cyber-security in atm - amazon web services€¦ · more atm security expertise mature security...
TRANSCRIPT
www.askhelios.com
Management and technology consultants
Why it’s a problem and how do we fix it?
9 March 2016 @ WAC 2016
Cyber-security in ATM
3
“Future cyber operations will almost certainly include an
increased emphasis on changing or manipulating data to
compromise its integrity (i.e., accuracy and reliability) to
affect decision-making, reduce trust in systems, or cause
adverse physical effects”
“Countries are becoming increasingly aware of both their own
weaknesses and the asymmetric offensive opportunities
presented by systemic and persistent vulnerabilities in key
infrastructure sectors including health care, energy, finance,
telecommunications, transportation, and water.
US Director of National Intelligence:
‘Worldwide Threat Assessment of the US Intelligence Community’
4
Successful attacks will occur in ATM
Connectivity is increasing
Commonality in systems is increasing
Attacks only get better
5
Connectivity is increasing
Interoperability increasing
ICAO GANP and SESAR target concepts
Public networks, including the internet
6
Commercial Off The Shelf (COTS)
Open standards
Common components
Concentrated supply chain
Commonality in systems is increasing
7
Markets for vulnerabilities
Malware that crosses air gaps
Persistent threats
Attacks only get better
9
No silver bullet …
EU
Regulation
Regional
Service
Provision
Operational
Stakeholders
and Supply
Chains
National
Functions
Local
Pan-European
Regulation,
policy and
state functions
Operational
functions and
support
10
No silver bullet … but collaboration needed
EU
Regulation
Regional
Service
Provision
Operational
Stakeholders
and Supply
Chains
National
Functions
Local
Pan-European
Regulation,
policy and
state functions
Operational
functions and
support
Clear responsibilities for
through-life security
Coherent regulatory
framework
Effective risk-reward
security governance
Public-private
information sharing
Techniques to secure and
assure safety-critical
systems
Systemic risk
understanding
Cross-industry incident
response mechanisms
More ATM Security
Expertise
Mature Security
Management Systems
Secure and resilient
architecture
Integrated Risk
Management
Supply Chain Risk
ManagementStrong audit regime
11
Successful attacks will occur
• Connectivity is increasing
• Commonality in systems is increasing
• Attacks only get better
Risks must be managed
• Approach must be structured and holistic
• Collaborate for an effective, efficient framework