On July 19, RTCA hosted its 27th Aviation Technology Connect webinar. This edition, entitled Cybersecurity Update: Addressing the Challenges, brought together three industry experts for a discussion, moderated by RTCA President and CEO Terry McVenes, before an international audience of viewers. The three panelists were:
Dr. Mitch Crosswait, Deputy Director, Operation Test & Evaluation, Net-centric, Space and Missile Defense Systems, in the Office of the Secretary of Defense.
Jeff Troy, President and CEO of Aviation ISAC, a hub for threat intelligence, which brings together an international community of airlines, airports, IFE/Satcom, OEMs, and aviation service providers, who collaborate in real time to prevent, detect, respond to, and remediate cyber risk through threat intelligence sharing and best practices.
Dr. Bill “Data” Bryant, a cyberspace defense and risk leader with a diverse background in operations, engineering, planning, and strategy, who is currently with Modern Technology Solutions, Inc.
The panelists began by outlining the three sources of threats: nation states, international groups, and hacktivists, and urged entities to bake security into processes in anticipation of these threats. They also noted that not only are geopolitical tensions escalating, which can have direct and indirect impacts on aviation, but also, the time between finding a vulnerability and taking action to exploit the vulnerability is decreasing.
In recognition of these factors, the panelists discussed risk assessment, trends in ransomware, damage tolerance, defensibility, recoverability, defining requirements for cybersecurity, threats to radar and GPS, vulnerabilities to FAA systems, and zero trust measures. Panelists encouraged viewers to recognize complete prevention of cyber-attacks is impossible, even with firewalls and other counter-measures, so the focus should instead be on resilience and being able to fight back against threats. They raised the possibility of running drills where actors attempt to hack systems to expose vulnerabilities. Other ways to help make cyber security more effective is to use secure, encrypted transmissions; control access to systems; work to identify when a system is acting abnormally, which could signal it is under attack; continue to work together to stay on top of the threat landscape; and provide collective knowledge to the entire industry. Further, when breaches occur, perform after-action analysis that is shared, which is critical to preventing future threats.
If you missed this or any webinar, recordings are available on RTCA’s YouTube channel. You can find a link on RTCA.org under the Events tab, or by clicking here. RTCA would like to thank Gold Sponsors Collins Aerospace and NATCA, and new webinar sponsor, L3Harris.