CYBER SECURITY AIR TRANSPORT IT SUMMIT

Similar documents
How a global industry player addresses the Cybersecurity challenges of Air Transport

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Enhancing the cyber security &

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

European Union Agency for Network and Information Security

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Background FAST FACTS

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Cybersecurity The Evolving Landscape

External Supplier Control Obligations. Cyber Security

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Express Monitoring 2019

Cyber Insurance: What is your bank doing to manage risk? presented by

Gujarat Forensic Sciences University

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

SRM Service Guide. Smart Security. Smart Compliance. Service Guide

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

The NIS Directive and Cybersecurity in

EU General Data Protection Regulation (GDPR) Achieving compliance

Cybersecurity Auditing in an Unsecure World

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Securing Digital Transformation

Building a Resilient Security Posture for Effective Breach Prevention

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

Copyright 2016 EMC Corporation. All rights reserved.

The Modern SOC and NOC

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Security: 3 key areas to lock down now. Ebook

CYBER THREAT IN AVIATION ARE YOU READY TO ADDRESS IT YET?

How will cyber risk management affect tomorrow's business?

CYBER INSURANCE: MANAGING THE RISK

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

2016 Air Transport IT Summit Cybersecurity - tackling the threat the Airport Approach

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

Cybersecurity and Nonprofit

Supplier Training Excellence Program

Effective Strategies for Managing Cybersecurity Risks

MCGILL UNIVERSITY/PEOPIL CONFERENCE DUBLIN OCTOBER 2018

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cyber Security Technologies

Executive Insights. Protecting data, securing systems

2 nd Cybersecurity Workshop Test and Evaluation to Meet the Advanced Persistent Threat

THE POWER OF TECH-SAVVY BOARDS:

Address C-level Cybersecurity issues to enable and secure Digital transformation

Airport Security & Safety Thales, Your Trusted Hub Partner

How to Prepare a Response to Cyber Attack for a Multinational Company.

Cybersecurity, safety and resilience - Airline perspective

Business continuity management and cyber resiliency

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

Run the business. Not the risks.

ICB Industry Consultation Body

Discussion on MS contribution to the WP2018

A Disciplined Approach to Cyber Security Transformation

Manchester Metropolitan University Information Security Strategy

GDPR: The Day After. Pierre-Luc REFALO

CYBER SECURITY AND MITIGATING RISKS

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Position Paper of the ASD Civil Aviation Cybersecurity Taskforce

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Leading our discussion today

Cyber Risk Having better conversations on cyber

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Securing Your Digital Transformation

Cyber Resilience. Think18. Felicity March IBM Corporation

Cybersecurity. Securely enabling transformation and change

Cyber Security on Commercial Airplanes

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Cyber Security Stress Test SUMMARY REPORT

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Incident Response Services

Cyber Security: Threat and Prevention

The University of Queensland

Security by Default: Enabling Transformation Through Cyber Resilience

BHConsulting. Your trusted cybersecurity partner

Cyber Security Incident Response Fighting Fire with Fire

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cyber Security Program

The Impact of Cybersecurity, Data Privacy and Social Media

MITIGATE CYBER ATTACK RISK

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

BUSINESS CONTINUITY MANAGEMENT

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

2016 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

What is Penetration Testing?

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

CISO View: Top 4 Major Imperatives for Enterprise Defense

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cybersecurity and Hospitals: A Board Perspective

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Transcription:

CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY

CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY

CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY

SITA Cybersecurity SITA 2017 CYBER SECURITY IS THE #1 CHALLENGE FOR OUR INDUSTRY 81% of large companies have reported a breach 63% of airports consider sophisticated attacks a significant threat 77% of airlines consider cyber security at board level 72% of CIOs are investing in major cyber security projects

WHERE YOU DON T WANT TO BE... IDEALLY SITA Cybersecurity SITA 2017

SITA Cybersecurity SITA 2017 AVIATION CYBER THREATS LANDSCAPE Threats Risks Business Impacts HACKTIVISTS Information disclosure, disruption, reputation TECHNOLOGY Digital and Smart Legacy Systems Inventory and Patching New cyber weapons COMPLIANCE CRIMINALS Loyalty Programs, fraud, ransomware... + PEOPLE Human vector Shortage of expertise REPUTATION STATE & COMPANY DESTABILIZATION REGULATION FINANCIAL Espionage, service disruption, assets destruction Data Privacy, Aviation Industry, Critical Infrastructures

SITA Cybersecurity SITA 2017 TECHNOLOGY RISKS > BUSINESS IMPACT CISO, CIO Board, CEO, CMO, CRO, CFO... Confidentiality Reputation DATA & INFORMATION SYSTEMS Integrity Availability AVIATION CYBER SECURITY RESILIENCE Financial Resilience PEOPLE & ENVIRONMENT Technology Risks Business Impact

AVIATION EXECUTIVES CONCERNS SITA Cybersecurity SITA 2017 CISO, CIO Board, CEO, CMO, CRO, CFO Is is possible for a threat actor to put down an aircraft? Can you help to protect my reputation and safety? We need a Security Operations Centre to be compliant to regulation, could you help? Could you test the effectiveness of my incident detection? We need to assess our Security Program and Strategy. Could you add us to your Cyber Threat Intelligence community service? CONCERNS FOR CYBER RISKS I am facing a cyber crisis, could you send your experts now? How do I stop hackers from stealing my customers miles? Could you help us understanding the ATI specific threats & risks? How do I compare to others? Could you help me with GDPR or other regulations (NIS, PCI DSS, CNI, BSI...) Business Drivers Regulatory Compliance Avoid Damaged Reputation Avoid Regulatory Fines Cyber Risk Insurance

SITA Cybersecurity SITA 2017 AVIATION CYBERSECURITY FRAMEWORK Identify aviation cyber risks Develop the institutional understanding to manage cybersecurity risk to systems, assets, data, and capabilities AVIATION CYBER SECURITY RESILIENCE Protect Aviation critical assets Risk mitigation controls and safeguard tailored to the Air Transport context and constraints. React for business safeguard Mitigate potential business impacts of an incident or eventually a crisis. Detect Industry specific attacks Tailored detection solutions and scenario to the aviation sector. Source: SITA Analysis

SITA Cybersecurity SITA 2017 SITA CYBER SECURITY SERVICES IDENTIFY THE CYBER THREAT o o o Risk, Compliance and Maturity Assessment. Cyber Security Program. Vulnerability Assessment and Penetration Testing. REACT TO CYBER ATTACKS SITA CYBER SECURITY PORTFOLIO PROTECT COMPANY ASSETS o Perimeter, End Point, Data. o Identity and Access. o Cloud Security o Awareness & Training. DETECTION OF CYBER ATTACKS o o o Incident Response. Crisis Management. Compromise Assessment. o o o Aviation Security Operations Centre (SOC). Industrial Control Systems Monitoring. Contextual Threat Intelligence.

SITA Cybersecurity SITA 2017 FOCUS : TYPICAL AVIATION CYBER SECURITY PROGRAM IDENTIFY PROTECT DETECT REACT EXECUTIVE LEVEL AWARENESS RESOURCES & FUNDING TARGET OPERATING MODEL Maturity Assessment Benchmarking RISK ASSESSMENT REGULATORY COMPLIANCE Cybersecurity Strategy Target Model Definition Cybersecurity Transformation Program Risk Appetite Managed Security Services Mitigation Measures IT /OT security governance Users and third party Information security policies Communication & awareness User account & rights management Information system hardening Servers administration & operations Network partitioning Integration of security in project Security Operations Center SIEM Security Information Management Systems Monitoring & Reports Logging Policy Definition & Implementation Inform Stakeholders Business Continuity Cybersecurity Incident Process Cybersecurity Incident Classification Cybersecurity Readiness (People & Tools) Incident Response External Incident Response Team Compromise Assessment CONTINUOUS IMPROVEMENT (IDENTIFY PROTECT DETECT REACT)

SITA Cybersecurity SITA 2017 AIRPORT USE CASE CYBER MATURITY ASSESSMENT 1. BUSINESS RISKS 2. BUSINESS PROCESSES 3. TECHNOLOGY ASSETS 4. CYBER RISK ASSESSMENT Identify and assess business risks relevant to your transformation program Review impacted business activities, processes and controls Identify critical IT assets supporting these business processes > vulnerabilities? Identify potential threats, assess cyber risks Program / Acquisition Strategy Compliance / Regulatory Baggage Management Managing Passengers & Visitors Concessionaires Products & Services LEGACY SYSTEMS ICS / OPERATIONAL TECHNOLOGY Hacktivists Regulations Threats Insiders Criminals Nation-state Technology Reputational Financial Safety Air Traffic Management Maintenance Services Passenger Safety & Security CONNECTED OBJECTS / IOT KIOSKS & SELF- SERVICE DEVICES Cyber Risks Legal Operational Cargo & Freight Services Aircraft Rescue & Firefighting APPLICATIONS AND SERVICES Aeronautical Services Infrastructure Rental Services NETWORK & INFRASTRUCTURE

AIRLINE CYBER SECURITY PROGRAM FOR AIRCRAFT USE CASE IDENTIFY PLANNING IMPLEMENTATION AIRCRAFT SYSTEMS AIRCRAFT OPERATIONAL ENVIRONMENT Threat Intelligence Vulnerabilities Policy Deviations Recent Incidents Internal Risks ICAO EASA A-ISACA OTHERS RISK ASSESSMENT COMPLIANCE MANDATES IFE/IFC ACARS GROUND INFRA MAINTENANCE SATCOM FMS External CURRENT STATE (AS-IS) Maturity Assessment FUTURE STATE (TO-BE) Risk and security management Security assessments Incident response Cyber Intelligence Security monitoring of air and ground assets Cyber security trainings for crews and IT personnel Monitoring & Response - Incident response processes - Crisis management - PR Crew & IT Training - Monitoring and response services operation - Increased cyber security awareness Remediation - Fix - Security Controls - Report /PR - Media monitoring RISK COMPLIANCE & ASSESSMENT DEFINE TRANSFORMATION SCOPE ESTABLISH DELIVERY STRATEGY OPERATIONALIZE Business driver : reputation / SAFETY IS NOT AT STAKE!! SITA Cybersecurity SITA 2017

You have shared with us your top 10 security AVIATION requirements CYBER to have SECURITY efficient solutions : GOOD PRACTICES OBSERVED SITA Cybersecurity SITA 2017 1 Raise awareness with company board 2 Risk-based, top-down approach 3 Perform cyber maturity assessment 4 Prepare for real attacks to lower impact and cost 5 Update Processes, Tools, train people, measure 6 Perform distributed cyber risk assessments of suppliers 7 Adopt industry cybersecurity and data protection standards SITA Cyber Security 8 Engage with peers, share and receive cyber intelligence

Industry Collaboration Cyber Threat Intel. SITA Cybersecurity SITA 2017 THREATS SHARING : SITA COMMUNITY VALUE Foster increased collaboration for: collective defense to facilitate industry responses and mitigation of risks disruption to business Support sharing of actionable security info. on emerging threats, vulnerabilities and techniques to: support their security management and risk mitigation activities

CCTC SHARING PLATFORM SITA Cybersecurity SITA 2017

SITA Cybersecurity SITA 2017

THANK YOU VIVIEN.EBERHARDT@SITA.AERO SITA Cybersecurity SITA 2017

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback