2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

Transcription

1 2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat Faye Francy Aviation ISAC February 2015

2 Company Organization Corporate Defense, Space & Security Boeing Capital Corporation Engineering, Operations & Technology Shared Services Group Commercial Airplanes R&D, BTE & IT Founded in 1916 in Seattle Became a leading producer of military and commercial airplanes

3 T&E Approach Testing Early interaction with design teams (validate requirements, test objectives, testability) Simulate cyber properties before prototypes/hardware available Corporate Test Capabilities (dedicated networks, labs for LRUs, virtual cyber range) Tailored to Domain and End Users Internal IT: protect Intellectual Property (static/dynamic code analysis, pen testing+) Military: Contract requirements, need clear RFP guidance, especially DT&E Commercial Air: Safety driven (DO178-C); need security certification guidance Threat-Based Test Planning and Beyond Understand the threat (specific to the environment) Determine what to test, how to test Share Threat Data with Industry more on this. Tactically Important Operational test and evaluation (OT&E), Pen/Red Expensive (Time, $$$: need more trained personnel) Hard Sell to Management (need requirements from customers) 3

4 Airplane Technology is Evolving Global Mobility is a Requirement Hardware functions transitioning to software- hosted features Advanced features added to airplane ~ 28MB Connectivity demands increasing Resilient systems a requirement Software assurance, systems engineering, supply chain risk Connectivity 2010 None Ku L Band Air/Gnd Connectivity Ku Data Transmitted Ka (MB / Flight) None L Band Air/Gnd 4

5 Guiding Principles Build it Right, Continuously Monitor Airplanes are Safe Design guidelines / Test protocols Cyber Issue Papers FAA regulatory compliance Special Conditions Layered protection FAR Equipment, Systems, & Installations Critical, Essential, Non-Essential Failure modes Domain separation Configuration control Actively manage Fault reporting Log analysis Information sharing 5

6 Advanced Persistent Threat An Adversary that Possesses significant levels of expertise / resources Creates opportunities to achieve its objectives by using multiple attack vectors (e.g. cyber, physical) Establishes footholds within networked architecture systems To exfiltrate information Impede critical mission or program objectives Position itself to carry out objectives later Critical to Protect Aircraft Design and IP 6

7 The Threat A National Security Issue Rapidly escalating cyber threats Executive action Executive Order 13636: Improving Critical Infrastructure Cybersecurity Presidential Policy Directive 21: Critical Infrastructure Security and Resilience Comprehensive Global approach Resiliency for our Critical Infrastructures Cybersecurity is a National Security Issue Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. Feb, 2013

8 Promoting Private Sector Cybersecurity Information Sharing Executive Order (EO) 2/13/15 Encourages the formation of communities to share information broadly across regions, sectors and industries, and to rapidly respond to emerging threats. Voluntary establishment of Information Sharing and Analysis Organizations (ISAOs), includes Information Sharing & Analysis Centers (ISACs) Open and collaborative approach Omni-directional communication Bridges gap between the public/private sector Voluntary standards for sharing. Efficient means for granting clearances Working Together is Critical 8

9 Newly-formed Aviation ISAC Working Together across the Aviation Sector Incorporated September 2014 Building membership International engagement Leveraging other ISACs Services Available Focused Intelligence Information/Briefings Cyber-Physical Integration Member to Member Sharing Distribute Information Gathering Costs across the Sector and with other Sectors Non-attribution and Anonymity of Submissions Information source for the entire organization Risk mitigation for aviation sector Comparative advantage in risk mitigation Security and Resiliency National Council of ISACs 9

10 Operational Model for A-ISAC Shared Situational Awareness across Aviation Sector Establish 3 rd party organization dedicated to Aviation Focus on cyber & physical threats to aviation Fusion of private sector & USG info NCCIC Cross Sector Awareness ADIAC Intel sharing focused on Aviation A-ISAC Dissemination private sector / share anonymously Intelligence watch floor for sector intel Analysis, production, reporting of threats / intel Protocols for info sharing & attribution (TLP) Virtual, leveraging partners analytical capabilities Info sharing roles & responsibilities Collection & sharing of member reporting Dissemination of USG reporting Liaise with USG Coordinate with ISACs from other critical infrastructure sectors Disseminate timely, actionable intelligence to Aviation Sector 10

11 A-ISAC Info Sharing Relationships Timely, Actionable Intelligence, Anonymized A-ISAC Members General Airlines Aviation Air Cargo Service Airports Providers Suppliers Manufacturers MROs- FBOs Industry Associations Anonymized 10 Members Incident reporting Tips / field reports TLP A-ISAC Intelligence Incident reporting Trends & analysis TLP Govt & All Other Gov & All Other Open Sources Other Industries & Sectors Other Info Sharing Orgs - NCI NCCIC ADIAC Other Govt VOLUNTARY Anonymized Urgent alerts & indicators Intelligence reports Best practices Mitigation strategies Analyzes, aggregates, fuses information Filters & selects for Aviation relevance Protects member info & attribution (TLP) Creates alerts & analysis for members Coordinates response & recovery Interfaces with Gov / other sectors Aviation expertise Indicators Incident reports Mitigation actions January

12 Resilient / Trustworthy Systems Essential The Connected Airplane is here Interoperability / Interconnections - shifting the paradigm Working Together across all disciplines is essential Our Network Strategy is driving A common cross model airborne infrastructure Common off-board communications links Common ground interfaces Application & service offerings Addressing Cybersecurity is essential New territory for regulators and private sector Will drive service model to a push for in-service support A Working Together Model is key Leveraging all stakeholders across the community Cyber security must be embedded across the aviation ecosystem Cybersecurity must be addressed throughout the lifecycle

13 Summary The Trajectory Shared Situational Awareness and Collaboration Trusted environment for anonymized information sharing and collaboration Shared situational awareness Focused, actionable intelligence Global engagement Greater responsiveness and resilience Reduced business risk A Resilient Global Aviation Transportation System

14 Copyright 2013 Boeing. All rights reserved. Thank you!

15 Contact Information The Trajectory Safe, Secure, Efficient and Resilient Global Air Transportation System Faye Francy, Executive Director Terrance Kirk, Operations Manager Douglas Blough, Senior Analyst Candice Burke, Secretary Working Together Across the Aviation System For A Resilient Global Aviation Transportation System cburke@a-isac.com

16 A-ISAC Press Release (September, 2014) Industry players join to improve global aviation security Annapolis Junction, MD, September 29, 2014 Private companies in the aviation sector are collaborating to create a means for analyzing and sharing information about physical and cyber security threats across the industry. Seven airlines and manufacturers have established the Aviation Information Sharing & Analysis Center (A-ISAC), a non-profit organization based in Annapolis Junction, MD. A-ISAC will function as a specialized forum for managing security risks to the aviation industry as well as those encountered by companies directly linked to the broader aviation infrastructure. A-ISAC will create a framework for government and industry stakeholders to enhance existing intelligence resources through quick and efficient information sharing. The Center also will establish initiatives to improve incident response time to security threats and be active in the development of policies on security, incident response, and information sharing issues. About A-ISAC - The Aviation Information Sharing & Analysis Center, formed in 2014, is a non-profit and private aviation sector initiative. It was created and developed in conjunction with the Aviation Sector Coordinating Council and members from across the aviation industry. Its primary function is to allow member firms to share timely, relevant and actionable physical and cyber security information and analysis pertaining to threats, vulnerabilities and incidents. The A-ISAC also enables collaboration between member firms and government. 16