Overview FAA IT & ISS R&D: Security Today Security Tomorrow
-
Upload
mercedes-holman -
Category
Documents
-
view
16 -
download
0
description
Transcript of Overview FAA IT & ISS R&D: Security Today Security Tomorrow
Overview FAA IT & ISS R&D:Security Today
Security Tomorrow
Marshall PotterChief Scientist for Information Technology
Federal Aviation AdministrationAIO-4
(202) [email protected]
Three FAA Mission Goals*
Safety: Reduce fatal aviation accident rates by 80 percent in ten years
Security: Prevent security incidents in the aviation system
System Efficiency: Provide an aerospace transportation system that meets the needs of users and is efficient in applying resources
* FAA Strategic Plan
3
MilitaryAirlines
Flight DataSpecialists
Traffic FlowManagement
Air TrafficControllers
Certification/RegulationSystems
SystemSpecialists
Center Weather
Service Unit
Department of Homeland Security
Ubiquitous Availability of InformationUbiquitous Availability of Information
Common Situation Awareness
Administrative Systems
General AviationFlying Public
4
The CIO wants the ability to:
• Know how well our assets are protected • Know the effort/cost of providing security• Know how well we are maintaining our
security• Identify the “observables” of pending attacks• Reduce the attack surface• Know that we are investigating the most
appropriate R&D areas to improve our processes?
5
The CEO wants to know:
• How secure am I?• Am I better off today than last year?• Am I spending enough on security?• What has my money accomplished?• What’s the value of my investment?• What trends are we seeing?• If I gave you $x, how would you invest it?
6
FAA’s 5 Layers of System Protection
Public Key Infrastructure
Biometrics
ISSArchitecture
Analytical Tool Sets
Encryption
Smart Cards
Authentication
Access Control
Confidentiality
Integrity
Availability
Architecture & Engineering
Personnel Security
Physical Security
Cyber Hardening Elements
Compartmentalization
Redundancy
FAA R&D Initiatives
Safety
FAA Operational Goals R&DFocus Areas
Technology Needs
Security
Efficiency
Real Time Intrusion Protect, Detect,
Response & Recovery
Integrity and Confidentiality
in theMobile
Environment
Trustworthy Systems from
Untrustworthy Components with
Untrustworthy Actors
• Cyber Panel• Incident classify & characterize• Indicators and Warnings• Intrusion Detect/Isolate• Incident Response/Recovery• ----------------• Adaptive Survivable
Infrastructure• Cryptography (PKI, VPN)• Identification & Authentication• Malicious code protection
Situational understanding• Vulnerability Assessments• -------------------• Infrastructure: Adapt/Survive• Boundary Protection• Composable Trust• Cryptography (PKI, VPN)• Identification & Authentication• Malicious code protection
Situational understanding Models of Trust
• Vulnerability Assessments
8
Summary
• FAA goals address safety, security and efficiency, but safety is always a preeminent concern
• Our approach attempts to address security in depth with a layered model
• Three focus areas were proposed in the past, are these the ones we should be working on or are changes necessary?
• Today, findings and results of on-going efforts will be presented, tomorrow, breakout groups will propose future efforts, out-briefs on Thursday