Airport security 2013 john mc carthy


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Airport security 2013 john mc carthy

  1. 1. Creating and Using an Airport Threats Analysis Framework Dr John McCarthy ServiceTec Research Fellow Cranfield University / UK Defence Academy
  2. 2. Creating an Airport Threat Analysis Framework Dr John McCarthy Ph.D. B.Sc. (hons) MBCS Vice President of Cyber Security ServiceTec International Inc./ServiceTec Research Fellow at Cranfield University / UK Defence Academy
  3. 3. Partners Cyber-Physical Systems Research Centre based at Cranfield and sponsored by ServiceTec Centre for the Protection of National Infrastructures University of Nebraska Federal Aviation Authority Joint Information Operations Warfare Centre, Vulnerability Assessment Branch (JVAB) USA
  4. 4. What is it? A means of measuring an airports capability to resist and recover from cyber-attack – on going research
  5. 5. The problem There is no question that the whole arena of cyber attacks, developing technologies in the information area represent potential battlefronts for the future. I have often said that there is a strong likelihood that the next Pearl Harbor that we confront could very well be a cyber attack that cripples our power systems, our grid, our security systems, our financial systems, our governmental systems Defense Secretary Panetta 2011
  6. 6. The problem – Not just standard ITSCADA systems BYOD Electronic boarding passes Common Use IT systems with multiple users on multiple machines Social engineers to take advantage of high staff turnover and a busy environment to access IT systems
  7. 7. Shared Systems CUPPS
  8. 8. The ProblemTo emphasize this, Bob Cheong, Chief Information Security Officer of the Los Angeles Airport, report that a variety of cyber-attacks in Los Angeles have occurred in the last several years:  there were over 6,400 attempts to hack into a new file server two days after it was deployed;  In a one-year period, nearly 59,000 Internet misuse and abuse attempts were blocked;  Finally, in that same one-year period, 2.9 million hacking attempts were blocked
  9. 9. The problem – Not just standard IT• To add to the problem cyber security policies are deployed and acted upon during ICT stasis. As airports rapidly expand ICT systems may be in a state of flux • The earlier work by the authors has shown that this is when they are at their most vulnerable
  10. 10. Who is the enemy? • Cyber terrorist • Hacktivists • Cyber criminals • Organized crime • Disgruntled employees • Kiddies • Foreign governments
  11. 11. Dom Nessi In October of 2011, Dom Nessi delivered an address to the Airports Council International of North America outlining the cyber security threats facing airports, the potential vectors that might be used in an attack, and tactics for securing known
  12. 12. Dom Nessi • Amongst Nessi’s threats were several that were focused on external airport operations, such as: • external airport or airline websites • concession point-of-sale • credit card transaction information • passenger’s wireless devices.
  13. 13. Dom Nessi However, the overall impact of cyber- attacks on systems external to airport operations is small when compared to attacks on systems required to perform internal airport operations. Nessi points out several potential targets within this realm, including: access control and perimeter intrusion systems eEnabled aircraft systems radar systems
  14. 14. SCADA - Historical problems Supervisory Control And Data Acquisition (SCADA) systems act as the hidden computer equipment behind large infrastructures that are essential to maintaining the quality of our life. These infrastructures include electrical power grids, water purification and delivery, gas, and other utilities, as well as trains and transportation systems. Legacy SCADA systems, planned and implemented possibly decades ago, were
  15. 15. Why is Security an issue for SCADA? The SCADA environment is different:  SCADA computations and logic have a direct affect on the physical world  Safety and efficiency sometimes conflict with security in the design and operation of control systems  Ordered list of security expectations from SCADA 1. availability 2. integrity 3. confidentiality
  16. 16. 16 The Empire State Building and midtown New York City are shown during the 2003 blackout. Photo)
  17. 17. SCADA Attacks A water treatment plant near Harrisburg, PA was attacked. The hacker planted malicious software into the control systems and could potentially have altered or stopped the operation of the treatment plant The water treatment facility in Queensland’s was accessed by a disgruntled past employee named who used a wireless connection into the
  18. 18. An Examination of a Major Hub AirportExamining a major hub airport in North America the critical driver for increased security has been the implementation of Payment Card Industry (PCI) compliance regulations for secure credit card transactions. PCI has forced many airports to upgrade and improve security measures or face the loss of revenue
  19. 19. An Examination of a Major Hub Airport• There was also a widely held belief that the SCADA systems in the airport were isolated from the main IT backbone. Often the car parking and baggage control systems were separated from the main IT network by hardware firewalls. • These firewalls were “assumed” secure by IT staff and it was often unclear who had responsibly for the managing and configuration of these firewalls. • Additional services could be added to the network without all relevant IT staff being aware of the changes. • There appeared to be no overarching group or committee that had a direct focus on cyber security measures. • Security measures were left in multiple hands and ad hoc systems were assumed isolated due to previous hardware and software configurations without ongoing checks and testing.
  20. 20. Towards a Solution Mainstream Cyber Security measures are often focused on the traditional elements of an IT network and will therefore fall short of fully understanding the cyber needs of an airport A more holistic approach is needed that encompasses wider elements of the airport’s infrastructure
  21. 21. Towards a Solution Nessi’s assessment settles on four components within an airport that are vulnerable to cyber attack, each “require a different approach to security: the network the device the application and the back-end system
  22. 22. Towards a Solution • “social engineering awareness” campaigns educating staff on proper use of software, hardware and access points and potential exploits that expose human error and provide access to unauthorized persons; • performing penetration testing by both those with internal access and
  23. 23. Towards a solution Full inter agency dialogue A no “blame culture” about cyber attacks Banishing the idea of “us and them” Large airports are “safer” Smaller ones can swim on there own and are not as important Every plane that takes off lands, all
  24. 24. Playing Dirty - A Red Team Strike • The red team’s job is straightforward: seek and destroy. A red teamer will use every tool available to compromise a target network and tear down a blue team’s defenses, with the ultimate goal of taking control of one or more critical systems in order to spy, sabotage, or destroy.
  25. 25. Heathrow Dependency ModellingTo fully understand how all the systems work together we need to create a dependency model – what happens when? We are undertaking this research with the Centre for the Protection of National Infrastructures at Heathrow Unless we fully understand how our
  26. 26. Risk Management really is a matter of life or Death! 19/10/2011 26Bow Ties and Incidents
  27. 27. How to Manage my Risk? I’ve done this often before Will my boss/shareholders support me if ..…? I want to be safe Is it different from usual? save timesave ££££ I like to do a good job be safe I want the business to succeed I am judged on…. Does doing this feel right? 19/10/2011 27
  28. 28. Our aim from a traditional military viewpoint
  29. 29. A Multi Agency Approach • Many agencies and governments favour a multi-lateral approach to solving cyber security. • Thus any analysis framework must be undertaken from a multi- agency perspective. • To ignore this perspective may allow cyber threats to go
  30. 30. How do we achieve this across multiple agencies, disciplines and even countries? • Tough challenge • Will we need a cyber Perl Harbor before we react? • Raised more questions than answers • Would you like to get involved?
  31. 31. “ ” I have often said that there is a strong likelihood that the next Pearl Harbor that we confront could very well be a cyber attack that cripples our power systems, our grid, our security systems, our financial systems, our governmental systems Defense Secretary Panetta 2011 Email: Airport Cyber Security Podcast