search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
TECH TALK


member of the committee. Let the chips fall where they may. According to the GAO, the FAA faces cybersecurity challenges in at least three areas: (1) protecting air-traffi c control (ATC) information systems, (2) protecting aircraft avionics used to operate and guide aircraft, and (3) clarifying cybersecurity roles and responsibilities among multiple FAA offi ces. Congress has also identifi ed a 180-day deadline to provide a cybersecurity standards plan to improve implementation of NIST’s newest revisions to information security guidance for the FAA and its internal information systems. The last major set of tasks concern


‘Cybersecurity Research and Development,’ to which the FAA has one year to defi ne a plan for the national airspace system, which must include the identifi cation of risks to cabin communications and cabin information technology systems on board in the passenger domain in aircraft. It is nice to see that not only aircraft systems are part of the risk profi le to be addressed, as passenger- owned devices are becoming smarter, more compact and smartphones can be a gateway by which hackers can access onboard systems and software. Much groundwork on this has already been performed by industry, so it remains to be seen where the FAA will take this. Gallagher has an interesting take on


this. “In my view the vast majority of the cybersecurity industry is focusing on the symptoms, not the cause,” he says. “Their approach, for the most part, is to protect our information by intercepting and neutralizing threats at the time of attack. They attempt to do this with fi rewalls, anti-virus software and very sophisticated intrusion detection systems. At this point in the evolution of our information age, we really don’t have any other choice. We have to deal with all the vulnerabilities that exist in almost every part of what


30 | DOMmagazine.com | oct nov 2016


is now a truly global environment. But we do have a choice on how to handle this problem in the future. It is clear to me the long-term solution is to concentrate more on software assurance and less on reacting to zero-day threats. (A zero-day threat is a threat that exploits an unknown computer security vulnerability). “Just think how our present methodology works. We discover an attack and then develop a defense for it, usually in the form of an anti-virus signature that is used to identify and block the attack in the future. We are always behind in the game. The hackers are always ahead. We never know how long the vulnerability existed before it was discovered, it could have been working silently for years. We should be using our considerable resources to develop secure software to start with, not patch it after the bugs are discovered by the bad guys. All of our present- day threats take advantage of two vulnerabilities, people or software. We can fi x the software — people are a whole new subject.” This brings us to the topic


on increased training needs for FAA personnel, or, hiring more cybersecurity-savvy personnel. Congress did not provide any additional funding for this topic area, which is sorely needed as we transition to e-enabled aircraft, NextGen and advanced communications systems. Training is usually an afterthought in most organizations, and this is one area where we are falling short. Again.


WHAT TOOK SO LONG TO EVEN


REACH THIS POINT? Human nature, mostly, and economics, secondly. Our nation is suff ering not only from political gridlock, which aff ects how the FAA is funded and managed, but also from being in the midst of a technological change to the industry.


With NextGen coming onto the


scene, and e-enabled aircraft changing the fl ying experience for fl ight crews and passengers, operational needs and how maintenance is performed, we are facing numerous changes all at once. All of this is driven by increased bandwidth of communications, and by the greater use of software-enabled systems. Not only can regulatory policies struggle to keep up, they are creaking at the seams, and trying to lead from behind. With all of this, it is no wonder that cyber security guidelines had not been addressed more strongly in previous years. But at least it seems that we making some forward progress. And in this election year, I will take it and be glad that Congress was able to address some pressing aviation industry concerns in this area, despite their lateness and lack of depth. Let’s all hope that this allows the FAA and industry to use this increased scrutiny to move forward in this critical area, and become more proactive in regards to cybersecurity of aircraft and related systems. Keep your fi ngers crossed.


John Pawlicki is CEO and principal of OPM Research. He also works with Information Tool Designers (ITD),


where he consults to the DOT’s Volpe Center, handling various technology and cyber security projects for the FAA and DHS. He managed and deployed various products over the years, including the launch of CertiPath (with world’s fi rst commercial PKI bridge). John has also been onic FAA 8130-3 forms, as well as in defi ning digital identities with PKI. His recent publication, ‘Aerospace Marketplaces Report,’ which analyzed third-party sites that support the trading of aircraft parts, is available on OPMResearch.com as a PDF download, or a printed book version is available on Amazon.com.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90  |  Page 91  |  Page 92  |  Page 93  |  Page 94  |  Page 95  |  Page 96  |  Page 97  |  Page 98  |  Page 99  |  Page 100  |  Page 101  |  Page 102  |  Page 103  |  Page 104