cyber security & aviation - rsa conference · pdf file#rsac session id: lawrence d. dietz,...
TRANSCRIPT
![Page 1: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/1.jpg)
#RSAC
SESSION ID:
Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD
Cyber Security & Aviation
MASH-F01
Managing Director, Counter-Terrorism & Infrastructure ProtectionTAL Global Corporation@TALGlobalCorp
General Counsel & Managing Director Information SecurityTAL Global Corporation@TALGlobalCorp
![Page 2: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/2.jpg)
#RSAC“The Economic Impacts of a Terrorist Attack on the U.S.
Commercial Aviation System”
October 2005
7-Day Shut-Down: $13.5 - $21.3 Billion
Two-Year Projection: $249 - $394 Billion
Direct Costs: $27 Billion
![Page 3: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/3.jpg)
#RSAC
IDEOLOGY
SELF-RECRUITS
AL-QAEDA AFFILIATES
DIRECT LINKS
Emerging Threats
![Page 4: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/4.jpg)
#RSAC
Chemical Attack Path Evolution
1994 2001 2009
![Page 5: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/5.jpg)
#RSAC
Mortar AttackSniper Attack
Control Tower BombMANPADs Attack
Air Operations AttackPublic Grounds Attack
Curbside Car BombLuggage Bomb
Large Truck BombUninspectedCargo Bomb
Insider Planted Bomb
Potential Fatalities
Major Threats
Lesser Threats
Aviation Terrorist Scenarios (RAND)
![Page 6: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/6.jpg)
#RSAC“Operation Hemorrhage”
TATP
![Page 7: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/7.jpg)
#RSAC
“Destroying the target is not necessary!”
Bryant Neal Vinas
Faisal Shahzad
![Page 8: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/8.jpg)
#RSAC
Jihad
![Page 9: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/9.jpg)
#RSAC
![Page 10: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/10.jpg)
#RSAC
Physical World Conclusions
• Aviation is a visible, vulnerable and attractive target.
• The enemy is resilient and adaptive.• Today’s attack vectors may not be tomorrow’s
attack vectors.• Attacks can be sophisticated and coordinated or
they can be lone wolf efforts.• Attackers many not fit the ‘traditional’ picture.
![Page 11: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/11.jpg)
#RSAC
The Clausewitz Trilogy
![Page 12: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/12.jpg)
#RSAC
Ends – What you want to accomplish.
Casualties & Property Damage Media & Propaganda Exploitation Psychological Impact Economic Impact
![Page 13: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/13.jpg)
#RSAC
Means – Resources/Vectors
People
Aircraft
Luggage
Cargo
??????
![Page 14: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/14.jpg)
#RSAC
Ways – Tactics - Aircraft
Photo Source: Boeing Aircraft Company; www.newairplane.com
![Page 15: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/15.jpg)
#RSAC
Ways – Airports & Cargo
Airport Operations Airport Operational
Management Departure Control Systems Cargo Terminal Operations Passenger
Communications Mobile Aps
Cargo Terminal Operations Unit Load Device (ULD)
Management Warehouse Management Outbound/Export Operations Bar Code Scanning Service Level Agreement
Management
![Page 16: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/16.jpg)
#RSAC
Cyber Elements Reservation Systems
Flight Management Systems
Access Control Systems (Badges)
Flight Traffic Management
Departure Control Systems
Passport Control Systems
Hazardous Materials Transportation Management
Cargo Handling & Shipping
Computers on the Aircraft Flight Control Systems GPS Fuel gauges; fuel consumption Maintenance Computer
![Page 17: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/17.jpg)
#RSAC
Lessons For Other Industries
Cyber attacks have downstream effects.
Focus is on: Harming People Dramatic visual property damage.
Secondary effects are likely to be emotional and economic.
![Page 18: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/18.jpg)
#RSAC
Cyber Security Implications Networks are good means to achieve desired
ends.
Critical cyber vulnerabilities are: Access Control Control of Potential Kinetic Weapons (IOT)
Need to secure unintended use and corruption of technology Driverless Cars Conveyer Systems
![Page 19: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/19.jpg)
#RSAC
Apply What You Have Learned Today Next week you should:
Identify critical ecosystems that serve your organization
In the first three months following this presentation you should: Understand the cyber vulnerabilities of these ecosystems Define appropriate measures to reduce/mitigate these
vulnerabilities
Within six months you should: Develop and implement policies and contractual modifications for
the identified ecosystems to hold ancillary vendors to higher, stated security standards..
![Page 20: Cyber Security & Aviation - RSA Conference · PDF file#RSAC SESSION ID: Lawrence D. Dietz, Esq. Erroll G. Southers, DPPD. Cyber Security & Aviation. MASH-F01. Managing Director, Counter-Terrorism](https://reader031.vdocument.in/reader031/viewer/2022021420/5a7b93c97f8b9a2e358c0014/html5/thumbnails/20.jpg)
#RSAC
Key Takeaways
Tomorrow’s threats will not be like today’s.
Don’t underestimate your enemies.
Think like an attacker, not a defender.
Hold your suppliers and partners accountable to the same or a greater level of security than you have.
Consider the psychological impact as well as actual damage.
20