greg kurten director of cns – uae general civil aviation ...€¦ · 1 local ipvpn international...

Cyber security in ATM - Is it sink or SWIMAn ANSP’s perspective.

Greg KurtenDirector of CNS – UAE General Civil Aviation Authority

Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 2

Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 3

Our traditional “trust” model…

VoIP

/E1

Local IPVPN

InternationalIPVPN

OLD

I

OMAE ACC

Local IP-VPN also has OLDIInternational also has VOIP

Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 4

SWIM = “Exposure to the elements”…

VoIP/

E1Local

IPVPNInternational

IPVPN

OLDI

OMAE ACC

Internet

Trusted Users

Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 5

ANS systems vulnerability…

• Legacy equipment• Increased operational demands for SWIM connectivity • Lack of Training• Vulnerability of Critical inter-connected non-CNS systems • Cloud based solutions • Limited guidance on ANS related cyber regulations• Staffing

Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 6

Why are ANS systems vulnerable?

Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 7

Or are we the biggest problem?

• Credible data corruption:ATFM slot allocation manipulationADS-B/ADS-C spoofed dataAMAN tactical manipulationGNSS spoofing

• Loss of revenue

• Reputational damage

• Loss of life

Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 8

Consequences of a successful cyber attack

Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 9

What can be done to mitigate these risks

Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 10

ANS Related Cyber Guidelines - Minimum Security Baselines (MSB’s)…

• Application security • Firewall security • Linux security • Router security• Switch security• Third party data sharing and vendor access• Web application firewall security

Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 11

Dedicated ANS cyber security training…

Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 12

Effective implementation…

Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 13

Continuous monitoring…