeles World Airports
 
Cyber Security in Transportation
Cyber Security in TransportationCyber Security in Transportation
Cyber Security in Transportation
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Sicurezza Integrata Dedagroup
Sicurezza Integrata DedagroupSicurezza Integrata Dedagroup
Sicurezza Integrata Dedagroup
 
Managing aircraft security january 2013 fast_51
Managing aircraft security january 2013 fast_51Managing aircraft security january 2013 fast_51
Managing aircraft security january 2013 fast_51
 
La (cyber) security ha bisogno di norme
La (cyber) security ha bisogno di normeLa (cyber) security ha bisogno di norme
La (cyber) security ha bisogno di norme
 
Cybersecurity in the sky
Cybersecurity in the skyCybersecurity in the sky
Cybersecurity in the sky
 
What is SCADA system? SCADA Solutions for IoT
What is SCADA system? SCADA Solutions for IoTWhat is SCADA system? SCADA Solutions for IoT
What is SCADA system? SCADA Solutions for IoT
 
CERT Certification
CERT CertificationCERT Certification
CERT Certification
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
 
Wpa2 psk security measure
Wpa2 psk security measureWpa2 psk security measure
Wpa2 psk security measure
 
2015 Aerospace & Defense Market Survey
2015 Aerospace & Defense Market Survey2015 Aerospace & Defense Market Survey
2015 Aerospace & Defense Market Survey
 
Cns and security (airport authority of india)
Cns and security (airport authority of india)Cns and security (airport authority of india)
Cns and security (airport authority of india)
 
Business Values for IoT Solutions
Business Values for IoT SolutionsBusiness Values for IoT Solutions
Business Values for IoT Solutions
 
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
Economics Of Networks - Rod Beckstrom, National Cybersecurity Center, Departm...
 
Introduction to airline networks
Introduction to airline networksIntroduction to airline networks
Introduction to airline networks
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirt
 
Meetup intro techno big data
Meetup intro techno big dataMeetup intro techno big data
Meetup intro techno big data
 
SABSA overview
SABSA overviewSABSA overview
SABSA overview
 
Smart & Secure City Solutions by Rupinder Singh
Smart & Secure City Solutions by Rupinder SinghSmart & Secure City Solutions by Rupinder Singh
Smart & Secure City Solutions by Rupinder Singh
 

Similar to Cyber security in_next_gen_air_transportation_system_wo_video

cyber security-in_civil_aviation_2012 august_CPNI
cyber security-in_civil_aviation_2012 august_CPNIcyber security-in_civil_aviation_2012 august_CPNI
cyber security-in_civil_aviation_2012 august_CPNI
fEngel
 
Cost of dependency on TCPIP based Aircrafts
Cost of dependency on TCPIP based AircraftsCost of dependency on TCPIP based Aircrafts
Cost of dependency on TCPIP based Aircrafts
Ambreen Zafar
 
Adv_Low_Vis_Tech_B_English
Adv_Low_Vis_Tech_B_EnglishAdv_Low_Vis_Tech_B_English
Adv_Low_Vis_Tech_B_English
Brian O'Donnell
 
DOC245-20240219-WA0000_240219_090212.pdf
DOC245-20240219-WA0000_240219_090212.pdfDOC245-20240219-WA0000_240219_090212.pdf
DOC245-20240219-WA0000_240219_090212.pdf
ShaizaanKhan
 
Connected Aircraft White Paper Aug 2015
Connected Aircraft White Paper Aug 2015Connected Aircraft White Paper Aug 2015
Connected Aircraft White Paper Aug 2015
Josh Marks
 
AVSS & The Institute for Drone Technology™ joint report government regulation...
AVSS & The Institute for Drone Technology™ joint report government regulation...AVSS & The Institute for Drone Technology™ joint report government regulation...
AVSS & The Institute for Drone Technology™ joint report government regulation...
Paul New
 

Similar to Cyber security in_next_gen_air_transportation_system_wo_video (20)

cyber security-in_civil_aviation_2012 august_CPNI
cyber security-in_civil_aviation_2012 august_CPNIcyber security-in_civil_aviation_2012 august_CPNI
cyber security-in_civil_aviation_2012 august_CPNI
 
Us in-flight-wi-fi-internet-could-be-hacked-warns-federal-watchdog-agency
Us in-flight-wi-fi-internet-could-be-hacked-warns-federal-watchdog-agencyUs in-flight-wi-fi-internet-could-be-hacked-warns-federal-watchdog-agency
Us in-flight-wi-fi-internet-could-be-hacked-warns-federal-watchdog-agency
 
Gao report
Gao reportGao report
Gao report
 
Nextgen
NextgenNextgen
Nextgen
 
Application of it in the airlines sector
Application of it in the airlines sectorApplication of it in the airlines sector
Application of it in the airlines sector
 
0503 al achkar-jabbour_lebanese_univ_rev
0503 al achkar-jabbour_lebanese_univ_rev0503 al achkar-jabbour_lebanese_univ_rev
0503 al achkar-jabbour_lebanese_univ_rev
 
Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Conne...
Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Conne...Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Conne...
Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Conne...
 
Cost of dependency on TCPIP based Aircrafts
Cost of dependency on TCPIP based AircraftsCost of dependency on TCPIP based Aircrafts
Cost of dependency on TCPIP based Aircrafts
 
Air Traffic Control Database Management System for Seamless Transit
Air Traffic Control Database Management System for Seamless TransitAir Traffic Control Database Management System for Seamless Transit
Air Traffic Control Database Management System for Seamless Transit
 
municipal_drones_FINAL
municipal_drones_FINALmunicipal_drones_FINAL
municipal_drones_FINAL
 
Adv_Low_Vis_Tech_B_English
Adv_Low_Vis_Tech_B_EnglishAdv_Low_Vis_Tech_B_English
Adv_Low_Vis_Tech_B_English
 
Database management for Secured operation of Aircraft by Bikram Kumar Sinha, ...
Database management for Secured operation of Aircraft by Bikram Kumar Sinha, ...Database management for Secured operation of Aircraft by Bikram Kumar Sinha, ...
Database management for Secured operation of Aircraft by Bikram Kumar Sinha, ...
 
Hard landing predection
Hard landing predectionHard landing predection
Hard landing predection
 
DOC245-20240219-WA0000_240219_090212.pdf
DOC245-20240219-WA0000_240219_090212.pdfDOC245-20240219-WA0000_240219_090212.pdf
DOC245-20240219-WA0000_240219_090212.pdf
 
Foqa good one
Foqa good oneFoqa good one
Foqa good one
 
Connected Aircraft White Paper Aug 2015
Connected Aircraft White Paper Aug 2015Connected Aircraft White Paper Aug 2015
Connected Aircraft White Paper Aug 2015
 
Navigating the Skies: Challenges and Opportunities in Air Traffic Management
Navigating the Skies: Challenges and Opportunities in Air Traffic ManagementNavigating the Skies: Challenges and Opportunities in Air Traffic Management
Navigating the Skies: Challenges and Opportunities in Air Traffic Management
 
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaEvolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
 
AVSS & The Institute for Drone Technology™ joint report government regulation...
AVSS & The Institute for Drone Technology™ joint report government regulation...AVSS & The Institute for Drone Technology™ joint report government regulation...
AVSS & The Institute for Drone Technology™ joint report government regulation...
 
Aircraft safety-systems-in-the-spotlight-thematic-report
Aircraft safety-systems-in-the-spotlight-thematic-reportAircraft safety-systems-in-the-spotlight-thematic-report
Aircraft safety-systems-in-the-spotlight-thematic-report
 

More from OWASP Delhi

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
OWASP Delhi
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using Terraform
OWASP Delhi
 

More from OWASP Delhi (20)

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeover
 
Effective Cyber Security Report Writing
Effective Cyber Security Report WritingEffective Cyber Security Report Writing
Effective Cyber Security Report Writing
 
Data sniffing over Air Gap
Data sniffing over Air GapData sniffing over Air Gap
Data sniffing over Air Gap
 
UDP Hunter
UDP HunterUDP Hunter
UDP Hunter
 
Demystifying Container Escapes
Demystifying Container EscapesDemystifying Container Escapes
Demystifying Container Escapes
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using Terraform
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
 
DMARC Overview
DMARC OverviewDMARC Overview
DMARC Overview
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash Goel
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraIETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit Batra
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
 
Hostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit PrateekHostile Subdomain Takeover by Ankit Prateek
Hostile Subdomain Takeover by Ankit Prateek
 

Recently uploaded

AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
ankushspencer015
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
ranjana rawat
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur High Profile
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
ranjana rawat
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
ranjana rawat
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
roncy bisnoi
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
rknatarajan
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Christo Ananth
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Call Girls in Nagpur High Profile
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur High Profile
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur High Profile
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 

Recently uploaded (20)

AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 

Cyber security in_next_gen_air_transportation_system_wo_video

  • 1. Cyber Security in NextGen Air Transportation System Dr Vippan Raj Dutt vrdutt@yahoo.com +91-9810297809
  • 2. Presentation Flow  Introduction  Shortcomings of Existing Systems  NextGen Air Transportation System  NextGen Security Challenges  ATC Information Systems  Aircraft Avionics Systems  Cyber Security Framework for Aviation  Cyber Security Audit of NextGen
  • 3. Air Transport Industry - Four Partners  Airlines  Ticketing systems  Credit card information  On-board Wi-Fi  Websites  ERP  Airports  Business systems  Airport operation systems  Facilities systems  Terminal and off-site concessions  FAA / DGCA  • Air Traffic control  Aircraft Manufacturers  Avionics  Communication systems
  • 5. Cyber Threats  ON 7 AUGUST 2015, it was disclosed that the databases of American Airlines (AA) and Sabre Corp., one of the largest clearing houses for travel reservations, were hacked.  On June 21, 2015, LOT Polish Airlines had its flight operations system hacked, resulting in disruption or cancellation of 22 flights. (DDoS attack)  In April, 2015, American security researcher Chris Roberts claims to have accessed flight-critical controls through the in-flight entertainment system  U.S. airport computer and communications systems were among the targets announced by the Tunisian Hackers Team in April 2014.  Miami International Airport (MIA) has experienced almost 20,000 hack attempts per day before investing in training, education, and new hardware to protect itself from cyberattacks.  Istanbul’s Atatürk International Airport had password control systems shut down by what is believed to have been a malware attack resulting in departure delays and extended waiting time for passengers.
  • 7. The Sky is Falling ! Next time you are about to board a flight, please consider this  On any given day  More than 85,000 flights are in the skies in the United States  Only 1/3 of those are Commercial Carriers  2/3 are general aviation, private planes  5000 : Average number of aircraft in the skies at any given moment of peak travel time  15,000 : Average number of air traffic controllers required in airport traffic control facilities to guide pilots  Controllers provide Air Navigation Services to aircraft in ALL domestic airspace and to 24.6 million square miles of international oceanic airspace  The flight you’re about to board is 1 of 1,000s of blinking green dots on a radar screen display for busy Air Traffic Controllers, who rely on pilot communication and slips of paper printed from computer terminals to safely coordinate your flight.  1950s : The decade the current Air Traffic Control system was implemented
  • 8. A Day in the Life of Air Traffic in USA
  • 9. Shortcomings of the existing ATC system  System handles over 85,000 flights a day on average… all with the best technology the 1950s had to offer.  Technologically, it is outdated and limited in its capabilities.  It relies on ground-based radar for surveillance and navigation, and voice communications to relay instructions between controllers and pilots.  ATC system is slow and cumbersome. These limitations force operational procedures such as separation standards and indirect point-to-point routings that are inefficient because they appropriately put safety first. As civil aviation has grown and become more complex the ATC system has become strained and, in some geographic areas, overwhelmed.
  • 10. What is NextGen Air Transportation System
  • 11. NextGen Addresses Critical Needs  Capacity. NextGen will enable more precise spacing of aircraft and flight paths, which will allow FAA to handle safely and efficiently the traffic growth that it forecasts.  Efficiency and Productivity. NextGen will enable more efficient flying by taking full advantage of available and emerging technology.  NextGen will enable: optimized, direct routings between airports; reduced aircraft spacing; continuous descent arrivals, precise arrival and departure routings, and closely spaced approaches on parallel runways in instrument flight rule conditions.  Environmental Benefits, Operational Integrity and Customer Satisfaction, Safety, Scalability  The downside of NextGen technology is the magnitude of air service disruption should the system fail. For example, a computer glitch at an air traffic centre in Virginia caused more than 440 flights to be cancelled along the East Coast of the United States in August 2015. While not a cyberattack, this incident showed the vulnerability of NextGen technology in civil aviation.
  • 13. Potential NextGen Vulnerabilities  NextGen rely on satellite-based aircraft navigation and tracking and digital voice and data communications between controllers and pilots, tied together using an integrated information management network called SWIM. This high degree of interconnectivity and access by both FAA employees and airspace users is expected to increase the capacity of the air traffic control system and improve safety, but it raises significant cybersecurity concerns.  The backbone of NextGen is a technology called Automated Dependent Surveillance-Broadcast, or ADS-B, which is slated to replace radar as the primary means of tracking and monitoring aircraft. ADS-B is inherently vulnerable to hacking, jamming, signal flooding, and spoofing because of its open architecture and unencrypted signals. Government Accountability Office (GAO) cautioned that FAA's current approach to cybersecurity does not adequately address the interdependencies between aircraft and air traffic systems, and consequently may hinder efforts to develop a comprehensive and coordinated strategy.  GAO recommended that FAA develop a comprehensive cybersecurity threat model, better clarify cybersecurity roles and responsibilities, improve management security controls and contractor oversight, and fully incorporate National Institute of Standards and Technology (NIST) information security guidance throughout the system life cycle.
  • 14. NextGen Cybersecurity Challenges  Protecting air-traffic control (ATC) information systems  July 2012: ADS-B hack: a security researcher demonstrated how easily an air traffic control tower could be manipulated.  Ruben Santamarta – 2014 Backdoors and remote control of SatCom Military & Civil Aviation radios http://bit.ly/SatComHack (Paper)  Protecting aircraft avionics used to operate and guide aircraft  Chris Roberts – 2015 Manipulation of Flight Controls via under-seat entertainment unit http://bit.ly/EICASHack (Reuters)  Hugo Teso – 2013 Remote manipulation of Flight Management System through ACARS http://bit.ly/FMSHack (Forbes)
  • 16. Cybersecurity Challenges to Protect ATC Information Systems • ATC-related information systems are currently a mixture of old, legacy systems and new, IP-networked systems. • New information systems for NextGen programs are designed to interoperate with other systems and use IP networking to communicate • New Networking Technologies Expose ATC Systems to New Cybersecurity Risks • If one system connected to an IP network is compromised, damage can potentially spread to other systems on the network, continually expanding the parts of the system at risk. • FAA Is Designing and Deploying an Enterprise Approach Intended to Strengthen the Cybersecurity of Its Information Systems
  • 18. Cyber Security Risks to Aircraft Avionics  IP networking may allow an attacker to gain remote access to avionics systems and compromise them  If the cabin systems connect to the cockpit avionics systems (e.g., share the same physical wiring harness or router) and use the same networking platform, in this case IP, a user could subvert the firewall and access the cockpit avionics system from the cabin  The presence of personal smartphones and tablets in the cockpit increases the risk of a system’s being compromised by trusted insiders, both malicious and non-malicious, if these devices have the capability to transmit information to aircraft avionics systems  The second source of the problem can come from the internet, since the aircrafts use IP protocols like anyone, meaning that can make the aircraft vulnerable for instance for a hacker to be able to install malware  FAA yet to develop new regulations to certify cybersecurity assurance for avionics systems
  • 19. Cybersecurity framework for Aviation  Establish common cyber standards for aviation systems  Establish a cybersecurity culture  Understand the threat  Understand the risk  Communicate the threats and assure situational awareness  Provide incident response  Strengthen the defensive system  Define design principles  Define operational principles  Conduct necessary research and development  Ensure that government and industry work together
  • 21. Aviation Continuum of Risk Mitigation
  • 22. Cyber Security Audit of NextGen  Performance Audit conducted by GAO from Sept 2013 to March 2015  Two key NextGen components, SBSS and Data Comm audited  While FAA has integrated six activities into the AMS lifecycle, audit revealed instances in which some of these activities were not completed properly or were completed in an untimely manner  SBSS was deployed in 2008 with weaknesses in the program’s intrusion detection system, a shortcoming that was still unresolved as of early 2015.  Of 26 SBSS Problem Tickets that were completed during 2014, 25 were at least 6 months late, and 12 of these were more than 1 year late.  As Data Comm is still under development, its security requirements and selected controls continue to evolve. As of October 2014, Data Comm had included approximately 60 percent of the more than 250 controls listed in the third version of the NIST 800-53 guidelines  Delays in adopting the latest standards extend the amount of time that system security requirements may not adequately mitigate system exposure to the newest threats
  • 24. Cyber Security Standards used by Aviation  ISO/IEC 27000 to 27006— Information security management systems  NIST Special Publication 800-53 — Recommended Security Controls for Federal Information Systems and Organizations  DO-236 Security Assurance and Assessment Processes for Safety-related Aircraft Systems  ICAO Annex 17- Security  ICAO Document 9985- Air Traffic Management Security Manual  NIST SP800-30 — Risk Management Guide for Information Technology Systems  NIST SP800-53 — Information Security  NIST SP800-82 — Guide to Industrial Control Systems (ICS) Security  RTCA DO160 – Environmental Conditions and Test Procedures for Airborne Equipment  RTCA DO178 – Software Considerations in Airborne Systems and Equipment Certification  RTCA DO-254 – Design Assurance Guidance for Airborne Electronic Hardware  RTCA DO-233 – Portable Electronic Devices Carried on Board Aircraft
  • 25. Glossary  ACARS : Aircraft Communications Addressing and Reporting System  ADS-B : Automatic Dependent Surveillance-- ‐Broadcast  ATC : Air Traffic Control  FAA : Federal Aviation Administration  NIST : National Institute of Standards and Technology