The Aviation Information Sharing and Analysis Center (A-ISAC)



Similar documents
Preventing and Defending Against Cyber Attacks June 2011

Preventing and Defending Against Cyber Attacks November 2010

Preventing and Defending Against Cyber Attacks October 2011

Department of Homeland Security

The Comprehensive National Cybersecurity Initiative

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

All. Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and as they relate to the NRF.

Written Statement of Richard Dewey Executive Vice President New York Independent System Operator

Effective Information Sharing and Analysis Process

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY

Managing Cyber Risks to Transportation Systems. Mike Slawski Cyber Security Awareness & Outreach

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

Statement of. Mike Sena. President, National Fusion Center Association. Director, Northern California Regional Intelligence Center (NCRIC)

Boeing is working with industry to establish a unified cyber strategy and deliver cyber security solutions to airlines worldwide.

NH!ISAC"ADVISORY"201.13" NATIONAL"CRITICAL"INFRASTRUCTURE"RESILIENCE"ANALYSIS"REPORT""

Water Security in New Jersey: Partnership and Services

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the

United States Coast Guard Cyber Command. Achieving Cyber Security Together. Homeland Security

Threat and Hazard Identification and Risk Assessment

Cybersecurity Awareness. Part 2

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

Network Security Deployment Obligation and Expenditure Report

National Cyber Threat Information Sharing. System Strengthening Study

US-CERT Year in Review. United States Computer Emergency Readiness Team

Cybersecurity & Public Utility Commissions

Critical Infrastructure Security and Resilience

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

InfraGard San Diego Members Alliance. The FBI s InfraGard Program

DOT HS October Assessment of the Information Sharing and Analysis Center Model

Computer Network Security & Privacy Protection

DHS, National Cyber Security Division Overview

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

2. OVERVIEW OF THE PRIVATE INFRASTRUCTURE

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

State Homeland Security Strategy (2012)

Report on CAP Cybersecurity November 5, 2015

A Crisis Response, Information Sharing View of FFIEC Appendix J?

[This page intentionally left blank]

April 8, Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

The Geospatial Approach to Cybersecurity: An Executive Overview. An Esri White Paper January 2014

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order

National Cybersecurity & Communications Integration Center (NCCIC)

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

Utility-Scale Applications of Microgrids: Moving Beyond Pilots Cyber Security

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems

Professional Services. Consulting Solutions for the Aerospace Industry

CYBER SECURITY GUIDANCE

Written Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.

Confrontation or Collaboration?

WASHINGTON MILITARY DEPARTMENT. Washington State. Significant Cyber Incident Annex

What are you trying to secure against Cyber Attack?

INFRAGARD.ORG. Portland FBI. Unclassified 1

Washington State Fusion Center. The Pacific Northwest Economic Region

The U.S. Department of Homeland Security s Response to Senator Franken s July 1, 2015 letter

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

No. 33 February 19, The President

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

White Paper on Financial Industry Regulatory Climate

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

Cybersecurity Framework: Current Status and Next Steps

MARYLAND. Cyber Security White Paper. Defining the Role of State Government to Secure Maryland s Cyber Infrastructure.

PREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

Docket No. DHS , Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations

National Health Information Sharing & Analysis Center. The National Health ISAC (NH-ISAC) NH-ISAC

The Commonwealth of Massachusetts State Homeland Security Strategy

Cyber Information-Sharing Models: An Overview

GAO CYBERSECURITY. Progress Made but Challenges Remain in Defining and Coordinating the Comprehensive National Initiative

Standing together for financial industry cyber resilience Quantum Dawn 3 after-action report. November 23, 2015

Establishes a concept of operations for incident-related CIKR preparedness, protection, response, recovery, and restoration. 1

Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach

Presidential Summit Reveals Cybersecurity Concerns, Trends

Homeland Security: Information Assurance Challenges and Opportunities. Building the National Cyber Security Division

Testimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing:

Cybersecurity Risk Information Sharing Program (CRISP): Bi-Directional Trust

Water Security Issues: The Federal Perspective. J. Alan Roberson, P.E. Director of Security and Regulatory Affairs AWWA Washington, DC

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

Network Security Deployment (NSD)

Partnership for Cyber Resilience

The PNC Financial Services Group, Inc. Business Continuity Program

Establishing A Secure & Resilient Water Sector. Overview. Legislative Drivers

NH-ISAC. Cybersecurity Resilience Securing the Infrastructures that Secure Healthcare & Public Health. The National Health ISAC

FFIEC Cybersecurity Assessment Tool

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Cybersecurity & the Department of Homeland Security

London Business Interruption Association Technology new risks and opportunities for the Insurance industry

Actions and Recommendations (A/R) Summary

Challenges in Cybersecurity. Major General Bret Daugherty, The Adjutant General, Washington Army and Air National Guard

National Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009

SECURING CYBERSPACE THROUGH PUBLIC-PRIVATE PARTNERSHIP

Business Continuity & Disaster Recovery

Department of Homeland Security Federal Government Offerings, Products, and Services

Appendix 3 Disaster Recovery Plan

Cybersecurity: Authoritative Reports and Resources

Critical Infrastructure in a CyberPhysicalHuman World

Transcription:

The Aviation Information Sharing and Analysis Center (A-ISAC) Faye Francy Aviation ISAC March 2015

The Threat A National Security Issue Rapidly escalating cyber threats Executive action Executive Order 13636: Improving Critical Infrastructure Cybersecurity Presidential Policy Directive 21: Critical Infrastructure Security and Resilience Comprehensive Global approach Resiliency for our Critical Infrastructures Cybersecurity is a National Security Issue Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. Feb, 2013

Promoting Private Sector Cybersecurity Information Sharing Executive Order (EO 13691) 2/13/15 Communities to broadly share information, and rapidly respond to emerging threats. Voluntary establishment of Information Sharing & Analysis Centers (ISACs) Open and collaborative approach Omni-directional communication Bridges gap between public/private sector Voluntary standards for sharing. Efficient means for granting clearances 3

Significant Changes in Aviation Digital Airplanes provide operational efficiencies Digital Age Customers demand connectivity everywhere Airlines want real-time airplane performance data Move from physical media to digital media for software Airplane Design Shift into digital design, connected Federated, isolated systems Safety culture versus a security culture e-enabled Airplanes Greater efficiencies created but also potential risks Cyber threats and vulnerabilities growing Airplanes Are Connected How Do We Protect?

Aviation Industry Call-to-Action Drivers & Challenges External Drivers Influencing Aviation Economic considerations drive increased connectivity The speed at which cyber threats continue to evolve Maintaining security in complex & dynamic environment Integration of physical and cyber threats is critical Continued growth in information sharing and analysis Key Challenges for the Aviation Community Aviation s cyber security honeymoon has ended Success depends on alignment of many stakeholders Broad spectrum of technology deployment throughout fleet Regulatory environment constrains the pace of the change Cyber skills in aerospace engineering are critical 5

Safe, Secure, Efficient & Resilient Global Air Transportation System www MRO Airline SW Supplier Elec Parts Supplier An Airplane is a Global, Mobile Industrial Control System IC s

What is an ISAC? Information Sharing & Analysis Centers (ISACs) Operational concept for sharing information within private sector Established by PPD-63 (1998), HSPD-7 (2003), PPD-21 (2013) DHS National Infrastructure Protection Plan (NIPP) Protection of Critical Infrastructure / Key Resources 16 CIKR sectors defined by PPD-21 Physical and cybersecurity focus Variance in ISAC structures & capabilities Unique Information Sharing Capabilities Company proprietary / PII / SSI USG classified / LE / Foreign Gov Global multi-national companies / foreign OEMs ISACs sit at the nexus of public-private information sharing Copyright 2013 Boeing. All rights reserved. 7

Aviation Sector Protection Purpose Maintain public trust in aviation Reduce risks and costs Timely, Actionable Intelligence Shared situational awareness Resiliency A-ISAC The Airplane is a Global, Mobile, Industrial Control System Copyright 2012 Boeing. All rights reserved. 8 Benefits Access to threat intelligence & analysis Detailed threat monitoring Sector-wide / cross sector view Non-attribution information sharing Crowd sourcing My Detection is Your Prevention

A-ISAC Value Proposition Protecting the Aviation Sector To reduce the risks and costs associated with disruption to aviation operations due to cyber & physical security events Needs Offering What we don t do Benefits Mitigation of business risks Maintaining public trust Comprehensive, across the aviation sector Provision of Indications & Warning (I&W) Preparedness, response, and recovery planning Strategic coordination with global partners / government partners Law enforcement activities Security infrastructure design Lobbying Timely & actionable threat information Common view of cyber & physical threat Fusion and analysis of threat-based, aviationspecific information Protection of private sector data Sharing of best security practices 9

A-ISAC Benefits Risk mitigation for aviation sector Cyber-Physical Integration Focused Intelligence Information/Briefings Member to Member Sharing Non-attribution & Anonymity of Submissions Information source for entire organization Security and Resiliency Alerting / Crisis Notifications Real-time sharing of Aviation Intelligence & Threat Data Weekly Intelligence Summaries Special Intelligence Products Analytic Exchanges / Liaisons Threat Conference Calls Response & Recovery Coordination Distribute Information Gathering Costs across the Sector 10

A-ISAC Info Sharing Relationships Timely, Actionable Intelligence, Anonymized A-ISAC Members General Airlines Aviation Air Cargo Service Airports Providers Suppliers Manufacturers MROs- FBOs Industry Associations 10 Members Incident reporting Tips / field reports TLP A-ISAC Intelligence Incident reporting Trends & analysis TLP Govt & All Other Gov & All Other Open Sources Other Industries & Sectors Other Info Sharing Orgs - NCI NCCIC ADIAC Other Govt VOLUNTARY Anonymized Urgent alerts & indicators Intelligence reports Best practices Mitigation strategies Analyzes, aggregates, fuses information Filters & selects for Aviation relevance Protects member info & attribution (TLP) Creates alerts & analysis for members Coordinates response & recovery Interfaces with Gov / other sectors Aviation expertise Indicators Incident reports Mitigation actions January 2015 11

A-ISAC Collaborative Framework Working Together Across Private and Public Sector Private Sector Airlines Air Cargo Suppliers Manufacturers General Aviation Airports Service Providers Aviation Industry Groups Government Partners Department of Homeland Security NCCIC Transportation Security Admin ADIAC Federal Aviation Administration Federal Bureau of Investigation Intelligence Community (ODNI) Department of Defense (CAOIC) Others Other ISACs, NCI, MROs, FBOs, etc. 3/5/2015

President Barack Obama & DHS Secretary Jeh Johnson NCCIC Visit January 13, 2015

Summary The Path Forward Shared Situational Awareness and Collaboration Trusted environment for collaboration Anonymized information sharing Shared situational awareness Focused, actionable intelligence Global engagement Greater responsiveness and resilience Reduced business risk A Resilient Global Aviation Transportation System

Copyright 2013 Boeing. All rights reserved. Thank you!

Contact Information The Trajectory Safe, Secure, Efficient and Resilient Global Air Transportation System Faye Francy, Executive Director ffrancy@a-isac.com 703-861-5417 Terrance Kirk, Operations Manager tkirk@a-isac.com 301-346-0715 Douglas Blough, Senior Analyst dblough@a-isac.com 609-775-8355 Candice Burke, Secretary Working Together Across the Aviation System For A Resilient Global Aviation Transportation System cburke@a-isac.com 425-238-1164

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information