of 39
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
1/39
Shared Situational Awareness and CollaborationGovernor s Summit on Cybersecur ity and Privacy 2016
Faye Francy, Executive DirectorThe Aviation Information Sharing
and Analys is Center (A-ISAC)
January 5, 2016
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
2/39
Speaker IntroductionFaye Francy, Executive Director A-ISAC
Aviation Information Sharing and Analysis Center (A-ISAC)
Executive Director - establish a robust global A-ISAC, a non-profit organization Implementing a framework for analyzing and sharing information security
threats across the global community Responsible for establishing, implementing and overseeing the organizations
mission, goals, policies and core guiding principles
The Boeing Company (2001-current) Boeing Commercial Airplane Cyber ONE Community of Excellence Leader Director, Networked Systems Domain for CTO 2008-11 Director, Networked Centric Operations, PW 2005-08 Director, Engineering and Programs Air Traffic Management (ATM) 2001-05
Director, FAA Programs at ARINC Incorporated 1998-01
Intersec and AvSec Companies, Owner / President 1989-98
Palm Beach County Sherri ff's Department / Maryland State Police
Education
Bachelors Degree in Chemistry and Mathematics from Towson State University Master Degree in Forensic Chemistry from University of Pittsburgh.
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
3/39
The ThreatA National Security Issue
Rapidly escalating cyber threats
Executive action
Comprehensive Global approach
Resiliency for our Crit ical Infrastructures
Cybersecurity is a National Security Issue
Now our enemies are also
seeking the ability to sabotage
our power grid, our financial
institutions, and our air
traffic control systems.
Feb, 2013
Executive Order 13636:
Improving Critical Infrastructure
Cybersecurity
Presidential Policy Directive 21:
Critical Infrastructure Security and
Resilience
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
4/39
Encourages formation of communitiesto share information broadly acrossregions, sectors and industries, and torapidly respond to emerging threats.
Establishment of Information Sharingand Analysis Organizations (ISAOs),includes Information Sharing &
Analysis Centers (ISACs)
Open and collaborative approach
Omni-directional communication
Bridges gap between public /private sector
Voluntary standards for sharing.
Efficient means for granting clearances
4
Promoting Private Sector CybersecurityInformation Sharing - 2015Executive Order (EO 13691) 2/13/15
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
5/39
Designed to increase cybersecurity informationsharing between private sector & federal government.
Requires DHS to establish a portal for receiving cyber
threat indicators from the private sector and sharingthem with both public and private sector entities
Provides targeted liability protection to companies that share cyber threatindicators with DHS
Requires two layers of privacy protections:
1) Companies must remove personal information before sharing cyberthreat indicators with DHS, and
2) DHS must implement privacy reviews of all indicators it receivesthrough the portal.
http://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-information
5
Cybersecurity Act of 2015December 18, 2015 (OMNI CISA passed)
http://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-informationhttp://www.natlawreview.com/article/president-obama-signs-cybersecurity-act-2015-to-encourage-cybersecurity-information7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
6/39
Vision A world confident in the strength, vigilance,
efficiency, and resiliency of the aviation system
Mission Advocate for a security system that ensures
aviation growth and peoples freedom to fly
Goal Public and Private Sector working together to
enhance a resilient global commercial aviationsystem
Aviation Shared Situational Awareness
& Collaboration
Safe & Secure Global Air Transportation System
Safe, Efficient, Secure & Resilient
Global Air Transportation System
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
7/397
Situation AnalysisThreat Outlook
The aviation sector is vast and complex; protecting this system of systems will require
significant collaboration from the government, and sector partners across the globe
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
8/39Copyright 2012 Boeing. All rights reserved. 8
E-Enabled Aircraft : The Hackers Playing Field
An evolution of capabilitiesbut technology can be pose a risk
Flight Operations Maintenance Cabin Crew Passengers
Navigation Charts
Airport Maps
Weather Maps Performance Calculations
Electronic Manuals
Technical Logbook
Maintenance Tools
Performance Analysis
Monitoring Troubleshooting
Maintenance Manuals
Technical Logbook
Cabin Logbook
Cabin Management
Cabin Systems Control Passenger Lists
Electronic Manuals
IFE Systems
Internet Connectivity
Phone Services OnBoard Intranet Service
SimpleProprietary
Obscure
Isolated
Closed
ComplexStandardized
Documented
Connected
Open
~100,000 unique malware files published every 24 hours (in 2014)New Malware every 1 second
~6500 new vulnerabilities, 30 % highly critical (in 2014)New Vulnerability every 1.5 hours
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
9/399
Aviation Industry Call-to-ActionDrivers & Challenges
External Drivers Influencing Aviation Economic considerations drive increased connectivity
The speed at which cyber threats continue to evolve
Maintaining security in complex & dynamic environment
Integration of physical and cyber threats is critical Continued growth in information sharing and analysis
Key Challenges for the Aviation Community
Aviations cyber security honeymoon has ended Success depends on alignment of many stakeholders
Broad spectrum of technology deployment throughout fleet
Regulatory environment constrains the pace of the change
Aviation ISAC Proprietary. All rights reserved.
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
10/39
A Framework for Aviation CybersecurityAIAA August 2013
Establish common cyber standards for aviationsystems
Establish a cybersecurity culture
Understand the threat
Understand the risk
Communicate the threats and assure situationalawareness
Provide incident response
Strengthen the defensive system
Define design principles
Define operational principles
Conduct necessary research and development
Ensure that government and industry work together
10Resiliency Across Commercial Aviation
**Blue indicates area of A-ISAC Focus
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
11/39Copyright 2013 Boeing. All rights reserved. 1/4/2016
11
Purpose Reduce risks and costs Maintain public trust in aviation Timely, Actionable Intelligence Shared situational awareness Resiliency
Requirements One plan working together
Access to threat intelligence & analysis Detailed threat monitoring Sector-wide / cross sector view Non-attribution information sharing
Reduction of Risk / Build-in Resiliency
Aviation Sector ProtectionThe Airplane is a Global, Mobile, Industrial Control System
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
12/39
12
12
HangarMaintenance &
Engineering Centre
Warehouse
Aircraft data & parts
suppliers
Outstation
Gate
Operations & Dispatch
centre
Air/Ground
Links
Satellite Communications
(SATCOM)
GateLink
(Wireless)
COTS, Plugs, Wifi
ACARSHF & VHF Satcom
Supply chain(Transit of Software from
Supplier to AIRBUS)
Cabin links accessible topassengers(Cabin Wifi, plugs
on cabin seats, FAP, Bluetooth)
Aircraft - Ground l inks
(ACARS, HF, VHF, SATCOM ;
GPS, ILS) with in-flight access
Aircraft - Ground w ireless
links (Gatelink, GSM, Wifi,
WiMax)
Maintenance & Industrial systems
(PMAT, Portable Data-Loader, troubleshootingequipment, USB keys, ITcards)
THE COMPLEXITY OF AVIATIONTHREAT OUTLOOK
GPS
Jamming
FMC/
ACARS
ADS-B
Spoofing
Airline
Attacks
Factory
S/W
Loads
Factory
S/W
Loads
Portable
EFBs
Airport
Attacks
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
13/39Copyright 2012 Boeing. All rights reserved.
Aviation Sector ProtectionThe Trajectory
Public-Private Partnership Essential
Cybersecurity Framework for sharing information
Private sector working together / sharing
Resiliency - Risk, Threat, Mitigation
Shared Situational Awareness
Ones detection is anothers prevention
USG & Industry Framework
Aviation Framework and Roadmap needed
International cybersecurity strategy essential
Coordinated policy for aviation cyber domain
13
Working Together to Thwart the Threat
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
14/3914
NIST Cybersecurity Framework Structure
Who is implementing this Framework in Aviation?
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
15/39Copyright 2012 Boeing. All rights reserved.
Key Strategic ElementsBuild ing a Roadmap to Protect Aviation
Culture of Security Embedded Network Security Requirements
Training/Education
Shift from safety to safety, security and resiliency
Design-in Cyber Requirements
Value Chain Visibility/Traceability
Lifecycle Cyber Management
Regulatory Shift to Risk Management
Insti tut ionalize Incident Responses
Threat Response and Recovery
Public Private Information Sharing and Analysis
Forensics Analysis Capabilities
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
16/39Copyright 2012 Boeing. All rights reserved.
Aviation Cybersecurity Framework
Strategy: Managing Risk
Risk= threat + vulnerabilities and resultantconsequences
Frameworkfocuses on risk-informeddecision-making
Operational goal = mitigate the threat byusing prevent, detect and respond techniques
Physical
Cyber
Human
Set Goals
And
Objectives
Identify
Assets ,
Systems,
AndNetworks
Assess
Risks(Consequences,Vulnerabilities,
And Threats)
PrioritizeImplement
programs
Measure
Effectiveness
Feedback
Loop
Continuous Improvement to enhance protection
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
17/39Copyright 2013 Boeing. All rights reserved.
What is an ISAC?Critical Infrastructure Protection
ISACs sit at the nexus of public-private information sharing
Information Sharing & Analysis Centers (ISACs)
Operational concept for sharing information within private sector Established by PPD-63 (1998), HSPD-7 (2003), PPD-21 (2013)
DHS National Infrastructure Protection Plan (NIPP)
Protection of Critical Infrastructure / Key Resources
16 CIKR sectors defined by PPD-21 Elevates security and resilience across mission
Integrates cyber-physical-resilience risk management
Affirms need for international collaboration
Unique information sharing capabilities
Member-to-member sharing Company proprietary / PII / SSI
Global multi-national companies / foreign OEMs
USG classified / LE / Foreign Gov
17
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
18/39
Design of the Aviation ISACCollaboration across the sector
Shared Situational Awareness & Collaboration
Trusted information sharing with aviation peers
Access to U.S. Government & CI partners
Access knowledgeable minds in cybersecurity
Knowledge, information, resources, analysis
Shared Learning & Risk Mitigation
Threats, vulnerabilities, trends & technologies
Get help & details about a specific attack
Build mitigation strategies Understand what the USG / others are doing
Protect and secure the business - Build Resiliency
18
To reduce the risks and costs associated with disruption to
aviation operations due to cyber & physical security events
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
19/39
19
A-ISAC: OverviewOverview & Value Proposition
The A-ISACs purpose is to reduce the risks and costs
associated with disruption to aviation operations
due to security events
Goal Share timely, relevant and actionable
information and analysis of threats
vulnerabilities and incidents
Needs Mitigation of business risks
Maintaining public trust
Offering
Comprehensive, across the sector
Provision of Indications and Warning
Preparedness, response, and recovery
planning Strategic coordination with USG
What
we
dont do
Law enforcement activities
Security infrastructure design
Lobbying
Benefits
Government intelligence and industry
shared intelligence
Timely and actionable threatinformation
Common view of threats
Fusion and analysis of threat-based,
aviation-specific info
Sharing of security & resiliency best
practices
Focused Intelligence Information/
Briefings
Member-to-member sharing, with non-
attribution and anonymity
Distributed information gathering costs
Risk mitigation for aviation sector
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
20/39
20
A-ISAC: OverviewCollaboration Framework: Working together across private and public sectors
Airlines
Aircraft Manufacturers
Air Cargo
Airports
Aviation Suppliers
Service Providers
General Aviation
MROs FBOs
Industry Associations
Government PartnersPrivate Sector Members
Department of Homeland Security
Transportation Security
Administration
Dept of Transportation/FederalAviation Administration
Federal Bureau of Investigation
Office of Director of National
Intelligence
Intelligence Community
Department of Defense
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
21/39
21
Value Proposition for Public-PrivatePartnership
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
22/39
Cooperative Research and DevelopmentAgreement (CRADA)
22
The CRADA is the main governance vehicle permit ting informationsharing in Cyber Information Sharing and Collaboration Program
(CISCP)
The CRADA enables DHS and A-ISAC to: Engage in data flow and analytical collaboration associated with
cybersecurity. Align differing but related missions, business interests, strengths, and
capabilities.
Identify and develop mitigations for emerging cybersecurity risks.
Enhancing the protection of critical infrastructure and government networks
and systems that are vital to National security and the Nations economy.
CRADA has appendices with statements of work CRADA Appendix A: Cybersecurity data flow and analytical collaboration.
CRADA Appendix B: Analyst National Cybersecurity and Communications
Integration Center access/presence.
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
23/39
President Obama &Secretary JohnsonNCCIC Visit January 13, 2015
Aviation ISAC Proprietary. All rights reserved.
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
24/39
24
A-ISAC: OverviewOperational Model: Shared Situational Analysis
A-ISAC information sharing relationships provide voluntarily
timely, anonymized, and actionable intelligence
Government
& Partner
Analysis
InformationDissemination
AviationIndustryAnalysis
Open SourceAnalysis
A-ISAC
A-ISAC Members
Gove
rnment&
Partners
Industry
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
25/39
Copyright 2014 Boeing. All rights reserved. 25
A-ISAC SnapshotProgress To-date
Aviation ISAC Established September 10, 2014
Non-profit organization
7 Founding Members - Major Air Carriers, Aviation
Suppliers, Aviation Manufacturers
Current Members: 17 (Includes International Partners)
FS-ISAC / MS-ISAC are our mentors, NCIs
A-ISAC Community Outreach & Meetings
Includes Daily Aviation Memos (DAMs)
Private and Public Sector Sharing Current Events
Promotes education and awareness
Website A-ISAC.COM and Secure SharePoint
Analysts Working Together
Bi-weekly calls
Quarterly in person workshops
Two analysts (20-40%) of time
Unprecedented Collaboration and Sharing
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
26/39
A-ISAC Structure & Governance
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwj9t56citfJAhVBWmMKHSqTDwgQjRwIBw&url=http://www.taqnyah.ae/corporate-governance.php&psig=AFQjCNFOCsn7NEC34qQfSZEz6Q0n6gmBrg&ust=14500357135440577/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
27/39
Bookkeeping / Admin
Julie Kirk
Membership &
Communications
Lori Pierelli
Business Operations
Nick Smith-Simmons
Paul Hart
Intel and Analysis
Douglas Blough
Roger Alvillar
DHS NCCIC Liaison
Phillip Potts
Operations Manager
Terrance Kirk
Executive Director
Faye Francy
Secretary
Candice Burke
Board of Directors(7)
Chair: John Craig
Vice Chair: Craig Maccubbin
A-ISAC Governance Structure
Approved 12/15/15
Treasurer
Candice Burke - TBD
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
28/39
Marketing
Marketing
Plan
75%
Tri-Fold &Slicker
100%
FAQ
100%
Exec Deck
100%
A-ISAC Art ic le
100%
Legal
SubscriberAgreement
100%
By-Laws
100%
Certifi cate ofIncorporation
100%
MS-ISACAgreement
100%
ADIAC MOU
25% On HOLD
DHS CRADA100%
Operations
CONOPS
100%
Op. Rules
100%
Op. Rhythm
100%
IRP
80%
I-SOP
50%
TrainingPackage 80%
Finance
Financial
Plan
75%
Budget
95%
Audi t Plan
50%
HumanResources
HR Plan
75%
Insurance
100%
Policies
90%
Admin
WelcomePackage
90%
MemberGuidelines
90%
CommitteeCharters
100%
Biz Plan
100%
Anti -Trus t
Business Courtesies
COICOC
Credit Card
Financial
Laptop
Overtime
Record Retention
Travel
Whistleblower
A ISAC M b hi
https://know.web.boeing.com/CyberOne/Members%20Document%20Library/Aviation%20Information%20Sharing%20Working%20Group%20(A-ISWG)%20and%20A-ISAC/Start-up%20Implementation%20Plans/Marketing%20(Copied%20to%20365%20Marketing)https://know.web.boeing.com/CyberOne/Members%20Document%20Library/Aviation%20Information%20Sharing%20Working%20Group%20(A-ISWG)%20and%20A-ISAC/Start-up%20Implementation%20Plans/Marketing%20(Copied%20to%20365%20Marketing)https://know.web.boeing.com/CyberOne/Members%20Document%20Library/Aviation%20Information%20Sharing%20Working%20Group%20(A-ISWG)%20and%20A-ISAC/Start-up%20Implementation%20Plans/Marketing%20(Copied%20to%20365%20Marketing)https://know.web.boeing.com/CyberOne/Members%20Document%20Library/Aviation%20Information%20Sharing%20Working%20Group%20(A-ISWG)%20and%20A-ISAC/Start-up%20Implementation%20Plans/Standard%20Operating%20Procedures/ISAC%20SOP%20-.docxhttps://know.web.boeing.com/CyberOne/Members%20Document%20Library/Aviation%20Information%20Sharing%20Working%20Group%20(A-ISWG)%20and%20A-ISAC/Start-up%20Implementation%20Plans/Standard%20Operating%20Procedures/ISAC%20SOP%20-.docxhttps://know.web.boeing.com/CyberOne/Members%20Document%20Library/Aviation%20Information%20Sharing%20Working%20Group%20(A-ISWG)%20and%20A-ISAC/Start-up%20Implementation%20Plans/Standard%20Operating%20Procedures/ISAC%20SOP%20-.docxhttps://know.web.boeing.com/CyberOne/Members%20Document%20Library/Aviation%20Information%20Sharing%20Working%20Group%20(A-ISWG)%20and%20A-ISAC/Start-up%20Implementation%20Plans/Marketing%20(Copied%20to%20365%20Marketing)7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
29/39
29
A-ISAC: MembershipProgram Benefits
Program / Benefit Description
Alert ing / Crisis
Notifications
Urgent notifications of impending threats to aviation or indications of emerging crises via voice,
SMS text, twitter, e-mail, and across information sharing platform.
Real-time Sharing of
Aviat ion Intell igence
& Threat Data
Real-time posting of relevant open source reporting, incoming threat data, and Indication &
Warning (I&W) derived from member submissions and Government reporting.
Weekly Intelligence
Summaries (INTSUM)
A weekly intelligence report which consolidates current threat intelligence, indicators, and analytic
reports from various intelligence organizations.
Special Intelligence
ReportsFinished intelligence reports on topics of interest to A-ISAC Membership and Aviation Sector.
Analytic Exchanges /
Liaisons
Analyst exchanges with other ISACs, private sector, vendors and government.
Threat Conference
Calls
Telephonic analyst exchanges featuring voluntary, contributory content and analysis from member
firms as well as special presentations from outside experts.
Response & Recovery
Coordination
During or subsequent to incident or event, A-ISAC will coordinate development and dissemination
of actionable mitigation measures.
A ISAC M b hi
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
30/39
30
A-ISAC: MembershipProgram Benefits 2
Aviation ISAC Proprietary. All rights reserved.
Program / Benefit Description
Regional Workshops Establish a series of regional information sharing workshops providing the opportunity to presentand interact in a smaller more focused, regional setting.
Member Contact
Directory
Contact information for A-ISAC member institutions will be shared with members of A-ISAC
providing approval by member is given before dissemination of information.
Roundtables / Table Top
Exercises
Regular Roundtable dialog on specific security topics related to aviation, to include trending,
mitigation techniques, and best practices. Table Top Exercises will be conducted to evaluate the
capability and maturity of the A-ISAC and its membership.
A-ISAC Special
Committees
A-ISAC will convene specialty committees that support the maturation of our program and benefits.
Committees include: Marketing, Membership and Communication; Portal; Legal / Policy; Education;
Best Practices; & Global Engagement.
Member SurveysA-ISAC will use member surveys to ensure our program and benefits are meeting the needs of the
aviation community.
Annual Summit Event Forum for A-ISAC members to share and collaborate on critical aviation specific security threats,industry best practices, and access to top information security executives and vendors in the
aviation sector.
Security Awareness
Training
Tailored to meet our member needs by enhancing the ability of the aviation security sector to
prepare for and response to threats
Aviation Framework for
ResiliencyDevelop and mature a meaningful aviation framework for threat information sharing and resiliency.
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
31/39
31
A-ISAC: ProductsExample Products
The following are 2 examples of Traffic Light Protocol (TLP)
products delivered to A-ISAC members
Daily Aviation Memo TLP White
The Daily Aviation Memo is
captures aviation-related cyber
and physical articles based on
community interest.
Alert:TLPGreen/Amber/Red
A-ISAC alerts, categorized by
Traffic Light Protocols, are
delivered as necessary on
pertinent aviation sector threats.
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=14230909047508137/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
32/39
Committee InformationThe Trajectory Safe, Secure, Efficient and Resilient
Global Air Transportation System
1. Portal Committee - ThreatIntelligenceCommittee (TIC)
2. Membership & CommunicationsCommittee (M&C)
3. Legal Committee
4. Education & Awareness Committee
5. Best Practices/ ProcessesCommittee
6. IT & Technology
7. Audit / Finance / Nominating (3 -BoD only)
Analysts Working Group
Working Together Across the Aviation System
For A Resilient Global Aviation Transportation SystemAviation ISAC Proprietary. All rights reserved.
Member led with BoDapproved Charter
Month meetings / minutes
Al igns with ED duties
Working Group (need SoW)
http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&ved=0CAcQjRw&url=http://www.idahorealtors.com/members/committees.aspx&ei=cFPRVKeEH4uZoQTa44DYBg&bvm=bv.85076809,d.cGU&psig=AFQjCNEvufZdto6KjfDaJkCXtD-COiS6Cw&ust=1423090904750813http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRw&url=http://www.conferium.com/Clients/spp6/index.php?to=4&ei=TVLRVNqlJNK0ogTXnYCwCw&bvm=bv.85076809,d.cGU&psig=AFQjCNFoeVlTehLjH60gC4GKpJ94oQFjgA&ust=14230905946592497/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
33/39
National Council of ISACs (NCI)Collaboration across the sector
Volunteer Group of ISACs Started in 2003 to address common concerns
Cross-sector interdependencies
Meet monthly virtually / Quarterly F2F
Structure
Designated representatives 20 ISACs
Share Intel, Exercise, Best Practices
Engage with Government & Partners
Leadership
Chair: Denise Anderson (FS-ISAC)
Vice-Chair: Fred Hintermister (E-ISAC)
Secretary: Josh Poster (ST-ISAC)
33Collaboration Across the Communities
www.nationalcouncilofisacs.org
http://www.nationalcouncilofisacs.org/http://www.nationalcouncilofisacs.org/7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
34/39
34
Aviations TrajectoryThe Path Forward
Focused, actionable intelligence
Trusted environment for anonymized
information sharing and collaboration
Shared situational awareness
Global engagement
Greater responsiveness and resilience
Reduced business risk
Working Together Across the Aviation System
For A Resil ient Global Aviation Transportation System
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
35/39
Richard Clarks Top 10*
1. Dont be in denial
2. Dont underestimate the problem
3. Dont be hostile to the government
4. Dont make it an issue buried in the
bureaucracy, not just a CIO issue
5. Organize, ISACs, sponsor R&D work
6. Think holist ically
7. Dont attempt to defend the entire
network
8. Identify the crown jewels
9. Look at worse case scenarios
10.Have an industry strategy*Richard A. ClarkeTOP 10 LIST
Chairman and CEO, Good Harbor Risk Management, LLC, AIAA Conference, Aug2013
http://www.aiaa.org/SecondaryTwoColumn.aspx?id=18829http://www.aiaa.org/SecondaryTwoColumn.aspx?id=188297/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
36/39
36
Thank you!
K C t t
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
37/39
37
Key Contacts
Working Together Across the Aviation System
For A Resil ient Global Aviation Transportation System
John Craig, Chairman
425-266-6486
Candice Burke, [email protected]
425-238-1164
Faye Francy, Executive Director
703-861-5417
Terrance Kirk, Operations Manager
301-346-0715
Lori Pierelli, Membership and Communications Manager
(443) 226-8093
Douglas Blough, Senior Analyst
609-775-8355
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
38/39
38
A-ISAC Info Sharing RelationshipsTimely, Actionable Intelligence,Anonymized
Open
Sources
Other
Industries
& Sectors
Other Info
Sharing
Orgs - NCI
Gov & All Other Incident reporting
Tips / field reports
TLPTLP
Intelligence
Incident reporting
Trends & analysis
Analyzes, aggregates, fuses information
Filters & selects for Aviation relevance
Protects member info & attribution (TLP)
Creates alerts & analysis for members
Coordinates response & recovery Interfaces with Gov / other sectors
Urgent alerts & indicators
Intelligence reports
Best practices
Mitigation strategies
Aviation expertise
Indicators
Incident reports
Mitigation actions
NCCIC
ADIAC
Other Govt
Govt & All OtherA-ISAC Members
A-ISACVOLUNTARY
Anonymized
17 MembersAirlines
Airports
Suppliers
Service
Providers
General
Aviation
ManufacturersIndustry
Associations
Air Cargo
MROs- FBOs
January 2015Aviation ISAC Proprietary. All rights reserved.
Anonymized
7/25/2019 GT Government Summit on Cybersecurity and Privacy 16 Presentation - Shared Situational Awareness and Collaboration - Faye Francy
39/39
Traffic Light Protocol
When should it be used? TLP Color How may it be shared?Sources may use TLP: RED when
information cannot be effectively acted
upon by additional parties, and could
lead to impacts on a partys pr ivacy,
reputation, or operations if misused.
RED
Recipients may not share TLP: RED
information with any parties outside of the
specific exchange, meeting or
conversation in which it is originally
disclosed.
Sources may use TLP: AMBER when
information requires support to be
effectively acted upon, but carries risksto privacy, reputation, or operations if
shared outside of the organizations
involved.
AMBER
Recipients may only share TLP: AMBER
information with members of their ownorganization, and only as widely as
necessary to act on that information.
Sources may use TLP: GREEN when
information is useful for the awareness
of all participating organizations as well
as with peers within the broader
community or sector.
GREEN
Recipients may share TLP: GREEN
information with peers and partner
organizations within their sector or
community, but not via publicly accessible
channels.Sources may use TLP: WHITE when
information carries minimal or no risk of
misuse, in accordance with applicable
rules and procedures for public release
WHITETLP: WHITE information may be
distributed without restriction, subject to
copyright controls