Length: 3 Days
Aviation Cybersecurity Training Bootcamp
If the aviation industry were a nation it would rank 20th in the world in terms of gross domestic product as it generates $705 billion per year, carries over 53 million tons of freight and carries about 4 billion passengers.
But with all the success of the civil aviation sector comes rampaging concerns over cybersecurity especially since civil aviation organizations increasingly rely on electronic systems for critical parts of their operations including safety-critical functions.
For the aviation industry, cybersecurity encompasses the protection of electronic systems from malicious electronic attack and the means of dealing with the consequences of these attacks. This can be challenging especially given that the bad intent strategies of cybercriminals are constantly evolving, borne out by the fact that the aviation sector is increasingly under cyberattack.
Cybersecurity experts warn that the reason the aviation industry is witnessing an increase in cyberattacks is because this sector has a lot to target for bad actors.
Additionally, air transport consists of exceedingly complex operations that orchestrate a multitude of critical systems, including air traffic management (ATM), air fleet management, APRON and tarmac operations, airline operations center (AOC) networks, luggage and goods management, surveillance and many others.
Securing all these systems is not a simple matter.
Cybercrimes in aviation can occur through various means and systems.
This includes Reservation Systems, Flight Management Systems, Flight Traffic Management, Departure Control Systems, Passport Control Systems, Cargo Handling & Shipping, Computers on the Aircraft, Flight Control Systems, GPS, Fuel gauges, Maintenance Computer, Access Control Systems or Hazardous Materials Transportation Management.
While airport officials and airline CEOs invest heavily to find ways to patch digital vulnerabilities, a new profession has emerged to help combat cyberattacks.
The aviation cybersecurity systems engineer is becoming a valuable member of the aviation community. Responsibilities include performing security assessments of proposed and existing avionics systems using applicable industry guidance and methods. The position also works with internal engineering teams and OEM partners to plan, design and develop security architectures to meet certification and business requirements.
Additionally, the aviation cybersecurity systems engineer maintains aviation security processes and develops and coordinates the execution of test procedures to verity security measures.
For defense purposes, efficient cybersecurity is also paramount. In 2018, the Air Force began a program to fundamentally reorient its IT staff, reframing their role away from servicing email systems and toward cybersecurity. Now, its IT professionals are part of mission defense teams that carry out the Air Force’s cyber operations.
The Air Force made the changes because of its recognition of the importance of cybersecurity in accomplishing its core missions. In fact, the Air Force’s reorganizing of its IT section is part of a defense-wide initiative to respond to threats to the aviation sector.
Partners to the Air Force in the aerospace and defense (A&D) area are also recognizing their important roles regarding cybersecurity. A survey reports that 85% of aviation CEOs are concerned about the risks and vulnerabilities posed by cybercriminals – a much higher percentage than report their concerns in other industries.
Consequently, aviation military contractors are recognizing that cybersecurity is not a one and done process, but rather ongoing with the need for cutting edge knowledge provided by training, risk assessments and risk prevention programs.
Aviation Cybersecurity Training Bootcamp Course by Tonex
Aviation Cybersecurity Training Bootcamp is a cybersecurity oriented aviation training covering civilian and military aircraft cybersecurity and operation analysis including: airworthiness security DO-326A/ED 202A, information and data, mission, networks, technology, embedded avionics systems and the holistic system security engineering problem 360 degree.
Modern aircraft platforms are at increasing risk of cyberattack from sophisticated adversaries. These platforms do not currently provide the situational awareness necessary to identify when they are under cyberattack, nor to detect that a constituent subsystem may be in a compromised state.
Threat of intentional unauthorized electronic interaction to both civilian and military aircraft safety aligned with SAE ARP 4754A/ED-79A, DO-178C/ED-12C, and DO-254/ED-80 and with the advisory material associated with FAA AC 25.1309-1A and EASA AMC 25.1309.
- Civilian and military aircraft system security engineering and Anti-Tamper (AT) activities
- Development of security requirements
- Civilian and military aircraft system security engineering, program and project management
- Military aircraft operation, mission planning, intelligence gathering, and information an data assurance
- Aircraft Cybersecurity Criticality Analysis
- Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication
- Aircraft availability, integrity, authentication, confidentiality, and nonrepudiation
- Information, data, mission, and embedded avionic system threats and mitigation
- Analysis of aircraft security design and engineering vulnerabilities
- Recommendations for system changes, to eliminate or mitigate vulnerabilities through engineering and design, any characteristics that could result in the deployment of systems with operational security deficiencies
- Physical security or physical attacks on the aircraft (or ground element)
- Security engineering and development of programs and design-to-specifications providing life-cycle protection for critical resources
- Airport, Airline or Air Traffic Service Provider security (e.g., access to airplanes, ground control facilities, data centers, mission planning, security key distribution, avionic data buses etc.)
- Communication, navigation, and surveillance services managed by national agencies or their international equivalents (e.g., GPS, SBAS, GBAS, ATC communications, ADS-B)
- Analysis and assessment of Cyber Threats (additions to DO-178C, ED-12C, and ARP4754A)
- Mitigation of the aviation/aircraft safety effects of “Intentional Unauthorized Electronic Interaction (IUEI)
- Security applied to continued airworthiness: DO326A, ED202A, DO-356A and ED-203A, DO-355/ED-204, ED-201, DO-355/ED-204 and DO-356A / ED-203A
- Hardware Assurance (HwA)
- The level of confidence that hardware
- Assessment of electronic components such as integrated circuits and printed circuit boards, functions
- Assessment of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the system’s hardware throughout the life cycle.
- Software assurance (SwA)
- Software vulnerabilities
- Anti-tamper (AT)
- Systems engineering activities intended to prevent or delay exploitation
- Assessment of configurations to impede countermeasure development, unintended technology transfer, or alteration of a system due to reverse engineering
- Supply Chain Risk Management (SCRM)
- Risks, sabotage, maliciously introduce unwanted function
- Design integrity, manufacturing, production, distribution, installation, operation or maintenance of a aircraft system
- Surveil, deny, disrupt, or otherwise degrade the function
- Software data loading equipment for all types of aircraft
- ARINC 615A – Software Data Loader Using Ethernet Interface
- ARINC 667 – GUIDANCE FOR THE MANAGEMENT OF FIELD LOADABLE SOFTWARE
- ARINC 811 – COMMERCIAL AIRCRAFT INFORMATION SECURITY CONCEPTS OF OPERATION AND PROCESS FRAMEWORK
- Protecting Military Avionics Platforms from Attacks on MIL-STD-1553 Communication Bus
- Protecting Civilian Avionics Platforms from Attacks on ARINC 429 Communication Bus
- System security policy
- Trusted message routing and control design
- Effects of malware on infected devices and the logical effects of external system
Aviation Cybersecurity Training Bootcamp