How a global industry player addresses the Cybersecurity challenges of Air Transport

Similar documents
The Thales group. How a global industry player addresses the Cybersecurity challenges of Air Transport

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Enhancing the cyber security &

Cyber Security Technologies

ICB Industry Consultation Body

2016 Air Transport IT Summit Cybersecurity - tackling the threat the Airport Approach

Cybersecurity and Commercial Aviation

ACARE WG 4 Security Overview

MCGILL UNIVERSITY/PEOPIL CONFERENCE DUBLIN OCTOBER 2018

SUMMIT ON CYBERSECURITY IN CIVIL AVIATION EUROPE, MIDDLE EAST AND AFRICA (EMEA)

Position Paper of the ASD Civil Aviation Cybersecurity Taskforce

Cybersecurity, safety and resilience - Airline perspective

Airport Security & Safety Thales, Your Trusted Hub Partner

ICAO Seminar/workshop on the Implementation of ground/ground and air ground data link applications in the SAM region

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Aviation Security Committee

2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

Executive Insights. Protecting data, securing systems

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Integrated Communications for Airports

Cybersecurity and Hospitals: A Board Perspective

Security Standardization and Regulation An Industry Perspective

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

Centralised service 6-7: Ensuring the resilience of centralised services cyber-security and sharing cyber intelligence

13th Florence Rail Forum: Cyber Security in Railways Systems. Immacolata Lamberti Andrea Pepato

Cybersecurity & Digital Privacy in the Energy sector

Gujarat Forensic Sciences University

Cybersecurity. Securely enabling transformation and change

CYBER RESILIENCE & INCIDENT RESPONSE

Final Project Report. Abstract. Document information

Cyber security in European ATM

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Discussion on MS contribution to the WP2018

Presentation of Iris. ART-Workshop 'CNS and Infrastructure 13 th March 2018

Cyber Security on Commercial Airplanes

Continuous protection to reduce risk and maintain production availability

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

Helping our customers master every decisive moment

CYBER SOLUTIONS & THREAT INTELLIGENCE

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

Cyber Security. CyberSecurity. For more information: Airbus CyberSecurity

T-SURE VIGILANCE CYBER SECURITY OPERATIONS CENTRE

WORKSHOP CYBER SECURITY AND CYBERCRIME POLICIES FOR AFRICAN DIPLOMATS. Okechukwu Emmanuel Ibe

Enterprise D/DoS Mitigation Solution offering

ICB Industry Consultation Body

IT Modernization In Brief

EU policy on Network and Information Security & Critical Information Infrastructures Protection

White paper: ATM-grade networks

FOR FINANCIAL SERVICES ORGANIZATIONS

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

Digital Health Cyber Security Centre

Data Centers & Technology:

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Role of NATO and Energy Security Centre of Excellence in Supporting Protection of Critical Energy Infrastructure and Enhancing its Resiliency

The NIS Directive and Cybersecurity in

to Enhance Your Cyber Security Needs

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

About Issues in Building the National Strategy for Cybersecurity in Vietnam

PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK

National Policy and Guiding Principles

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

European Union Agency for Network and Information Security

MRO Cybersecurity SWOT

Caribbean Cyber Security: Not Only Government s Responsibility

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

REGIONAL COOPERATION: THE EUROPEAN EXPERIENCE

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

Critical Infrastructure Protection in the European Union

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Secure Societies Work Programme Call

ENISA EU Threat Landscape

Securing Europe s IoT Devices and Services

AKAMAI CLOUD SECURITY SOLUTIONS

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

Aerospace Technology Congress 2016 Stockholm, Sweden

CYBER THREAT IN AVIATION ARE YOU READY TO ADDRESS IT YET?

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Copyright 2016 EMC Corporation. All rights reserved.

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

Critical Information Infrastructure Protection Law

Securing the Grid and Your Critical Utility Functions. April 24, 2017

Aviation Cyber Security Efforts

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Critical Infrastructure

Helping our customers master every decisive moment

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Towards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things

Cybersecurity and Communications Based Train Control

Unit 3 Cyber security

Securing strategic advantage

Angela McKay Director, Government Security Policy and Strategy Microsoft

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

CRITICAL INFRASTRUCTURE AND CYBER THREAT CRITICAL INFRASTRUCTURE AND CYBER THREAT

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Strategies for Maritime Cyber Security Leveraging the Other Modes

Control Systems Cyber Security Awareness

Office of Infrastructure Protection Overview

Transcription:

How a global industry player addresses the Cybersecurity challenges of Air Transport ICAO Cyber Summit and Exhibition Making Sense of Cyber Dubai, United Arab Emirates 4 6 April 2017 thomas.hutin@thalesgroup.com www.thalesgroup.com OPEN

Air Transport Cyber-attack surface is growing More interconnected systems means more reachable targets Increasing Connectivity and use of non-protected by design A/G Data Link Communication More access points with networking and System Wide Information Management (SWIM) for CDM Migration for interoperability to standard IP-based network with publicly available vulnerabilities Less isolated architectures with e-enabled aircrafts, clouded services, virtual center and remote processing, Total Airport Management 2

Cyber-attacks are multiplying in many sectors Destructive attacks TV5 Monde, Ukraine power grid attack Denial of service attacks Boryspil Airport (Kiev Ukraine), Indonesian targets including airlines and airports (to protest against Air pollution), Hanoi Ho Chi Minh airports Information theft Operation Cleaver (Pakistan, Qatar, Korean airlines, etc.), US Office of Personnel Management 3 Ransomware Hospitals, Civil Aviation Authority...

Potential Aviation Threats Actors Persons of Interest Offensive operations Nation States Criminals Financial Gain Fraud Ransomware > Destruction < Disruption Terrorism Hacktivists Activism Kudos Geopolitics 4

Lessons learned from other domains All victims of cyber attacks had some cybersecurity countermeasures in place Cyber-attacks are detected today through side effects Rebuilding a system is no easy task and back-up systems won t probably help Cyber-analysis including testing, attack simulation & exercise are best practices Full protection is not achievable, anticipation, detection & resilience are recommended Attack treatment Manage communication with all internal & external stakeholders A successful Cyber-attack can cost up to tens of M$ Immediate direct cost due to service interruption for hours or days Indirect cost for investigation and clean rebuilding 5

Cyber threats in air transports? Surveillance & Navigation infrastructure Airport ANSP Maintenance Control Center MCC Operational Control Center OCC Aircraft data & parts supplier & third Party

Impacts of connectivity and e-enabled aircrafts for the airlines? How to integrate new e-enabled aircrafts in my IT system without impairing safety or operations? Did I take into account the cyber risks in my Safety Management System? How do I operate the security functions of my connected aircrafts? (Operational Manual) Do I have cybersecurity in my ERP (Emergency Response Plan)? Am I ready to detect cyber attacks during flight? How to integrate IATA recommended practices on cybersecurity? How to protect passengers data? 7

Growing cyber-risks are rising questions to many ANSP As critical operator how to cope with strengthening regulation in particular for legacy systems? Is my surveillance network a major weakness? Or elsewhere? What is the safety and operational impacts of cyber-attacks? Does contingency planning enough to be resilient against serious attacks? What is my policy about cyber-incident and more generally about Cybersecurity? Does cyber-protection enough? What is the minimum level? What kind of training for my staff? Should I organize exercises? 8

A wide range of cybersecurity challenge for airports operators What would be the impacts of modification and unavailability of AODB? How to manage cybersecurity of critical SCADA systems? What are the impacts of cyber attacks on Security (baggage reconciliation, access control )? How to protect from hybrid attacks? How to ensure cybersecurity of IT networks: vital communication services to airport & public access for passengers? How to ensure cybersecurity of IT infrastructure to airlines (DCS, PC for load sheet preparation )? How to protect passenger personal data? 9

The need for coordinated approach Cyber-Threats increase Civil Aviation Authorities ATM Cyber-attacks surface increases New regulation on cybersecurity Need to ADAPT and IMPROVE cybersecurity posture Airlines ANSP Airports Manufacturing Industry 10

Working with you in Air Transport Cybersecurity initiatives Through ICAO IHLG with ICAO, IATA, CANSO & ACI (A39-19) WP236/Coordinating Cybersecurity work Civil Aviation Cybersecurity Task Force of 11 Discussion with EASA (roadmap and ECCSA) Established relationship with ECAC Member of ARAC ASISP WG Member of CANSO WG Member of EU-ISAC Standardization : WG72, A871, A771

Our harmonisation expectations for Air Transport 12 Cybersecurity evolution for communication standards Asterix, CPDLC, ADS-B, ACARS Framework and guide for assessment, labeling and certification of cybersecurity System Product Component Services Policy for vulnerability management Disclosure Awareness

Our internal initiative Thales combines expertise: domain and cybersecurity Investment for providing state-of-the art solutions & services for global Aviation Cybersecurity New solutions & services dedicated to Air Transport systems Integration of Cybersecurity in our engineering process & tool Awareness and Training of our staff #1 Worldwide provider of Air Traffic Management (ATM) Air Defence Space #3 worldwide and No.1 in Europe in avionics #2 worldwide in in-flight entertainment and connectivity Airport Our cybersecurity transformation plan to help our customers make cybersecurity an enabler for new usages and services development 13

What can we do as Thales? Leverage experiences from other domains : Defense, Banks, Satellite Provide in-depth cybersecurity (from boundary protection to core components) Develops specific solutions through deep domain knowledge Propose preventive cybersecurity maintenance Feed cybersecurity monitoring with domain Threat Intelligence (*A-ISAC, ECCSA ) Support customers with dual expertise team in case of intrusion (Rapid Reaction Team) 14

WORLD LEADER IN DATA PROTECTION Thales experience in Cybersecurity EUROPEAN LEADER IN CYBERSECURITY OPERATION AND CYBERSECURITY OF CRITICAL CUSTOMERS 130 INFORMATION SYSTEMS FOR OVER PROTECTION OF THE WORLD S BANKING TRANSACTIONS 80 2,000 CYBERSECURITY HIGH-GRADE SECURITY PRODUCTS AND SOLUTIONS (CONFIDENTIAL OR TOP SECRET) FOR 50 % SECURITY FOR 19 OF THE 20 LARGEST BANKS SPECIALISTS 5 CYBERSECURITY OPERATIONS CENTRES COUNTRIES INCL. NATO COUNTRIES CYBERSECURITY FOR 9 OF THE TOP 10 INTERNET GIANTS 5 DATA CENTRES 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback