Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

Internet Protocol Security (IP Sec)
AMHS/SWIM Seminar Chiang Mai, Thailand 5-6 March 2012
FAA AMHS Subnetwork Overview
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
ICAO Provisions for Safety Management
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Security Controls – What Works
Information Security Policies and Standards
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Computer Security: Principles and Practice
Stephen S. Yau CSE , Fall Security Strategies.
Network security policy: best practices
Complying With The Federal Information Security Act (FISMA)
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Presentation to: Name: Date: ICAO Asia-Pacific AMHS Activities & Status ICAO Asia-Pacific AMHS Activities & Status ATS Message Handling System (AMHS )
Asia/Pacific AMHS Implementation Workshop AMHS Description and Implementation December 15-16, 2008 Chennai, India.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Chapter 13 – Network Security
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Federal Aviation Administration Presented to the International Civil Aviation Organization Asia/Pacific Regional AMHS Workshop Chennai, India Date:
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.
AMHS Interoperability
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Abdullah Alshalan Garrett Drown Team 3 CSE591: Virtualization and Cloud Computing.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
Module 5: Designing Security for Internal Networks.
Federal Aviation Administration 2011 V&V Summit: Verification & Validation Overview Presented by: John Frederick Date:10/19/11.
9-Oct-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) FNAL 9 October 2003 David Kelsey CCLRC/RAL, UK
Victor Kourenkov ICAO EUR/NAT Regional Officer Almaty, 5 to 9 September 2005 LEGISLATION AND ORGANISATION CONSIDERATIONS.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
SecSDLC Chapter 2.
Information Security: Model, Process and Outputs Presentation to PRIA WG November 10, 2006.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Information Security tools for records managers Frank Rankin.
The NIST Special Publications for Security Management By: Waylon Coulter.
ISO 9001 Quality Management System implementation experience in the Agency on Statistics of the Republic of Kazakhstan (ASRK) Zhasser Jarkinbayev, ASRK.
AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Security Methods and Practice Principles of Information Security, Fourth Edition CET4884 Planning for Security Ch5 Part I.
Service Enhancement AMHS Implementation Workshop Chennai, India 15 th – 17 th December 2008.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Information Security KRISHNAKUMAR RAGHAVAN (KK) NASWA's Information Technology Support Center 1.
AMHS/SWIM Seminar Chiang Mai, Thailand 5-6 March 2012
Security week 1 Introductions Class website Syllabus review
Aerodrome Certification Workshop
Presentation transcript:

Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group Activities AMHS Security Security Sub-Group Activities ATS Message Handling System (AMHS ) Implementation Workshop Chennai, India December, th 2008 Vic Patel FAA/ATO-P Security Engineering Group William J. Hughes FAA Technical Center Atlantic City International Airport Atlantic City, NJ USA

Federal Aviation Administration Federal Aviation Administration 2 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration Presentation Overview 2 AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th,  Security Policy  Security Checklist  Security Guidance Document  Technical Controls for AMHS Security  Other Regional Security Documents  System-wide Risk Assessment  Contingency Plan  Incident Response Plan

Federal Aviation Administration Federal Aviation Administration 3 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration Asia/Pacific ICG Strategic Objective: Security 3  Task (1) Update System Integrity Policy as needed Asia/Pacific ATN System Security Policy Document Adopted by ICAO Asia-Pacific as of October 2008  Task (2) Develop Information Security Checklist Asia/Pacific ATN Develop Security Checklist  Task (3) Develop Information Security Guidance Asia/Pacific ATN Security Guidance Document  Task (4) Develop Information Security Solution for Initial and Enhanced Services To be included in Asia/Pacific ATN Security Guidance Document AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th, 2008.

Federal Aviation Administration Federal Aviation Administration 4 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration Security Policy The Asia/Pacific region has developed an ATN System Security Policy The Policy was previously called the “System Integrity Policy” and was somewhat broader in scope. –It was agreed at the September Security Sub-Group meeting that the requirements for Interoperability be removed from this document and it was re-named the System Security Policy. The policy requires that ATN systems be verified to have appropriate security controls. The policy requires that ATN systems be formally approved for operation a Designated Approval Authority for each state/organization. 4 AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th, 2008.

Federal Aviation Administration Federal Aviation Administration 5 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration Security Policy 5 Security Policy Outline: –Purpose. –Applicability. –Authority. –Implementation and Enforcement. –System Integrity Requirements. –System Integrity Services Confidentiality Data Integrity Authenticity. Availability. Accountability. Interoperability. –System Integrity Policy Statements Functional Policy Statements –Verification and Authorization AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th, 2008.

Federal Aviation Administration Federal Aviation Administration 6 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration Security Checklist A checklist serves to see that controls are in place It is generally the basis on which the Approving Authority grants approval At the April 2008 meeting of the Security Subgroup it was agreed that the controls would be derived from the following document: –NIST SP , Recommended Security Controls for Federal Information Systems, December 2006 –The SP controls were reviewed by the Security Subgroup and the Subgroup identified which of the Technical, Operational, and Management controls applied to an ATN system. At the September meeting of the Security Subgroup the controls were converted to a Checklist format. 6 AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th, 2008.

Federal Aviation Administration Federal Aviation Administration 7 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration Security Guidance Document The Security Sub-Group is developing a region should develop a Security Guidance Document which provides guidance on the implementation of management, technical, and operational controls. Management controls focus on management of system and associated risks Security reviews, security risk assessments Technical controls address specific types of threats may be sub-typed as: preventative technical controls, recovery technical controls, and support technical controls Operational controls focus on operational procedures, personnel security measures, and physical security measures This document was previously called the “Security Implementation Plan” 7 AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th, 2008.

Federal Aviation Administration Federal Aviation Administration 8 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration Security Guidance Document AMHS Technical Controls 8 Network Security Provisions From User Terminal to Message Server or Between Message Servers (Routers) End-to-End Security Provisions Defined in ICAO Doc 9705 Edition 3 using the ATN Digital Signature Scheme May not be implemented if region does not move to ATN air- ground security provisions AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th, 2008.

Federal Aviation Administration Federal Aviation Administration 9 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration Security Guidance Document AMHS Technical Controls 9 AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th, 2008.

Federal Aviation Administration Federal Aviation Administration 10 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration Security Guidance Document AMHS Technical Controls 10 AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th, 2008.

Federal Aviation Administration Federal Aviation Administration 11 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration Security Guidance Document AMHS Technical Controls 11 Network Security Secure Communications from User Agents to MTA Server Technique depends on connectivity Internet Protocol Security (IPsec) Transport Layer Security (TLS) (formerly Secure Sockets Layer (SSL)) Layer 2 Protocols (Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), Layer 2 Forwarding (L2F) Secure Shell (SSH) AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th, 2008.

Federal Aviation Administration Federal Aviation Administration 12 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration Security Guidance Document AMHS Technical Controls 12 Network Security Secure Communications between Routers which support MTA Servers Communications Security IDRP Security Initially pre-shared keys Longer term - PKI Audit Logs TCP, IP, BGP Logs AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th, 2008.

Federal Aviation Administration Federal Aviation Administration 13 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration Security Guidance Document Technical Control Summary Technical controls may initially consist of securing IDRP router connections –Initially using pre-shared keys –Migrate to limited use of certificates For TCP/IP MTA-to-MTA connections either TLS or IPsec may be used. For User Terminal to MTA connections layer 2 provisions may also be used As the AMHS evolves to enhanced services, including directory services, AMHS application security may be employed Firewalls and other security appliances should be introduced as needed. 13 AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th, 2008.

Federal Aviation Administration Federal Aviation Administration 14 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration Contingency Plan The Security Sub-group has been tasked to develop a “Contingency and Disaster Recovery Plan. This plan identifies the coordination activities, processes, and procedures to be followed in the event that an AMHS system is unavailable. 14 AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th, 2008.

Federal Aviation Administration Federal Aviation Administration 15 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration Contingency Plan NIST SP800-34, Contingency Planning Guide for Information Technology Systems, June 2002 “ IT contingency planning refers to a coordinated strategy involving plans, procedures, and technical measures that enable the recovery of IT systems, operations, and data after a disruption. Contingency planning generally includes one or more of the approaches to restore disrupted IT services: Restoring IT operations at an alternate location Recovering IT operations using alternate equipment Performing some or al of the affected business processes using non-IT (manual) means ” 15 AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th, 2008.

Federal Aviation Administration Federal Aviation Administration 16 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration Incident Response Plan The Security Sub-group has been tasked to develop an Incident Response Plan The incident response plan would specify common procedures for identifying, reporting, and responding to computing incidents. 16 AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th, 2008.

Federal Aviation Administration Federal Aviation Administration 17 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration Incident Response Plan NIST SP , Computer Security Incident Handling Guide, January 2004, specifies that an incident response capability should include the following actions: Creating an incident response policy Developing procedures for performing incident handling and reporting, based on the incident response policy Setting guidelines for communicating with outside parties regarding incidents Selecting a team structure and staffing model Establishing relationships between the incident response team and other groups, both internatl and external Determining what services the incident response team should provide Staffing and training the incident response team 17 AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th, 2008.

Federal Aviation Administration Federal Aviation Administration 18 Our Vision: Service and Safety Challenges of a Growing Aviation System April 12, 2005 Federal Aviation Administration 18 Questions AMHS Security: Security Sub-Group Activities AMHS IMPLEMENTATION WORKSHOP, Chennai, India December 15 th -16 th, 2008.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.