1 / 8

Overview FAA IT & ISS R&D: Security Today Security Tomorrow

Overview FAA IT & ISS R&D: Security Today Security Tomorrow. Marshall Potter Chief Scientist for Information Technology Federal Aviation Administration AIO-4 (202) 267-9878 marshall.potter@faa.gov. Three FAA Mission Goals*.

mercedes-holman
Download Presentation

Overview FAA IT & ISS R&D: Security Today Security Tomorrow

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Overview FAA IT & ISS R&D:Security TodaySecurity Tomorrow Marshall Potter Chief Scientist for Information Technology Federal Aviation Administration AIO-4 (202) 267-9878 marshall.potter@faa.gov

  2. Three FAA Mission Goals* Safety: Reduce fatal aviation accident rates by 80 percent in ten years Security: Prevent security incidents in the aviation system System Efficiency: Provide an aerospace transportation system that meets the needs of users and is efficient in applying resources * FAA Strategic Plan

  3. Ubiquitous Availability of Information Towers TRACONs AIrport OPS AOCs ARTCCs FSSs NWS ATCSCC Flight Data Specialists Center Weather Service Unit Administrative Systems Certification/Regulation Systems Traffic Flow Management Air Traffic Controllers System Specialists Department of Homeland Security Flying Public General Aviation Airlines Military Common Situation Awareness

  4. The CIO wants the ability to: • Know how well our assets are protected • Know the effort/cost of providing security • Know how well we are maintaining our security • Identify the “observables” of pending attacks • Reduce the attack surface • Know that we are investigating the most appropriate R&D areas to improve our processes?

  5. The CEO wants to know: • How secure am I? • Am I better off today than last year? • Am I spending enough on security? • What has my money accomplished? • What’s the value of my investment? • What trends are we seeing? • If I gave you $x, how would you invest it?

  6. FAA’s 5 Layers of System Protection Personnel Security Physical Security Authentication ISS Architecture Access Control Cyber Hardening Elements Smart Cards Confidentiality Compartmentalization Biometrics Redundancy Integrity Encryption Analytical Tool Sets Availability Public Key Infrastructure Architecture & Engineering

  7. FAA R&D Initiatives R&D Focus Areas FAA Operational Goals Technology Needs • Cyber Panel • Incident classify & characterize • Indicators and Warnings • Intrusion Detect/Isolate • Incident Response/Recovery • ---------------- • Adaptive Survivable Infrastructure • Cryptography (PKI, VPN) • Identification & Authentication • Malicious code protection Situational understanding • Vulnerability Assessments • ------------------- • Infrastructure: Adapt/Survive • Boundary Protection • Composable Trust • Cryptography (PKI, VPN) • Identification & Authentication • Malicious code protection Situational understanding Models of Trust • Vulnerability Assessments Safety Real Time Intrusion Protect, Detect, Response & Recovery Security Integrity and Confidentiality in the Mobile Environment Efficiency Trustworthy Systems from Untrustworthy Components with Untrustworthy Actors

  8. Summary • FAA goals address safety, security and efficiency, but safety is always a preeminent concern • Our approach attempts to address security in depth with a layered model • Three focus areas were proposed in the past, are these the ones we should be working on or are changes necessary? • Today, findings and results of on-going efforts will be presented, tomorrow, breakout groups will propose future efforts, out-briefs on Thursday

More Related