FAA Cybersecurity Test Facility (CyTF) By: Enterprise Information Security Team ANG-B31 Patrick Hyle, William J Hughes Technical Center

Similar documents
Stockton Aviation Research & Technology Park

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

DoD Strategy for Cyber Resilient Weapon Systems

Next Generation Distribution Automation Phase III, Intelligent Modern Pole (IMP) Field Demonstration

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

Why you should adopt the NIST Cybersecurity Framework

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

Cybersecurity and Commercial Aviation

Cybersecurity program & best practices

T-SURE VIGILANCE CYBER SECURITY OPERATIONS CENTRE

Cyber Resilience. Think18. Felicity March IBM Corporation

National Policy and Guiding Principles

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

DEFENSE LOGISTICS AGENCY

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

ICS-CERT Year in Review. Industrial Control Systems Cyber Emergency Response Team

CSD Project Overview DHS SCIENCE AND TECHNOLOGY. Dr. Ann Cox. March 13, 2018

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

FEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017

The Office of Infrastructure Protection

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Rhode Island Air National Guard. Current Cyber Landscape

General Framework for Secure IoT Systems

Cybersecurity for Health Care Providers

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

Canada Life Cyber Security Statement 2018

Role of NATO and Energy Security Centre of Excellence in Supporting Protection of Critical Energy Infrastructure and Enhancing its Resiliency

Provisional Translation

U.S. Department of Homeland Security Office of Cybersecurity & Communications

5G Security. Jason Boswell. Drew Morin. Chris White. Head of Security, IT, and Cloud Ericsson North America

Bradford J. Willke. 19 September 2007

Department of Defense. Installation Energy Resilience

CYBER SOLUTIONS & THREAT INTELLIGENCE

CALIFORNIA CYBERSECURITY TASK FORCE

UNCLASSIFIED FY 2016 OCO. FY 2016 Base

CYBER RESILIENCE & INCIDENT RESPONSE

PA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016

GDPR Update and ENISA guidelines

Cyber Risk in the Marine Transportation System

Science & Technology Directorate: R&D Overview

Implementation Strategy for Cybersecurity Workshop ITU 2016

American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment

Cyber Security Technologies

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

SIEM Solutions from McAfee

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Department of Homeland Security Science and Technology Directorate

CYBER SECURITY AIR TRANSPORT IT SUMMIT

The Office of Infrastructure Protection

Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

UBIQUITIOUS, RESILIENT, SECURE CONNECTIVITY IN THE NEAR-PEER THREAT ENVIRONMENT

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

CompTIA CASP (Advanced Security Practitioner)

Avionics Cyber T&E Examples Testing Cyber Security Resilience to support Operations in the 3rd Offset Environment

Critical Infrastructure Resilience

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Business Continuity Planning Keeping Pace with New Technology

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Aviation & Airspace Solutions MODERNIZING SYSTEMS TRANSFORMING OPERATIONS DELIVERING PERFORMANCE

Protecting the Nation s Critical Assets in the 21st Century

CYBERSECURITY RESILIENCE

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

Understanding Holistic Effects of Cyber Events on Critical Infrastructure

Cyber Security & Homeland Security:

Buyer s Guide. What you need to know before selecting a cyber risk analytics solution

ITU-IMPACT Capacity Building for Least Developed & Developed Countries

Securing Industrial Control Systems

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

Office of Infrastructure Protection Overview

Incident Response Services

Systems Engineering for Software Assurance

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

Information Technology Information Sharing and Analysis Center. First Symposium Barcelona, Spain Feb. 2, 2011

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Designing and Building a Cybersecurity Program

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Establishing a Framework for Effective Testing and Validation of Critical Infrastructure Cyber-Security

PIPELINE SECURITY An Overview of TSA Programs

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

GPS Vulnerability and DHS Mitigation Efforts. David Wulf Acting Deputy Assistant Secretary Infrastructure Protection Department of Homeland Security

Cyber, Command, Control, Communications, and Computers Assessments Division (C5AD)

Continuity of Business

Transcription:

FAA Cybersecurity Test Facility (CyTF) By: Enterprise Information Security Team ANG-B31 Patrick Hyle, William J Hughes Technical Center Date: 08 August, 2016

1 2 3 4 5 6 7 8 2

FAA Provides Aviation Portion of Critical Infrastructure According to a 2005 DHS report: A successful cyber attack which shuts down aircraft operations, the potential losses to the economy would be in the range of $2.5 billion per day. Additional losses could occur due to decreased consumer confidence, and cascading disruptions. The primary goal of the CyTF is to provide cybersecurity research, test & evaluation services which address the changing threat landscape to the FAA NextGen Air Transportation System. 3

FAA Cybersecurity Test Facility (CyTF) FAA Test and Evaluation Capability for Cybersecurity Interoperability 4

FAA Cybersecurity Test Facility (CyTF) Mission: Provide cybersecurity Evaluation and research services to strengthen FAA information security in a Research and Development (R&D) environment. CyTF combines management support, expert engineers, well defined testing procedures, and appropriate technologies in the development and operation of a cost-effective, state-of-the-art cyber test facility Evaluates, verifies, and validates Information Security Continuous Monitoring (ISCM) capabilities for application to the NAS Provides an environment where cyber testing and training will not interfere with NAS and Mission Support continuous operations Offers a facility to assimilate multiple existing partner capabilities for testing and evaluation of vulnerabilities in the integrated aviation environment 5

NAS Enterprise Test Environment FAA Cybersecurity Test Facility State-of-the-art cybersecurity facility providing virtualized and existing NAS laboratories to assess impact of new tools and capabilities on the NAS. Robust and resilient laboratory able to provide a virtual NAS environment under simulated cybersecurity attacks to train and evaluate cyber response and recovery procedures for cybersecurity events Utilizes existing developmental NAS capabilities and R&D networks Virtual NAS systems CyTF NPN Others IDN Labnet R&D Networks 6

CyTF Notional Layout 7

CyTF Physical Layout Red Team White Team Blue Team Range Range FAA Cybersecurity Test Facility White Cell 8

FAA Exercise High Level Network 9

Simulated Cyber Exercise Simulated FAA environment enabled hands-on experience vs. previous TTX iterations Inaugural exercise involved ~ 50 real time participants utilizing the CyTF VM network CyTF provided all network components routers, switches & over 125 end users ( both real and simulated) Team oriented exercise with Red, Blue, White, Orange, Green team members: RED TEAM: represent Intruders WHITE TEAM: plans and conducts the exercise BLUE TEAM: represents the defenders GREEN TEAM: provides Network ops support ORANGE TEAM: provides Technical assessment of the exercise in how it did/did not work; did it meet training needs; note possible improvements for future X ops 10

Exercise Roles & Responsibilities WHITE TEAM Before Exercise: Core Planning, Scenario development, Logistics. During Exercise: Controls & Manages pace of exercise. RED TEAM Attacks the network environment and its machines. BLUE TEAM Defends against the attack. defends the network by executing blocks on firewalls, proxies, etc ORANGE TEAM Before Exercise: Collects the training objectives / requirements. During Exercise: Captures observations & lessons learned, if training objectives were met and generates Blue team assessment reports. GREEN TEAM Ensures the overall virtual environment is available and functional. Intercedes in the event of a virtual environment problem. 11

Product Evaluations CyTF enables test/evaluation of Security products & procedures isolated from live Ops CyTF has to date evaluated ~ 2 dozen various products; Range from very large (Enterprise level) to individual system components/processes Evaluation assesses operational impacts, induced latency, cyber security improvements, and overall product efficacy at the system(s) and aggregated Enterprise levels Evaluations support DHS & USCYBERCOM US Govt continuous detection and mitigation efforts 12

Training Services The simulated environment enables hands-on training and testing of training procedures Assessing the efficiency/efficacy Assessing aggregate impacts Identifying areas for improvement Adaptive VM environment enables tailored training environment Tailorable, adaptive, responsive, contained 13

Lessons Learned There is a growing need for Cyber Labs CyTF addresses this need for the FAA This is the 1 st step of many on a continuous path Collaboration is the BIGGEST key to success Continued collaboration is essential to operations Scalability, adaptive components, are essential from the outset Leverage current & Emerging Cyber initiatives Maintain Cyber acumen, utilize all available resources Government, Business, Academia This is not STATIC and will evolve over time and per force of the changing Cyber Landscape 14

In Summary. The CyTF addresses the need to improve current cybersecurity capabilities commensurate with growing and evolving cybersecurity risks and threats to the FAA Proactively manage cybersecurity risks and threats using a mission-oriented enterprise-wide development and prototyping approach Establish cybersecurity test and evaluation capabilities that protect FAA essential systems and information Tailor continuous monitoring capabilities to efficiently and effectively detect cybersecurity events and attacks Provide robust training and simulation capabilities to respond to and recover from sophisticated cybersecurity events Establish a robust and resilient environment able to evaluate critical services while under a cybersecurity attack 15

Collaboration is Key We need to continue to collaborate internally/externally to reduce FAA vulnerabilities and understand security risks accepted by our partner stakeholders 16

Contact Information FAA Cyber Test Facility : Via E-Mail: 9-ACT-CYTF 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback