The Issue

 

A persistent and growing threat to the safety and security of the U.S. (and global) aviation system lies in cyberspace. Protecting critical assets in a networked world is difficult enough, let alone in a highly complex and integrated system-of-systems such as our U.S. aviation system. As innovation proliferates and technology and capabilities rapidly evolve, however, so does the industry’s threat profile. Replete with numerous information and communications technologies, our aviation and aerospace system and associated infrastructure will continue to be a potential target for a large-scale cyber attack.

Working with industry, manufacturers, and other providers, ADS Infrastructure will focus on the funding the buildout of common, secure UTM infrastructure.


The Inflection Point

 

The National Airspace System (NAS) is comprised of the airspace, navigation facilities, and airports of the U.S. along with associated technologies, services, policies, procedures, and personnel.  A persistent and growing threat to the safety and security of the U.S. aviation system lies in cyberspace. Protecting critical assets in a networked world is difficult enough, let alone in a highly complex and integrated “system-of-systems” such as the U.S. aviation system. As innovation proliferates and technology and capabilities rapidly evolve, however, so does the industry’s threat profile. Replete with numerous information and communications technologies, the system and associated infrastructure will continue to be a potential target for large-scale cyber attacks. Integrating critical infrastructure systems with information technology networks provides significantly less isolation from the outside world than predecessor systems, thereby creating a greater need to secure these systems from remote, external threats.


The Opportunity

 

While recent federal guidance demonstrates that securing critical infrastructures from internal and external threats is a national priority is a good start, it’s not enough. In 2013, the President signed an Executive Order to address concerns about better securing critical infrastructure from cyber threats, and directed executive branch agencies to promote the adoption of cybersecurity practices.  The Executive Order also directed the National Institute of Standards and Technology (NIST) to develop a technology-neutral framework for improving the cybersecurity posture for critical infrastructure. The NIST framework is designed to help organizations align their cybersecurity activities with business requirements, risk tolerances, and resources.

While the FAA has taken steps to protect its air traffic control systems from cyber-based and other threats, “significant security control weaknesses remain, threatening the agency’s ability to ensure the safe and uninterrupted operation of the NAS”[1].  These include weaknesses in   protecting system boundaries, authorizing users to access systems, and encrypting sensitive data, among many others. Additionally, shortcomings in boundary protection controls between less-secure systems and the operational NAS environment increase the risk from these weaknesses.

 

[1] GAO Report: GAO-15-221