The [Cyber] Struggle is Real
By Kristen Knott, ATCA Writer and Editor
$2.5 billion a day. That’s what it will cost the US if a cyber attack shuts down aircraft operations. The threats are coming from all sides. In today’s cyber climate, it’s not a matter of if but when. It’s the price of increasing connectivity.
In fact, each point-to-point connection is a vulnerability, explains the FAA’s Jim Daum, who led the tour of the Cybersecurity Test Facility (CyTF) at Tech Center Tuesday. The one-room lab was officially opened last winter and provides cyber evaluation and research services to strengthen FAA information security in an R&D environment. Essentially, its main purpose is to test how well the FAA will respond once an attack occurs.
“The NAS has been described as the most complex system in the entire world,” says Daum. “Cyber security is a team sport. We can’t solve it alone – it takes partnerships.”
With CyTF, the FAA can now lead joint exercises between partners at the MITRE Corporation, Boeing, NASA, DREN, and Lincoln L. “Exercises and training are some of the main values of a facility like this because humans have to make these decisions,” says Daum. “The battlefield is not a place to make introductions.”
CyTF features technology with detection, networking, offensive, and GOTS tools. In addition, it supports Information Security Continuous Monitoring (ISCM) and Collaborative Decision Making (CDM). “All of these tools have to be tuned to our environment,” says Daum.
The FAA recently conducted an Incident Response Process (IRP) exercise for that very reason. While this exercise was conducted on paper just a couple of years ago, now CyTF has a virtualized NAS and its own computer network at its disposal. Through the lab’s NPN network, all NAS service domains can be plugged in for exercises. Each domain – NAS, non-NAS, R&D, and FAA – has its own cyber security response.
The 45 or so people who participated in the IRP split up into teams: white (facilitators), red (attackers), blue (defenders), orange (scribes), and green (network builders). Each had their own virtual machine to help create a larger network. While the official report will be released this summer, the teams’ initial findings exposed important vulnerabilities in the system, including missing tools, response escalation thresholds, and the need to share more information between internal and external stakeholders. The IRP was all in preparation for the FAA’s federal cyber exercise this June. The exercise will escalate an incident that hits beyond the FAA, and will help prepare the agency to protect one of our country’s most precious resources, the National Airspace System.