Published on March 11, 2016
1. www.askhelios.com Management and technology consultants Why it’s a problem and how do we fix it? 9 March 2016 @ WAC 2016 Cyber-security in ATM
2. 2 Boryspil International Airport
3. 3 “Future cyber operations will almost certainly include an increased emphasis on changing or manipulating data to compromise its integrity (i.e., accuracy and reliability) to affect decision-making, reduce trust in systems, or cause adverse physical effects” “Countries are becoming increasingly aware of both their own weaknesses and the asymmetric offensive opportunities presented by systemic and persistent vulnerabilities in key infrastructure sectors including health care, energy, finance, telecommunications, transportation, and water. US Director of National Intelligence: ‘Worldwide Threat Assessment of the US Intelligence Community’
4. 4 Successful attacks will occur in ATM Connectivity is increasing Commonality in systems is increasing Attacks only get better
5. 5 Connectivity is increasing Interoperability increasing ICAO GANP and SESAR target concepts Public networks, including the internet
6. 6 Commercial Off The Shelf (COTS) Open standards Common components Concentrated supply chain Commonality in systems is increasing
7. 7 Markets for vulnerabilities Malware that crosses air gaps Persistent threats Attacks only get better
8. 8 A structured, holistic approach is needed
9. 9 No silver bullet … EU Regulation Regional Service Provision Operational Stakeholders and Supply Chains National Functions Local Pan-European Regulation, policy and state functions Operational functions and support
10. 10 No silver bullet … but collaboration needed EU Regulation Regional Service Provision Operational Stakeholders and Supply Chains National Functions Local Pan-European Regulation, policy and state functions Operational functions and support Clear responsibilities for through-life security Coherent regulatory framework Effective risk-reward security governance Public-private information sharing Techniques to secure and assure safety-critical systems Systemic risk understanding Cross-industry incident response mechanisms More ATM Security Expertise Mature Security Management Systems Secure and resilient architecture Integrated Risk Management Supply Chain Risk Management Strong audit regime
11. 11 Successful attacks will occur • Connectivity is increasing • Commonality in systems is increasing • Attacks only get better Risks must be managed • Approach must be structured and holistic • Collaborate for an effective, efficient framework
12. www.askhelios.com For regular updates follow us on Management and technology consultants Matt Shreeve ISO 27001 Information Security Management System Lead Auditor
24 QUARTER 2 2014 AIRSPACE SECURITy ATM is changing rapidly. The industry already makes great use of information and communication technology but
It's time to act and push for implementation-oriented security in order to establish a coherent and efficient security system for ATM. The ICAO Threat and ...
ATM Security is a major component of Aviation Security (AVSEC) and comprises two key areas. Self-protection of the ATM system: Safeguarding of the ATM (Air ...
Cyber Security in ATM: introducing advanced technology for a new concept of operations - a challenge for today’s ATM security? The concept of operations ...
The CANSO Cyber Security and Risk Assessment Guide provides Members with an introduction to cyber security in ATM.
Cyber-security has gone from nothing to being a ‘hot topic’ in ATM. But do we understand the problem and the solutions? Matt Shreeve will explore the ...
Cybersecurity for ATM Thales. Subscribe Subscribed ... For ATM Thales develops and offers fit-forpurpose cyber-security solutions for the ...
The event focuses both on physical ATM security and newer cyber and logical security ... to justify the cost of preventative security for ATM networks.
Study launched to address cyber-security in SESAR. 22/05/2014. ... (SWIM) component will address ATM cyber security threats. ...