SlideShare a Scribd company logo

AVSEC are you flying cybersafe?

Jorge Sebastiao
Jorge Sebastiao

This document discusses cyber risks in modern aviation. It outlines various cyber threats such as hacking into aircraft systems through entertainment systems or exploiting outdated radio systems. The document emphasizes that effective countermeasures require moving beyond outdated security assumptions to approaches like continuous vulnerability management, reputation management, and empowering end users. The goal is achieving total integrated security through approaches like information security management and vertical computer emergency response team integration.

1 of 25
Is your flying CyberSafe? Cyber Risks Of Modern Aviation 10th Oct, Dubai, UAE Jorge Sebastiao, CISSP ICT Security Expert Cloud Practice Leader http://linkedin.com/in/sebastiao/ Twitter: @4jorge
Disclaimer & Copyright • Please note that this presentation is for informational, knowledge sharing and educational purposes only. Any comments or statements made herein do not necessarily reflect the views of Huawei. The information is intended for the recipient's use only and should not be cited, reproduced or distributed to any third party without the prior consent of the authors. Although great care is taken to ensure accuracy of information neither the author, nor Huawei can be held responsible for any decision made on the basis of the information cited. • The content of this presentation is based on information gathered in good faith from both primary and secondary sources and is believed to be correct at the time of publication. The author can however provide no guarantee regarding the accuracy of this content and therefore accepts no liability whatsoever for any actions taken that subsequently prove incorrect. • The practices listed in the document are provided as is and as guidance and the author and Huawei do not claim that these comprise the only practices to be followed. The readers are urged to make informed decisions in their usage. • The information presented in this presentation is not intended to be, and should not be construed as, an offer to sell any products or services or a solicitation of an offer to buy any products or services . Any such offer or sale will be made pursuant to, and the information presented at this meeting is qualified in its entirety by, authorized offering documents and related disclosure schedules or similar disclosure documentation. • All logos and brand names belong to their respective owners and we do not claim any relationship or association, implied or otherwise, with them. • Use of any materials by virtue of relationships and associations, if any, are mentioned explicitly. • Author has taken care to attribute all sources for external materials used in this presentation, and any oversight is regretted. If you, as owner, or as viewer, find any reason to dispute the use of these materials kindly communicate the same to author. • Any omissions, in terms of attribution, may be due to an error of author and not intentional.
Sampling of Cyber Risk Users & Social MediaRadios GPS Drones PRN Legacy Systems
SDR Radios
SDR Intercept - Disrupt
Radios
Taking control Drone GPS
Taking control ADS-B
Drones Risks
Instagram Boarding Passes
PNR
Hack Airplanes though Entertainment system
0 Day Exploits - Guaranteed
Cyberspace CharacteristicsAsymmetric Attribution Problems No Borders Complex Interconnected Systems
Our security enemy is? Security Nightmare
Outdated Assumptions?
Effective Countermeasures
Wrong Skills?
CONSEQUENCE LIKLIEHOOD FV T Risk Group 1 Risk Group 2 Risk Group 3 HighLow L o w H i g h RESPONSE PROTECTION Target Risk Risk Reduction Strategies!
Infosec Knowledge Base Response Build Airport Cyber Security Intelligence Multiple Sources Intel Partners, Vendors, CERT ,… Internal Security Research Internet, Mailing lists and other sources Incidence Response
Road to Security Metrics Security Metrics KPIs, Testing Results CSA Controls, Compliance, Operational, Financial CoBIT SOX ISMS ISO27001 PCI HIPAA Time Based Security ISMS ISO22301 ISMS ISO20000
Final Goal Is Total Integrated Security Information Security Management IoT, Device Security Management
Winning the War Red Teaming Solve Attribution Continuous Vulnerability Mgmt Crowd Sourcing/Bug Bounty Fusing Crisis Management Vertical CERT Integration Encryption Exchange Knowledge Data Leak Prevention Threat Management Reputation Management Big Data Honeynets Machine Learning Sandbox Security Metrics Empower end users Continuous Training Attack / Take down
Don’t bring a knife to gun fight
Jorge Sebastiao, CISSP ICT Security Expert Cloud Practice Leader http://linkedin.com/in/sebastiao/ Twitter: @4jorge

Recommended

Security is broken V3.0
Security is broken V3.0Security is broken V3.0
Security is broken V3.0
Jorge Sebastiao
 
ADIPEC physical and Infosec for Oil and Gas
ADIPEC physical and Infosec for Oil and GasADIPEC physical and Infosec for Oil and Gas
ADIPEC physical and Infosec for Oil and Gas
Jorge Sebastiao
 
Dz hackevent 2019 Middle East Cyberwars V3
Dz hackevent 2019 Middle East Cyberwars V3Dz hackevent 2019 Middle East Cyberwars V3
Dz hackevent 2019 Middle East Cyberwars V3
Jorge Sebastiao
 
Blockchain & cyber security Algeria Version 1.1
Blockchain & cyber security Algeria Version 1.1Blockchain & cyber security Algeria Version 1.1
Blockchain & cyber security Algeria Version 1.1
Jorge Sebastiao
 
Internet Safety & Cyber chip presentation
Internet Safety & Cyber chip presentationInternet Safety & Cyber chip presentation
Internet Safety & Cyber chip presentation
MitchFeigenbaum
 
CYMASS Security Awareness Version 1.2
CYMASS Security Awareness Version 1.2CYMASS Security Awareness Version 1.2
CYMASS Security Awareness Version 1.2
Jorge Sebastiao
 
RTA AI for traffic management version 1.4
RTA AI for traffic management version 1.4RTA AI for traffic management version 1.4
RTA AI for traffic management version 1.4
Jorge Sebastiao
 
Infosec is Broken “did you bring a knife to a gun fight?"
Infosec is Broken “did you bring a knife to a gun fight?"Infosec is Broken “did you bring a knife to a gun fight?"
Infosec is Broken “did you bring a knife to a gun fight?"
Jorge Sebastiao
 

Recommended

Security is broken V3.0
Security is broken V3.0Security is broken V3.0
Security is broken V3.0
Jorge Sebastiao
 
ADIPEC physical and Infosec for Oil and Gas
ADIPEC physical and Infosec for Oil and GasADIPEC physical and Infosec for Oil and Gas
ADIPEC physical and Infosec for Oil and Gas
Jorge Sebastiao
 
Dz hackevent 2019 Middle East Cyberwars V3
Dz hackevent 2019 Middle East Cyberwars V3Dz hackevent 2019 Middle East Cyberwars V3
Dz hackevent 2019 Middle East Cyberwars V3
Jorge Sebastiao
 
Blockchain & cyber security Algeria Version 1.1
Blockchain & cyber security Algeria Version 1.1Blockchain & cyber security Algeria Version 1.1
Blockchain & cyber security Algeria Version 1.1
Jorge Sebastiao
 
Internet Safety & Cyber chip presentation
Internet Safety & Cyber chip presentationInternet Safety & Cyber chip presentation
Internet Safety & Cyber chip presentation
MitchFeigenbaum
 
CYMASS Security Awareness Version 1.2
CYMASS Security Awareness Version 1.2CYMASS Security Awareness Version 1.2
CYMASS Security Awareness Version 1.2
Jorge Sebastiao
 
RTA AI for traffic management version 1.4
RTA AI for traffic management version 1.4RTA AI for traffic management version 1.4
RTA AI for traffic management version 1.4
Jorge Sebastiao
 
Infosec is Broken “did you bring a knife to a gun fight?"
Infosec is Broken “did you bring a knife to a gun fight?"Infosec is Broken “did you bring a knife to a gun fight?"
Infosec is Broken “did you bring a knife to a gun fight?"
Jorge Sebastiao
 
Practical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threatsPractical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threats
Jorge Sebastiao
 
A6 pragmatic journey into cyber security
A6 pragmatic journey into cyber securityA6 pragmatic journey into cyber security
A6 pragmatic journey into cyber security
Jorge Sebastiao
 
Cyber fear obstacles to info sharing-Version 2
Cyber fear obstacles to info sharing-Version 2Cyber fear obstacles to info sharing-Version 2
Cyber fear obstacles to info sharing-Version 2
Jorge Sebastiao
 
Infowarcon2016 Are you ready Middle East Cyberwar updates v30
Infowarcon2016 Are you ready Middle East Cyberwar updates v30Infowarcon2016 Are you ready Middle East Cyberwar updates v30
Infowarcon2016 Are you ready Middle East Cyberwar updates v30
Jorge Sebastiao
 
Datamatix GCC HR future jobs Version 1.3
Datamatix GCC HR future jobs Version 1.3Datamatix GCC HR future jobs Version 1.3
Datamatix GCC HR future jobs Version 1.3
Jorge Sebastiao
 
AI HR and Future Jobs Version 2.1
AI HR and Future Jobs Version 2.1AI HR and Future Jobs Version 2.1
AI HR and Future Jobs Version 2.1
Jorge Sebastiao
 
IGF2017 Data is new oil - UN Internet Governance Forum
IGF2017 Data is new oil - UN Internet Governance ForumIGF2017 Data is new oil - UN Internet Governance Forum
IGF2017 Data is new oil - UN Internet Governance Forum
Jorge Sebastiao
 
Are we ready for IoT? VU Version 7
Are we ready for IoT? VU Version 7Are we ready for IoT? VU Version 7
Are we ready for IoT? VU Version 7
Jorge Sebastiao
 
Cyber Warfare 4TH edition
Cyber Warfare 4TH editionCyber Warfare 4TH edition
Cyber Warfare 4TH edition
Jorge Sebastiao
 
Network Security
Network SecurityNetwork Security
Network Security
United Nations Development Program
 
The Morality of Code - Glen Goodwin, SAS Institute, inc.
The Morality of Code - Glen Goodwin, SAS Institute, inc.The Morality of Code - Glen Goodwin, SAS Institute, inc.
The Morality of Code - Glen Goodwin, SAS Institute, inc.
NodejsFoundation
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 
Holistic Cybersecurity_September 21, 2022_FV.pdf
Holistic Cybersecurity_September 21, 2022_FV.pdfHolistic Cybersecurity_September 21, 2022_FV.pdf
Holistic Cybersecurity_September 21, 2022_FV.pdf
DrDaveChatterjee
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
Liberteks
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
Scott Sutherland
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Investigator insight good and bad habits
Investigator insight good and bad habitsInvestigator insight good and bad habits
Investigator insight good and bad habits
Connie Kesler
 
zero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdfzero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdf
AliAlwesabi
 
Celeno - Smart, Managed Wi-Fi
Celeno - Smart, Managed Wi-FiCeleno - Smart, Managed Wi-Fi
Celeno - Smart, Managed Wi-Fi
Celeno2018
 
Implementing your APIs with zero trust
Implementing your APIs with zero trustImplementing your APIs with zero trust
Implementing your APIs with zero trust
Coforge (Erstwhile WHISHWORKS)
 
Real estate tokenization and blockchain
Real estate tokenization and blockchainReal estate tokenization and blockchain
Real estate tokenization and blockchain
Jorge Sebastiao
 
Blockchain and covid19 v3
Blockchain and covid19 v3Blockchain and covid19 v3
Blockchain and covid19 v3
Jorge Sebastiao
 

More Related Content

Similar to AVSEC are you flying cybersafe?

Practical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threatsPractical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threats
Jorge Sebastiao
 
A6 pragmatic journey into cyber security
A6 pragmatic journey into cyber securityA6 pragmatic journey into cyber security
A6 pragmatic journey into cyber security
Jorge Sebastiao
 
Cyber fear obstacles to info sharing-Version 2
Cyber fear obstacles to info sharing-Version 2Cyber fear obstacles to info sharing-Version 2
Cyber fear obstacles to info sharing-Version 2
Jorge Sebastiao
 
Infowarcon2016 Are you ready Middle East Cyberwar updates v30
Infowarcon2016 Are you ready Middle East Cyberwar updates v30Infowarcon2016 Are you ready Middle East Cyberwar updates v30
Infowarcon2016 Are you ready Middle East Cyberwar updates v30
Jorge Sebastiao
 
Datamatix GCC HR future jobs Version 1.3
Datamatix GCC HR future jobs Version 1.3Datamatix GCC HR future jobs Version 1.3
Datamatix GCC HR future jobs Version 1.3
Jorge Sebastiao
 
AI HR and Future Jobs Version 2.1
AI HR and Future Jobs Version 2.1AI HR and Future Jobs Version 2.1
AI HR and Future Jobs Version 2.1
Jorge Sebastiao
 
IGF2017 Data is new oil - UN Internet Governance Forum
IGF2017 Data is new oil - UN Internet Governance ForumIGF2017 Data is new oil - UN Internet Governance Forum
IGF2017 Data is new oil - UN Internet Governance Forum
Jorge Sebastiao
 
Are we ready for IoT? VU Version 7
Are we ready for IoT? VU Version 7Are we ready for IoT? VU Version 7
Are we ready for IoT? VU Version 7
Jorge Sebastiao
 
Cyber Warfare 4TH edition
Cyber Warfare 4TH editionCyber Warfare 4TH edition
Cyber Warfare 4TH edition
Jorge Sebastiao
 
Network Security
Network SecurityNetwork Security
Network Security
United Nations Development Program
 
The Morality of Code - Glen Goodwin, SAS Institute, inc.
The Morality of Code - Glen Goodwin, SAS Institute, inc.The Morality of Code - Glen Goodwin, SAS Institute, inc.
The Morality of Code - Glen Goodwin, SAS Institute, inc.
NodejsFoundation
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
mdagrossa
 
Holistic Cybersecurity_September 21, 2022_FV.pdf
Holistic Cybersecurity_September 21, 2022_FV.pdfHolistic Cybersecurity_September 21, 2022_FV.pdf
Holistic Cybersecurity_September 21, 2022_FV.pdf
DrDaveChatterjee
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
Liberteks
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
Scott Sutherland
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
Gowdhaman Jothilingam
 
Investigator insight good and bad habits
Investigator insight good and bad habitsInvestigator insight good and bad habits
Investigator insight good and bad habits
Connie Kesler
 
zero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdfzero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdf
AliAlwesabi
 
Celeno - Smart, Managed Wi-Fi
Celeno - Smart, Managed Wi-FiCeleno - Smart, Managed Wi-Fi
Celeno - Smart, Managed Wi-Fi
Celeno2018
 
Implementing your APIs with zero trust
Implementing your APIs with zero trustImplementing your APIs with zero trust
Implementing your APIs with zero trust
Coforge (Erstwhile WHISHWORKS)
 

Similar to AVSEC are you flying cybersafe? (20)

Practical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threatsPractical analytics hands-on to cloud & IoT cyber threats
Practical analytics hands-on to cloud & IoT cyber threats
 
A6 pragmatic journey into cyber security
A6 pragmatic journey into cyber securityA6 pragmatic journey into cyber security
A6 pragmatic journey into cyber security
 
Cyber fear obstacles to info sharing-Version 2
Cyber fear obstacles to info sharing-Version 2Cyber fear obstacles to info sharing-Version 2
Cyber fear obstacles to info sharing-Version 2
 
Infowarcon2016 Are you ready Middle East Cyberwar updates v30
Infowarcon2016 Are you ready Middle East Cyberwar updates v30Infowarcon2016 Are you ready Middle East Cyberwar updates v30
Infowarcon2016 Are you ready Middle East Cyberwar updates v30
 
Datamatix GCC HR future jobs Version 1.3
Datamatix GCC HR future jobs Version 1.3Datamatix GCC HR future jobs Version 1.3
Datamatix GCC HR future jobs Version 1.3
 
AI HR and Future Jobs Version 2.1
AI HR and Future Jobs Version 2.1AI HR and Future Jobs Version 2.1
AI HR and Future Jobs Version 2.1
 
IGF2017 Data is new oil - UN Internet Governance Forum
IGF2017 Data is new oil - UN Internet Governance ForumIGF2017 Data is new oil - UN Internet Governance Forum
IGF2017 Data is new oil - UN Internet Governance Forum
 
Are we ready for IoT? VU Version 7
Are we ready for IoT? VU Version 7Are we ready for IoT? VU Version 7
Are we ready for IoT? VU Version 7
 
Cyber Warfare 4TH edition
Cyber Warfare 4TH editionCyber Warfare 4TH edition
Cyber Warfare 4TH edition
 
Network Security
Network SecurityNetwork Security
Network Security
 
The Morality of Code - Glen Goodwin, SAS Institute, inc.
The Morality of Code - Glen Goodwin, SAS Institute, inc.The Morality of Code - Glen Goodwin, SAS Institute, inc.
The Morality of Code - Glen Goodwin, SAS Institute, inc.
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
Holistic Cybersecurity_September 21, 2022_FV.pdf
Holistic Cybersecurity_September 21, 2022_FV.pdfHolistic Cybersecurity_September 21, 2022_FV.pdf
Holistic Cybersecurity_September 21, 2022_FV.pdf
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Investigator insight good and bad habits
Investigator insight good and bad habitsInvestigator insight good and bad habits
Investigator insight good and bad habits
 
zero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdfzero trust - how to build zero trust.pdf
zero trust - how to build zero trust.pdf
 
Celeno - Smart, Managed Wi-Fi
Celeno - Smart, Managed Wi-FiCeleno - Smart, Managed Wi-Fi
Celeno - Smart, Managed Wi-Fi
 
Implementing your APIs with zero trust
Implementing your APIs with zero trustImplementing your APIs with zero trust
Implementing your APIs with zero trust
 

More from Jorge Sebastiao

Real estate tokenization and blockchain
Real estate tokenization and blockchainReal estate tokenization and blockchain
Real estate tokenization and blockchain
Jorge Sebastiao
 
Blockchain and covid19 v3
Blockchain and covid19 v3Blockchain and covid19 v3
Blockchain and covid19 v3
Jorge Sebastiao
 
Top tech shapping startups
Top tech shapping startupsTop tech shapping startups
Top tech shapping startups
Jorge Sebastiao
 
Blockchain and security v3
Blockchain and security v3Blockchain and security v3
Blockchain and security v3
Jorge Sebastiao
 
The road to blockchain 5.0
The road to blockchain 5.0The road to blockchain 5.0
The road to blockchain 5.0
Jorge Sebastiao
 
How AI is Disrupting Traffic Management in Smart City
How AI is Disrupting Traffic Management in Smart CityHow AI is Disrupting Traffic Management in Smart City
How AI is Disrupting Traffic Management in Smart City
Jorge Sebastiao
 
Ai and traffic management application v1.0
Ai and traffic management application v1.0Ai and traffic management application v1.0
Ai and traffic management application v1.0
Jorge Sebastiao
 
Cyber security crypto blockchain Version 3.2
Cyber security crypto blockchain Version 3.2Cyber security crypto blockchain Version 3.2
Cyber security crypto blockchain Version 3.2
Jorge Sebastiao
 
Togaf Version 9.1 Introduction Overview
Togaf Version 9.1 Introduction OverviewTogaf Version 9.1 Introduction Overview
Togaf Version 9.1 Introduction Overview
Jorge Sebastiao
 
Protecting cloud computing using big data v11
Protecting cloud computing using big data v11Protecting cloud computing using big data v11
Protecting cloud computing using big data v11
Jorge Sebastiao
 
National Cyber Security Crypto Program
National Cyber Security Crypto ProgramNational Cyber Security Crypto Program
National Cyber Security Crypto Program
Jorge Sebastiao
 
Plan Cyber Security Division v11
Plan Cyber Security Division v11Plan Cyber Security Division v11
Plan Cyber Security Division v11
Jorge Sebastiao
 
Manager Services Strategy
Manager Services StrategyManager Services Strategy
Manager Services Strategy
Jorge Sebastiao
 
ICT Cyber Security Forensic`and partnership v14
ICT Cyber Security Forensic`and partnership v14ICT Cyber Security Forensic`and partnership v14
ICT Cyber Security Forensic`and partnership v14
Jorge Sebastiao
 

More from Jorge Sebastiao (14)

Real estate tokenization and blockchain
Real estate tokenization and blockchainReal estate tokenization and blockchain
Real estate tokenization and blockchain
 
Blockchain and covid19 v3
Blockchain and covid19 v3Blockchain and covid19 v3
Blockchain and covid19 v3
 
Top tech shapping startups
Top tech shapping startupsTop tech shapping startups
Top tech shapping startups
 
Blockchain and security v3
Blockchain and security v3Blockchain and security v3
Blockchain and security v3
 
The road to blockchain 5.0
The road to blockchain 5.0The road to blockchain 5.0
The road to blockchain 5.0
 
How AI is Disrupting Traffic Management in Smart City
How AI is Disrupting Traffic Management in Smart CityHow AI is Disrupting Traffic Management in Smart City
How AI is Disrupting Traffic Management in Smart City
 
Ai and traffic management application v1.0
Ai and traffic management application v1.0Ai and traffic management application v1.0
Ai and traffic management application v1.0
 
Cyber security crypto blockchain Version 3.2
Cyber security crypto blockchain Version 3.2Cyber security crypto blockchain Version 3.2
Cyber security crypto blockchain Version 3.2
 
Togaf Version 9.1 Introduction Overview
Togaf Version 9.1 Introduction OverviewTogaf Version 9.1 Introduction Overview
Togaf Version 9.1 Introduction Overview
 
Protecting cloud computing using big data v11
Protecting cloud computing using big data v11Protecting cloud computing using big data v11
Protecting cloud computing using big data v11
 
National Cyber Security Crypto Program
National Cyber Security Crypto ProgramNational Cyber Security Crypto Program
National Cyber Security Crypto Program
 
Plan Cyber Security Division v11
Plan Cyber Security Division v11Plan Cyber Security Division v11
Plan Cyber Security Division v11
 
Manager Services Strategy
Manager Services StrategyManager Services Strategy
Manager Services Strategy
 
ICT Cyber Security Forensic`and partnership v14
ICT Cyber Security Forensic`and partnership v14ICT Cyber Security Forensic`and partnership v14
ICT Cyber Security Forensic`and partnership v14
 

Recently uploaded

Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
Mohammed Sikander
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
tarandeep35
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
Krisztián Száraz
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
chanes7
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
Nguyen Thanh Tu Collection
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Thiyagu K
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
kimdan468
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 

Recently uploaded (20)

Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBCSTRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
STRAND 3 HYGIENIC PRACTICES.pptx GRADE 7 CBC
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 

AVSEC are you flying cybersafe?

  • 1. Is your flying CyberSafe? Cyber Risks Of Modern Aviation 10th Oct, Dubai, UAE Jorge Sebastiao, CISSP ICT Security Expert Cloud Practice Leader http://linkedin.com/in/sebastiao/ Twitter: @4jorge
  • 2. Disclaimer & Copyright • Please note that this presentation is for informational, knowledge sharing and educational purposes only. Any comments or statements made herein do not necessarily reflect the views of Huawei. The information is intended for the recipient's use only and should not be cited, reproduced or distributed to any third party without the prior consent of the authors. Although great care is taken to ensure accuracy of information neither the author, nor Huawei can be held responsible for any decision made on the basis of the information cited. • The content of this presentation is based on information gathered in good faith from both primary and secondary sources and is believed to be correct at the time of publication. The author can however provide no guarantee regarding the accuracy of this content and therefore accepts no liability whatsoever for any actions taken that subsequently prove incorrect. • The practices listed in the document are provided as is and as guidance and the author and Huawei do not claim that these comprise the only practices to be followed. The readers are urged to make informed decisions in their usage. • The information presented in this presentation is not intended to be, and should not be construed as, an offer to sell any products or services or a solicitation of an offer to buy any products or services . Any such offer or sale will be made pursuant to, and the information presented at this meeting is qualified in its entirety by, authorized offering documents and related disclosure schedules or similar disclosure documentation. • All logos and brand names belong to their respective owners and we do not claim any relationship or association, implied or otherwise, with them. • Use of any materials by virtue of relationships and associations, if any, are mentioned explicitly. • Author has taken care to attribute all sources for external materials used in this presentation, and any oversight is regretted. If you, as owner, or as viewer, find any reason to dispute the use of these materials kindly communicate the same to author. • Any omissions, in terms of attribution, may be due to an error of author and not intentional.
  • 3. Sampling of Cyber Risk Users & Social MediaRadios GPS Drones PRN Legacy Systems
  • 5. SDR Intercept - Disrupt
  • 11. PNR
  • 13. 0 Day Exploits - Guaranteed
  • 15. Our security enemy is? Security Nightmare
  • 19. CONSEQUENCE LIKLIEHOOD FV T Risk Group 1 Risk Group 2 Risk Group 3 HighLow L o w H i g h RESPONSE PROTECTION Target Risk Risk Reduction Strategies!
  • 20. Infosec Knowledge Base Response Build Airport Cyber Security Intelligence Multiple Sources Intel Partners, Vendors, CERT ,… Internal Security Research Internet, Mailing lists and other sources Incidence Response
  • 21. Road to Security Metrics Security Metrics KPIs, Testing Results CSA Controls, Compliance, Operational, Financial CoBIT SOX ISMS ISO27001 PCI HIPAA Time Based Security ISMS ISO22301 ISMS ISO20000
  • 22. Final Goal Is Total Integrated Security Information Security Management IoT, Device Security Management
  • 23. Winning the War Red Teaming Solve Attribution Continuous Vulnerability Mgmt Crowd Sourcing/Bug Bounty Fusing Crisis Management Vertical CERT Integration Encryption Exchange Knowledge Data Leak Prevention Threat Management Reputation Management Big Data Honeynets Machine Learning Sandbox Security Metrics Empower end users Continuous Training Attack / Take down
  • 24. Don’t bring a knife to gun fight
  • 25. Jorge Sebastiao, CISSP ICT Security Expert Cloud Practice Leader http://linkedin.com/in/sebastiao/ Twitter: @4jorge