Overview FAA IT & ISS R&D: Security Today Security Tomorrow Marshall Potter Chief Scientist for Information Technology Federal Aviation Administration.

Slides:

Advertisements

Similar presentations

Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski.

Advertisements

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.

DHS, National Cyber Security Division Overview

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Information Visualization Solutions March 15-16, 2007 Information Visualization Solutions Team Overview & Analysis ~ Michael Hardy.

Security Controls – What Works

Building a Successful Security Infrastructure

May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.

THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS Arthur Pyster Deputy Assistant Administrator for Information Services and Deputy Chief Information.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Asia Pacific Economic Cooperation Transportation Working Group ITS Experts Group Chicago, Illinois September 2002 Walter Kulyk, P.E. Director, Office of.

IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Stephen S. Yau CSE , Fall Security Strategies.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

NETWORK SECURITY.

Presented to: MPAR Working Group By: William Benner, Weather Processors Team Manager (AJP-1820), FAA Technical Center Date: 19 March 2007 Federal Aviation.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

Creating a Security Architecture Kim Milford, J.D., CISSP Information Security Manager University of Wisconsin Copyright Kim.

RST processes Session 6 Presentation 3. A framework for RST processes Establishing an RST Membership Terms of reference Work programme (schedule, agenda,

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

SEC835 Database and Web application security Information Security Architecture.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Cyber vs Legislation and Ethics Colonel John Doody Panel Chair.

United States Coast Guard Port Security Assessment Program Evaluability Assessment LaKeshia Allen Alexandra Sommers May 2, 2005.

© 2014 The MITRE Corporation. All rights reserved. Greg Nelson June 23, 2014 Aviation Safety Information Analysis and Sharing (ASIAS) Overview.

Confidentiality Integrity Accountability Communications Data Hardware Software Next.

Joseph Ferracin Director IT Security Solutions Managing Security.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

Security Architecture

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

Protecting GPS Transportation Infrastructure – Action Plan Status Report 43rd CGSIC Meeting Washington, DC March 10, 2004  CDR Peter Keane U.S. Department.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.

Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Note1 (Admi1) Overview of administering security.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Enterprise Cybersecurity Strategy

From Information Assurance to Trusted Systems – A Strategic Shift Patricia A. Muoio Chief, NSA Trusted Systems Research (formerly known as National Information.

Information Security: Model, Process and Outputs Presentation to PRIA WG November 10, 2006.

1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

USER FORUM AVIATION WEATHER: OPPORTUNITIES FOR IMPLEMENTATION July , 2000 Bethesda Ramada Hotel and Conference Center Bethesda, Maryland Product.

ORLANDO FSDO-15 FLIGHT INSTRUCTOR SPECIAL EMPHASIS PROGRAM.

Thomas E. Noonan President and Chief Executive Officer Issues in eBusiness Security.

Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.

Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.

A Technology Partnership for the New Millennium Anne Harlan, Director William J. Hughes Technical Center 68th NASAO Annual Convention September 20, 1999.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

1 Iowa Emergency Management Association Iowa Homeland Security and Emergency Management Department Emergency Management Program Development Course EMERGENCY.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.

Information Security KRISHNAKUMAR RAGHAVAN (KK) NASWA's Information Technology Support Center 1.

Capabilities Matrix Access and Authentication

The University of Adelaide, School of Computer Science

THE IMPACT OF COTS COMPONENTS ON BUILDING TRUSTWORTHY SYSTEMS

RST processes Session 5 Presentation 2.

Security as Risk Management

How to Mitigate the Consequences What are the Countermeasures?

Group Meeting Ming Hong Tsai Date :

Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham

Presentation transcript:

Overview FAA IT & ISS R&D: Security Today Security Tomorrow Marshall Potter Chief Scientist for Information Technology Federal Aviation Administration AIO-4 (202)

Three FAA Mission Goals* Safety: Reduce fatal aviation accident rates by 80 percent in ten years Security: Prevent security incidents in the aviation system System Efficiency: Provide an aerospace transportation system that meets the needs of users and is efficient in applying resources * FAA Strategic Plan

3 Military Airlines Flight Data Specialists Traffic Flow Management Air Traffic Controllers Certification/Regulation Systems System Specialists Center Weather Service Unit Department of Homeland Security Ubiquitous Availability of Information Common Situation Awareness Administrative Systems General Aviation Flying Public

4 The CIO wants the ability to: Know how well our assets are protected Know the effort/cost of providing security Know how well we are maintaining our security Identify the “observables” of pending attacks Reduce the attack surface Know that we are investigating the most appropriate R&D areas to improve our processes?

5 The CEO wants to know: How secure am I? Am I better off today than last year? Am I spending enough on security? What has my money accomplished? What’s the value of my investment? What trends are we seeing? If I gave you $x, how would you invest it?

6 FAA’s 5 Layers of System Protection Public Key Infrastructure Biometrics ISS Architecture Analytical Tool Sets Encryption Smart Cards Authentication Access Control Confidentiality Integrity Availability Architecture & Engineering Personnel Security Physical Security Cyber Hardening Elements Compartmentalization Redundancy

FAA R&D Initiatives Safety FAA Operational Goals R&D Focus Areas Technology Needs Security Efficiency Real Time Intrusion Protect, Detect, Response & Recovery Integrity and Confidentiality in the Mobile Environment Trustworthy Systems from Untrustworthy Components with Untrustworthy Actors Cyber Panel Incident classify & characterize Indicators and Warnings Intrusion Detect/Isolate Incident Response/Recovery Adaptive Survivable Infrastructure Cryptography (PKI, VPN) Identification & Authentication Malicious code protection Situational understanding Vulnerability Assessments Infrastructure: Adapt/Survive Boundary Protection Composable Trust Cryptography (PKI, VPN) Identification & Authentication Malicious code protection Situational understanding Models of Trust Vulnerability Assessments

8 Summary FAA goals address safety, security and efficiency, but safety is always a preeminent concern Our approach attempts to address security in depth with a layered model Three focus areas were proposed in the past, are these the ones we should be working on or are changes necessary? Today, findings and results of on-going efforts will be presented, tomorrow, breakout groups will propose future efforts, out-briefs on Thursday