Cybersecurity and Commercial Aviation

Transcription

1 Cybersecurity and Commercial Aviation Pascal ANDREI Chief Security Officer Airbus Group Jim Vasatka Director, Aviation Security Boeing Commercial Airplanes

2 Agenda Aviation Cybersecurity External Drivers Challenges Drivers Influencing our Success Threat Outlook Strategy Next Steps Conclusions

3 The External Drivers Safety, security and efficiency of the air transportation system is an imperative Economics and business drive increased connectivity Increasingly complex and dynamic environment Unintended consequences of enhancements to security layers sought without full understanding of the impacts Players acting with malice 3

4 The Challenges Aviation operates in silos Success depends on many stakeholders Slow, deliberative pace of change Broad spectrum of technology deployed Unwillingness to share data necessary for system-wide risk management 4

5 Drivers Influencing our Success a) Aviation cyber standards b) Security culture c) Understand the threats & vulnerabilities d) Understand the risk end-to-end e) Communicate the threats / vulnerabilities & assure situational awareness f) Incident response g) Strengthen the defensive system h) Design principles i) Operational principles j) National R&D Plan k) Work together on strategy, policy and plans l) Ensure common (or compatible) management of security within and across civil aviation (all regions & countries) 5

6 The reasons for cybersecurity concerns December 2016 The cyber security concerns in civil aviation sector mainly result from the combination of two factors: 1. Attractiveness : Increasing number of diversely motivated, dynamic and active threat sources investigating/ targeting (or not) air transport 2. Attack surface of civil aviation sector to cyber security threats is getting bigger and bigger 6

7 CYBERSECURITY THREATS Non exhaustive list Satellite Communications (SATCOM) Passenger Connectivity Outstation Air/Ground Links HF & VHF Electronic Flight Bag, BYOD, Portable data Loader GateLink (Wireless) Gate Operations & Dispatch centre Aircraft data & parts suppliers Warehouse 7 Maintenance & Engineering Centre Hangar 7 7

8 Improvement Tracks Civil Aviation Players: United in Multiplicity and Diversity Currently, not all civil aviation players share a common set of objectives, methods, and criteria for evaluation Perception of Risk depends upon region, culture, values, practices, objectives, interests, oversight, duties, roles My defense is your protection - Only true if we are singing from the same sheet of music! But the Maestro is missing or not ready 8

9 Aviation s Strategy Must Include Understanding the risk and the needs of all stakeholders all over the world (no country/region left behind) Priority-driven, industry-wide alignment of organizational strategies and courses of action Addressing technical, economic and political realities Government policy decisions based on data-driven, riskinformed analysis Openness to consideration of emerging foundational and mitigation technologies 9

10 Next Steps Develop a cybersecurity roadmap for aviation Government-industry consensus on path forward Uniform, system-wide threat analysis capability In-common risk management methodology Information sharing Incident response capabilities Robust, ongoing assessment of emerging mitigation technologies Define next-generation connectivity Define international norms of behavior 10

11 Lessons Learned on Global Threat Sharing Jeffrey Troy Executive Director Aviation Information Sharing and Analysis Center

12 Lessons learned in global threat sharing Acceptance of Cyber RISK in aviation runs the entire spectrum Need industry-view of the cost to remediate C-Suite commitment Growing the capability of the under resourced companies A community of TRUST is the key to successful risk reduction Across and within all industry segments Leaders are sharing War gaming, Red Teaming Incident response is everybody s business Individual, industry and government TTXs