GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and...

7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy

1/39

Shared Situational Awareness and CollaborationGovernor s Summit on Cybersecur ity and Privacy 2016

Faye Francy, Executive DirectorThe Aviation Information Sharing

and Analys is Center (A-ISAC)

January 5, 2016


2/39

Speaker IntroductionFaye Francy, Executive Director A-ISAC

Aviation Information Sharing and Analysis Center (A-ISAC)

Executive Director - establish a robust global A-ISAC, a non-profit organization Implementing a framework for analyzing and sharing information security

threats across the global community Responsible for establishing, implementing and overseeing the organizations

mission, goals, policies and core guiding principles

The Boeing Company (2001-current) Boeing Commercial Airplane Cyber ONE Community of Excellence Leader Director, Networked Systems Domain for CTO 2008-11 Director, Networked Centric Operations, PW 2005-08 Director, Engineering and Programs Air Traffic Management (ATM) 2001-05

Director, FAA Programs at ARINC Incorporated 1998-01

Intersec and AvSec Companies, Owner / President 1989-98

Palm Beach County Sherri ff's Department / Maryland State Police

Education

Bachelors Degree in Chemistry and Mathematics from Towson State University Master Degree in Forensic Chemistry from University of Pittsburgh.


3/39

The ThreatA National Security Issue

Rapidly escalating cyber threats

Executive action

Comprehensive Global approach

Resiliency for our Crit ical Infrastructures

Cybersecurity is a National Security Issue

Now our enemies are also

seeking the ability to sabotage

our power grid, our financial

institutions, and our air

traffic control systems.

Feb, 2013

Executive Order 13636:

Improving Critical Infrastructure

Cybersecurity

Presidential Policy Directive 21:

Critical Infrastructure Security and

Resilience


4/39

Encourages formation of communitiesto share information broadly acrossregions, sectors and industries, and torapidly respond to emerging threats.

Establishment of Information Sharingand Analysis Organizations (ISAOs),includes Information Sharing &

Analysis Centers (ISACs)

Open and collaborative approach

Omni-directional communication

Bridges gap between public /private sector

Voluntary standards for sharing.

Efficient means for granting clearances

4

Promoting Private Sector CybersecurityInformation Sharing - 2015Executive Order (EO 13691) 2/13/15


5/39

Designed to increase cybersecurity informationsharing between private sector & federal government.

Requires DHS to establish a portal for receiving cyber

threat indicators from the private sector and sharingthem with both public and private sector entities

Provides targeted liability protection to companies that share cyber threatindicators with DHS

Requires two layers of privacy protections:

1) Companies must remove personal information before sharing cyberthreat indicators with DHS, and

2) DHS must implement privacy reviews of all indicators it receivesthrough the portal.

http://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-information

5

Cybersecurity Act of 2015December 18, 2015 (OMNI CISA passed)
http://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-information


6/39

Vision A world confident in the strength, vigilance,

efficiency, and resiliency of the aviation system

Mission Advocate for a security system that ensures

aviation growth and peoples freedom to fly

Goal Public and Private Sector working together to

enhance a resilient global commercial aviationsystem

Aviation Shared Situational Awareness

& Collaboration

Safe & Secure Global Air Transportation System

Safe, Efficient, Secure & Resilient

Global Air Transportation System


7/397

Situation AnalysisThreat Outlook

The aviation sector is vast and complex; protecting this system of systems will require

significant collaboration from the government, and sector partners across the globe


8/39Copyright 2012 Boeing. All rights reserved. 8

E-Enabled Aircraft : The Hackers Playing Field

An evolution of capabilitiesbut technology can be pose a risk

Flight Operations Maintenance Cabin Crew Passengers

Navigation Charts

Airport Maps

Weather Maps Performance Calculations

Electronic Manuals

Technical Logbook

Maintenance Tools

Performance Analysis

Monitoring Troubleshooting

Maintenance Manuals

Technical Logbook

Cabin Logbook

Cabin Management

Cabin Systems Control Passenger Lists

Electronic Manuals

IFE Systems

Internet Connectivity

Phone Services OnBoard Intranet Service

SimpleProprietary

Obscure

Isolated

Closed

ComplexStandardized

Documented

Connected

Open

~100,000 unique malware files published every 24 hours (in 2014)New Malware every 1 second

~6500 new vulnerabilities, 30 % highly critical (in 2014)New Vulnerability every 1.5 hours


9/399

Aviation Industry Call-to-ActionDrivers & Challenges

External Drivers Influencing Aviation Economic considerations drive increased connectivity

The speed at which cyber threats continue to evolve

Maintaining security in complex & dynamic environment

Integration of physical and cyber threats is critical Continued growth in information sharing and analysis

Key Challenges for the Aviation Community

Aviations cyber security honeymoon has ended Success depends on alignment of many stakeholders

Broad spectrum of technology deployment throughout fleet

Regulatory environment constrains the pace of the change

Aviation ISAC Proprietary. All rights reserved.


10/39

A Framework for Aviation CybersecurityAIAA August 2013

Establish common cyber standards for aviationsystems

Establish a cybersecurity culture

Understand the threat

Understand the risk

Communicate the threats and assure situationalawareness

Provide incident response

Strengthen the defensive system

Define design principles

Define operational principles

Conduct necessary research and development

Ensure that government and industry work together

10Resiliency Across Commercial Aviation

**Blue indicates area of A-ISAC Focus


11/39Copyright 2013 Boeing. All rights reserved. 1/4/2016

11

Purpose Reduce risks and costs Maintain public trust in aviation Timely, Actionable Intelligence Shared situational awareness Resiliency

Requirements One plan working together

Access to threat intelligence & analysis Detailed threat monitoring Sector-wide / cross sector view Non-attribution information sharing

Reduction of Risk / Build-in Resiliency

Aviation Sector ProtectionThe Airplane is a Global, Mobile, Industrial Control System


12/39

12

12

HangarMaintenance &

Engineering Centre

Warehouse

Aircraft data & parts

suppliers

Outstation

Gate

Operations & Dispatch

centre

Air/Ground

Links

Satellite Communications

(SATCOM)

GateLink

(Wireless)

COTS, Plugs, Wifi

ACARSHF & VHF Satcom

Supply chain(Transit of Software from

Supplier to AIRBUS)

Cabin links accessible topassengers(Cabin Wifi, plugs

on cabin seats, FAP, Bluetooth)

Aircraft - Ground l inks

(ACARS, HF, VHF, SATCOM ;

GPS, ILS) with in-flight access

Aircraft - Ground w ireless

links (Gatelink, GSM, Wifi,

WiMax)

Maintenance & Industrial systems

(PMAT, Portable Data-Loader, troubleshootingequipment, USB keys, ITcards)

THE COMPLEXITY OF AVIATIONTHREAT OUTLOOK

GPS

Jamming

FMC/

ACARS

ADS-B

Spoofing

Airline

Attacks

Factory

S/W

Loads

Factory

S/W

Loads

Portable

EFBs

Airport

Attacks


13/39Copyright 2012 Boeing. All rights reserved.

Aviation Sector ProtectionThe Trajectory

Public-Private Partnership Essential

Cybersecurity Framework for sharing information

Private sector working together / sharing

Resiliency - Risk, Threat, Mitigation

Shared Situational Awareness

Ones detection is anothers prevention

USG & Industry Framework

Aviation Framework and Roadmap needed

International cybersecurity strategy essential

Coordinated policy for aviation cyber domain

13

Working Together to Thwart the Threat


14/3914

NIST Cybersecurity Framework Structure

Who is implementing this Framework in Aviation?



Key Strategic ElementsBuild ing a Roadmap to Protect Aviation

Culture of Security Embedded Network Security Requirements

Training/Education

Shift from safety to safety, security and resiliency

Design-in Cyber Requirements

Value Chain Visibility/Traceability

Lifecycle Cyber Management

Regulatory Shift to Risk Management

Insti tut ionalize Incident Responses

Threat Response and Recovery

Public Private Information Sharing and Analysis

Forensics Analysis Capabilities



Aviation Cybersecurity Framework

Strategy: Managing Risk

Risk= threat + vulnerabilities and resultantconsequences

Frameworkfocuses on risk-informeddecision-making

Operational goal = mitigate the threat byusing prevent, detect and respond techniques

Physical

Cyber

Human

Set Goals

And

Objectives

Identify

Assets ,

Systems,

AndNetworks

Assess

Risks(Consequences,Vulnerabilities,

And Threats)

PrioritizeImplement

programs

Measure

Effectiveness

Feedback

Loop

Continuous Improvement to enhance protection



What is an ISAC?Critical Infrastructure Protection

ISACs sit at the nexus of public-private information sharing

Information Sharing & Analysis Centers (ISACs)

Operational concept for sharing information within private sector Established by PPD-63 (1998), HSPD-7 (2003), PPD-21 (2013)

DHS National Infrastructure Protection Plan (NIPP)

Protection of Critical Infrastructure / Key Resources

16 CIKR sectors defined by PPD-21 Elevates security and resilience across mission

Integrates cyber-physical-resilience risk management

Affirms need for international collaboration

Unique information sharing capabilities

Member-to-member sharing Company proprietary / PII / SSI

Global multi-national companies / foreign OEMs

USG classified / LE / Foreign Gov

17


18/39

Design of the Aviation ISACCollaboration across the sector

Shared Situational Awareness & Collaboration

Trusted information sharing with aviation peers

Access to U.S. Government & CI partners

Access knowledgeable minds in cybersecurity

Knowledge, information, resources, analysis

Shared Learning & Risk Mitigation

Threats, vulnerabilities, trends & technologies

Get help & details about a specific attack

Build mitigation strategies Understand what the USG / others are doing

Protect and secure the business - Build Resiliency

18

To reduce the risks and costs associated with disruption to

aviation operations due to cyber & physical security events


19/39

19

A-ISAC: OverviewOverview & Value Proposition

The A-ISACs purpose is to reduce the risks and costs

associated with disruption to aviation operations

due to security events

Goal Share timely, relevant and actionable

information and analysis of threats

vulnerabilities and incidents

Needs Mitigation of business risks

Maintaining public trust

Offering

Comprehensive, across the sector

Provision of Indications and Warning

Preparedness, response, and recovery

planning Strategic coordination with USG

What

we

dont do

Law enforcement activities

Security infrastructure design

Lobbying

Benefits

Government intelligence and industry

shared intelligence

Timely and actionable threatinformation

Common view of threats

Fusion and analysis of threat-based,

aviation-specific info

Sharing of security & resiliency best

practices

Focused Intelligence Information/

Briefings

Member-to-member sharing, with non-

attribution and anonymity

Distributed information gathering costs

Risk mitigation for aviation sector


20/39

20

A-ISAC: OverviewCollaboration Framework: Working together across private and public sectors

Airlines

Aircraft Manufacturers

Air Cargo

Airports

Aviation Suppliers

Service Providers

General Aviation

MROs FBOs

Industry Associations

Government PartnersPrivate Sector Members

Department of Homeland Security

Transportation Security

Administration

Dept of Transportation/FederalAviation Administration

Federal Bureau of Investigation

Office of Director of National

Intelligence

Intelligence Community

Department of Defense


21/39

21

Value Proposition for Public-PrivatePartnership


22/39

Cooperative Research and DevelopmentAgreement (CRADA)

22

The CRADA is the main governance vehicle permit ting informationsharing in Cyber Information Sharing and Collaboration Program

(CISCP)

The CRADA enables DHS and A-ISAC to: Engage in data flow and analytical collaboration associated with

cybersecurity. Align differing but related missions, business interests, strengths, and

capabilities.

Identify and develop mitigations for emerging cybersecurity risks.

Enhancing the protection of critical infrastructure and government networks

and systems that are vital to National security and the Nations economy.

CRADA has appendices with statements of work CRADA Appendix A: Cybersecurity data flow and analytical collaboration.

CRADA Appendix B: Analyst National Cybersecurity and Communications

Integration Center access/presence.


23/39

President Obama &Secretary JohnsonNCCIC Visit January 13, 2015



24/39

24

A-ISAC: OverviewOperational Model: Shared Situational Analysis

A-ISAC information sharing relationships provide voluntarily

timely, anonymized, and actionable intelligence

Government

& Partner

Analysis

InformationDissemination

AviationIndustryAnalysis

Open SourceAnalysis

A-ISAC

A-ISAC Members

Gove

rnment&

Partners

Industry


25/39

Copyright 2014 Boeing. All rights reserved. 25

A-ISAC SnapshotProgress To-date

Aviation ISAC Established September 10, 2014

Non-profit organization

7 Founding Members - Major Air Carriers, Aviation

Suppliers, Aviation Manufacturers

Current Members: 17 (Includes International Partners)

FS-ISAC / MS-ISAC are our mentors, NCIs

A-ISAC Community Outreach & Meetings

Includes Daily Aviation Memos (DAMs)

Private and Public Sector Sharing Current Events

Promotes education and awareness

Website A-ISAC.COM and Secure SharePoint

Analysts Working Together

Bi-weekly calls

Quarterly in person workshops

Two analysts (20-40%) of time

Unprecedented Collaboration and Sharing


26/39

A-ISAC Structure & Governance
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwj9t56citfJAhVBWmMKHSqTDwgQjRwIBw&url=http://www.taqnyah.ae/corporate-governance.php&psig=AFQjCNFOCsn7NEC34qQfSZEz6Q0n6gmBrg&ust=1450035713544057


27/39

Bookkeeping / Admin

Julie Kirk

Membership &

Communications

Lori Pierelli

Business Operations

Nick Smith-Simmons

Paul Hart

Intel and Analysis

Douglas Blough

Roger Alvillar

DHS NCCIC Liaison

Phillip Potts

Operations Manager

Terrance Kirk

Executive Director

Faye Francy

Secretary

Candice Burke

Board of Directors(7)

Chair: John Craig

Vice Chair: Craig Maccubbin

A-ISAC Governance Structure

Approved 12/15/15

Treasurer

Candice Burke - TBD


28/39

Marketing

Marketing

Plan

75%

Tri-Fold &Slicker

100%

FAQ

100%

Exec Deck

100%

A-ISAC Art ic le

100%

Legal

SubscriberAgreement

100%

By-Laws

100%

Certifi cate ofIncorporation

100%

MS-ISACAgreement

100%

ADIAC MOU

25% On HOLD

DHS CRADA100%

Operations

CONOPS

100%

Op. Rules

100%

Op. Rhythm

100%

IRP

80%

I-SOP

50%

TrainingPackage 80%

Finance

Financial

Plan

75%

Budget

95%

Audi t Plan

50%

HumanResources

HR Plan

75%

Insurance

100%

Policies

90%

Admin

WelcomePackage

90%

MemberGuidelines

90%

CommitteeCharters

100%

Biz Plan

100%

Anti -Trus t

Business Courtesies

COICOC

Credit Card

Financial

Laptop

Overtime

Record Retention

Travel

Whistleblower

A ISAC M b hi
https://know.web.boeing.com/CyberOne/Members%20Document%20Library/Aviation%20Information%20Sharing%20Working%20Group%20(A-ISWG)%20and%20A-ISAC/Start-up%20Implementation%20Plans/Marketing%20(Copied%20to%20365%20Marketing)https://know.web.boeing.com/CyberOne/Members%20Document%20Library/Aviation%20Information%20Sharing%20Working%20Group%20(A-ISWG)%20and%20A-ISAC/Start-up%20Implementation%20Plans/Marketing%20(Copied%20to%20365%20Marketing)https://know.web.boeing.com/CyberOne/Members%20Document%20Library/Aviation%20Information%20Sharing%20Working%20Group%20(A-ISWG)%20and%20A-ISAC/Start-up%20Implementation%20Plans/Marketing%20(Copied%20to%20365%20Marketing)https://know.web.boeing.com/CyberOne/Members%20Document%20Library/Aviation%20Information%20Sharing%20Working%20Group%20(A-ISWG)%20and%20A-ISAC/Start-up%20Implementation%20Plans/Standard%20Operating%20Procedures/ISAC%20SOP%20-.docxhttps://know.web.boeing.com/CyberOne/Members%20Document%20Library/Aviation%20Information%20Sharing%20Working%20Group%20(A-ISWG)%20and%20A-ISAC/Start-up%20Implementation%20Plans/Standard%20Operating%20Procedures/ISAC%20SOP%20-.docxhttps://know.web.boeing.com/CyberOne/Members%20Document%20Library/Aviation%20Information%20Sharing%20Working%20Group%20(A-ISWG)%20and%20A-ISAC/Start-up%20Implementation%20Plans/Standard%20Operating%20Procedures/ISAC%20SOP%20-.docxhttps://know.web.boeing.com/CyberOne/Members%20Document%20Library/Aviation%20Information%20Sharing%20Working%20Group%20(A-ISWG)%20and%20A-ISAC/Start-up%20Implementation%20Plans/Marketing%20(Copied%20to%20365%20Marketing)


29/39

29

A-ISAC: MembershipProgram Benefits

Program / Benefit Description

Alert ing / Crisis

Notifications

Urgent notifications of impending threats to aviation or indications of emerging crises via voice,

SMS text, twitter, e-mail, and across information sharing platform.

Real-time Sharing of

Aviat ion Intell igence

& Threat Data

Real-time posting of relevant open source reporting, incoming threat data, and Indication &

Warning (I&W) derived from member submissions and Government reporting.

Weekly Intelligence

Summaries (INTSUM)

A weekly intelligence report which consolidates current threat intelligence, indicators, and analytic

reports from various intelligence organizations.

Special Intelligence

ReportsFinished intelligence reports on topics of interest to A-ISAC Membership and Aviation Sector.

Analytic Exchanges /

Liaisons

Analyst exchanges with other ISACs, private sector, vendors and government.

Threat Conference

Calls

Telephonic analyst exchanges featuring voluntary, contributory content and analysis from member

firms as well as special presentations from outside experts.

Response & Recovery

Coordination

During or subsequent to incident or event, A-ISAC will coordinate development and dissemination

of actionable mitigation measures.

A ISAC M b hi


30/39

30

A-ISAC: MembershipProgram Benefits 2


Program / Benefit Description

Regional Workshops Establish a series of regional information sharing workshops providing the opportunity to presentand interact in a smaller more focused, regional setting.

Member Contact

Directory

Contact information for A-ISAC member institutions will be shared with members of A-ISAC

providing approval by member is given before dissemination of information.

Roundtables / Table Top

Exercises

Regular Roundtable dialog on specific security topics related to aviation, to include trending,

mitigation techniques, and best practices. Table Top Exercises will be conducted to evaluate the

capability and maturity of the A-ISAC and its membership.

A-ISAC Special

Committees

A-ISAC will convene specialty committees that support the maturation of our program and benefits.

Committees include: Marketing, Membership and Communication; Portal; Legal / Policy; Education;

Best Practices; & Global Engagement.

Member SurveysA-ISAC will use member surveys to ensure our program and benefits are meeting the needs of the

aviation community.

Annual Summit Event Forum for A-ISAC members to share and collaborate on critical aviation specific security threats,industry best practices, and access to top information security executives and vendors in the

aviation sector.

Security Awareness

Training

Tailored to meet our member needs by enhancing the ability of the aviation security sector to

prepare for and response to threats

Aviation Framework for

ResiliencyDevelop and mature a meaningful aviation framework for threat information sharing and resiliency.


31/39

31

A-ISAC: ProductsExample Products

The following are 2 examples of Traffic Light Protocol (TLP)

products delivered to A-ISAC members

Daily Aviation Memo TLP White

The Daily Aviation Memo is

captures aviation-related cyber

and physical articles based on

community interest.

Alert:TLPGreen/Amber/Red

A-ISAC alerts, categorized by

Traffic Light Protocols, are

delivered as necessary on

pertinent aviation sector threats.
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813


32/39

Committee InformationThe Trajectory Safe, Secure, Efficient and Resilient

Global Air Transportation System

1. Portal Committee - ThreatIntelligenceCommittee (TIC)

2. Membership & CommunicationsCommittee (M&C)

3. Legal Committee

4. Education & Awareness Committee

5. Best Practices/ ProcessesCommittee

6. IT & Technology

7. Audit / Finance / Nominating (3 -BoD only)

Analysts Working Group

Working Together Across the Aviation System

For A Resilient Global Aviation Transportation SystemAviation ISAC Proprietary. All rights reserved.

Member led with BoDapproved Charter

Month meetings / minutes

Al igns with ED duties

Working Group (need SoW)
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRw&url=http://www.conferium.com/Clients/spp6/index.php?to=4&ei=TVLRVNqlJNK0ogTXnYCwCw&bvm=bv.85076809,d.cGU&psig=AFQjCNFoeVlTehLjH60gC4GKpJ94oQFjgA&ust=1423090594659249


33/39

National Council of ISACs (NCI)Collaboration across the sector

Volunteer Group of ISACs Started in 2003 to address common concerns

Cross-sector interdependencies

Meet monthly virtually / Quarterly F2F

Structure

Designated representatives 20 ISACs

Share Intel, Exercise, Best Practices

Engage with Government & Partners

Leadership

Chair: Denise Anderson (FS-ISAC)

Vice-Chair: Fred Hintermister (E-ISAC)

Secretary: Josh Poster (ST-ISAC)

33Collaboration Across the Communities

www.nationalcouncilofisacs.org
http://www.nationalcouncilofisacs.org/http://www.nationalcouncilofisacs.org/


34/39

34

Aviations TrajectoryThe Path Forward

Focused, actionable intelligence

Trusted environment for anonymized

information sharing and collaboration

Shared situational awareness

Global engagement

Greater responsiveness and resilience

Reduced business risk


For A Resil ient Global Aviation Transportation System


35/39

Richard Clarks Top 10*

1. Dont be in denial

2. Dont underestimate the problem

3. Dont be hostile to the government

4. Dont make it an issue buried in the

bureaucracy, not just a CIO issue

5. Organize, ISACs, sponsor R&D work

6. Think holist ically

7. Dont attempt to defend the entire

network

8. Identify the crown jewels

9. Look at worse case scenarios

10.Have an industry strategy*Richard A. ClarkeTOP 10 LIST

Chairman and CEO, Good Harbor Risk Management, LLC, AIAA Conference, Aug2013
http://www.aiaa.org/SecondaryTwoColumn.aspx?id=18829http://www.aiaa.org/SecondaryTwoColumn.aspx?id=18829


36/39

36

Thank you!

K C t t


37/39

37

Key Contacts


For A Resil ient Global Aviation Transportation System

John Craig, Chairman

[email protected]

425-266-6486

Candice Burke, [email protected]

425-238-1164

Faye Francy, Executive Director

[email protected]

703-861-5417

Terrance Kirk, Operations Manager

[email protected]

301-346-0715

Lori Pierelli, Membership and Communications Manager

[email protected]

(443) 226-8093

Douglas Blough, Senior Analyst

[email protected]

609-775-8355
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


38/39

38

A-ISAC Info Sharing RelationshipsTimely, Actionable Intelligence,Anonymized

Open

Sources

Other

Industries

& Sectors

Other Info

Sharing

Orgs - NCI

Gov & All Other Incident reporting

Tips / field reports

TLPTLP

Intelligence

Incident reporting

Trends & analysis

Analyzes, aggregates, fuses information

Filters & selects for Aviation relevance

Protects member info & attribution (TLP)

Creates alerts & analysis for members

Coordinates response & recovery Interfaces with Gov / other sectors

Urgent alerts & indicators

Intelligence reports

Best practices

Mitigation strategies

Aviation expertise

Indicators

Incident reports

Mitigation actions

NCCIC

ADIAC

Other Govt

Govt & All OtherA-ISAC Members

A-ISACVOLUNTARY

Anonymized

17 MembersAirlines

Airports

Suppliers

Service

Providers

General

Aviation

ManufacturersIndustry

Associations

Air Cargo

MROs- FBOs

January 2015Aviation ISAC Proprietary. All rights reserved.

Anonymized


39/39

Traffic Light Protocol

When should it be used? TLP Color How may it be shared?Sources may use TLP: RED when

information cannot be effectively acted

upon by additional parties, and could

lead to impacts on a partys pr ivacy,

reputation, or operations if misused.

RED

Recipients may not share TLP: RED

information with any parties outside of the

specific exchange, meeting or

conversation in which it is originally

disclosed.

Sources may use TLP: AMBER when

information requires support to be

effectively acted upon, but carries risksto privacy, reputation, or operations if

shared outside of the organizations

involved.

AMBER

Recipients may only share TLP: AMBER

information with members of their ownorganization, and only as widely as

necessary to act on that information.

Sources may use TLP: GREEN when

information is useful for the awareness

of all participating organizations as well

as with peers within the broader

community or sector.

GREEN

Recipients may share TLP: GREEN

information with peers and partner

organizations within their sector or

community, but not via publicly accessible

channels.Sources may use TLP: WHITE when

information carries minimal or no risk of

misuse, in accordance with applicable

rules and procedures for public release

WHITETLP: WHITE information may be

distributed without restriction, subject to

copyright controls

Date post:	26-Feb-2018
Category:	Documents
Upload:	erepublic
View:	217 times
Download:	0 times

GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and...

Documents