greg kurten director of cns – uae general civil aviation ...€¦ · 1 local ipvpn international...
TRANSCRIPT
Cyber security in ATM - Is it sink or SWIMAn ANSP’s perspective.
Greg KurtenDirector of CNS – UAE General Civil Aviation Authority
Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 2
Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 3
Our traditional “trust” model…
VoIP
/E1
Local IPVPN
InternationalIPVPN
OLD
I
OMAE ACC
Local IP-VPN also has OLDIInternational also has VOIP
Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 4
SWIM = “Exposure to the elements”…
VoIP/
E1Local
IPVPNInternational
IPVPN
OLDI
OMAE ACC
Internet
Trusted Users
Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 5
ANS systems vulnerability…
• Legacy equipment• Increased operational demands for SWIM connectivity • Lack of Training• Vulnerability of Critical inter-connected non-CNS systems • Cloud based solutions • Limited guidance on ANS related cyber regulations• Staffing
Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 6
Why are ANS systems vulnerable?
Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 7
Or are we the biggest problem?
• Credible data corruption:ATFM slot allocation manipulationADS-B/ADS-C spoofed dataAMAN tactical manipulationGNSS spoofing
• Loss of revenue
• Reputational damage
• Loss of life
Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 8
Consequences of a successful cyber attack
Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 9
What can be done to mitigate these risks
Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 10
ANS Related Cyber Guidelines - Minimum Security Baselines (MSB’s)…
• Application security • Firewall security • Linux security • Router security• Switch security• Third party data sharing and vendor access• Web application firewall security
Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 11
Dedicated ANS cyber security training…
Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 12
Effective implementation…
Cybersecurity and resilience Symposium - Amman- Jordan, 15-17 October 2019 13
Continuous monitoring…