Price: $3,999.00

Length: 3 Days
Print Friendly, PDF & Email

Aviation Cybersecurity Training Bootcamp by Tonex

Aviation cybersecurity is a serious matter.

Aviation cybersecurity needs a high level of attention because while the aviation industry has reaped the benefits of digitization over the past 10 years, digitization has also triggered new risks, including social and technical vulnerabilities that had never previously been addressed.

As aviation sector analysts put it: Aviation cybersecurity must be effective because any disruption can quickly ripple out to have international impacts, cause significant financial and reputational damage, and potentially compromise safety.

In other words, potential cyber risks are substantial. Permanent connectivity has created a larger threat surface and aircraft today are communications and data nodes, projected to generate 98 million terabytes of data by 2026.

The challenge is to secure data transfers between ground and aircraft, both in the cockpit and in the cabin, as well as between onboard sensors and systems.

Aviation cybersecurity encompasses a very broad and specialized environment that includes risks to avionics, in-flight entertainment systems, air traffic management systems, aviation maintenance systems, aviation supply chains, airport operations, and aerospace operations.

The digitized and connected aviation ecosystem includes such a high number of diverse actors, services, devices, and data that it is very difficult to map out a comprehensive view.

Fortunately, across the aviation sector, the amount of cybersecurity relevant data being produced is expanding at an exponential rate. The ability to access and analyze such data, to gain significant insight and identify potential issues, is essential to managing risk.

Between suppliers and customers, it is critical to understand how such data is provided and at what cost. From the survey results and discussions, respondents reported that there are blockers and potentially additional costs to accessing such data.

An initiative by the U.S. Department of Homeland Security (DHS), in partnership with the U.S. Air Force (USAF), increases scrutiny of aircraft cybersecurity.

Much of the aviation cybersecurity concerns are over the industry’s Automatic Dependent Surveillance Broadcast (ADS-B) system, a modern, preferred surveillance technology in which an aircraft determines its position via satellite navigation and periodically broadcasts it, enabling it to be tracked by air traffic controllers – as well as cyber criminals.

The military is also focused on improving aviation cybersecurity. The DoD is particularly concerned over the known cybersecurity risks of what has become a mandatory aircraft tracking system.

There have been numerous recommendations from security professionals on how to improve aviation cybersecurity. Some of those ideas include:

  • Aligning regulations globally
  • Establishing a baseline of cyber resilience across the supply and value chain
  • Designing an impartial assessment and benchmarking framework
  • Developing international information-sharing standards

Aviation Cybersecurity Training Bootcamp Course by Tonex

Aviation Cybersecurity Training Bootcamp is a cybersecurity oriented aviation training covering civilian and military aircraft cybersecurity and operation analysis including: airworthiness security DO-326A/ED 202A, information and data, mission, networks, technology, embedded avionics systems and the holistic system security engineering problem 360 degree.

Modern  aircraft platforms  are  at  increasing  risk  of  cyberattack  from  sophisticated  adversaries.  These  platforms  do  not  currently  provide  the  situational  awareness  necessary  to  identify  when  they  are  under  cyberattack, nor to detect that a constituent subsystem may be in a compromised state.

Course Topics and Agenda

Introduction to Aviation Systems and Security Chain

  • Aviation 101
  • Service and Performance Requirements
  • Aviation Network and System Architecture
  • Architectural Components
  • Aviation Security chain
  • System and Software Design
  • Software Tools
  • PKI
  • Maintenance and Operation Procedures
  • FAA AC 25.1309-1A and EASA AMC 25.1309
  • SAE ARP 4754A/ED-79A, DO-178C/ED-12C, and DO-254/ED-80 and with the advisory Development of security requirements

Aviation Cybersecurity

  • Aviation Systems Attacks
  • Uniquely Network Concerns
  • Reliability and Security
  • Role of Obscurity
  • Threat Assessment
  • Attackers and Assets
  • Attack Surface
  • Attack Trees
  • Security Policy
  • Aviation System Vulnerabilities
  • Backdoors
  • Denial of Service (DOS)
  • Defensive Architectures
  • Combating Complexity
  • Defensive Hardware Interfaces
  • Public Key Cryptography (PKI)
  • Protecting Data In Motion
  • Secure Software Process

Cyber Threats to Aviation and Avionic Systems

  • Cyber Espionage
  • Cyber Exploitation And Access Operations
  • Cyber Attacks On Ground Systems
  • Cybersecurity Risk Mitigation For Ground Systems
  • Cybersecurity Compliance
  • Cybersecurity In Acquisition
  • Cybersecurity In Operations
  • Analysis of Most Relevant Threat Sources for Aviation and Avionic Systems

Aviation System Vulnerability Analysis

  • Aviation System and Network Attacks
  • Exploiting Aviation Systems and Devices
  • The Stages of System Exploitation
  • Initial Reconnaissance
  • Exploitation
  • Firmware Unpacking and Modification
  • Detecting
  • Extracting
  • Analysis
  • Modification and Creation of new firmware
  • Hacking/exploitation techniques, tools and entry points
  • Defensive technologies

Aircraft Cybersecurity Criticality Analysis

  • Civilian and military aircraft system security engineering, program and project management
  • Military aircraft operation, mission planning, intelligence gathering, and information and data assurance
  • Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication
  • Aircraft availability, integrity, authentication, confidentiality, and nonrepudiation
  • Information, data, mission, and embedded avionic system threats and mitigation
  • Analysis of aircraft security design and engineering vulnerabilities
  • Recommendations for system changes, to eliminate or mitigate vulnerabilities through engineering and design, any characteristics that could result in the deployment of systems with operational security deficiencies
  • Physical security or physical attacks on the aircraft (or ground element)
  • Security engineering and development of programs and design-to-specifications providing life-cycle protection for critical resources
  • Airport, Airline or Air Traffic Service Provider security
  • Access to airplanes, ground control facilities, data centers, mission planning, security key distribution, avionic data buses etc.)
  • Communication, navigation, and surveillance services managed by national agencies or their international equivalents (e.g., GPS, SBAS, GBAS, ATC communications, ADS-B)
  • Analysis and assessment of Cyber Threats (additions to DO-178C, ED-12C, and ARP4754A)
  • Civilian and military aircraft system security engineering and Anti-Tamper (AT) Activities
  • Threat of intentional unauthorized electronic interaction
  • Civilian and military aircraft safety Standards

Mitigation of the aviation/aircraft safety effects of Intentional Unauthorized Electronic Interaction (IUEI)

  • Security applied to continued airworthiness: DO326A, ED202A, DO-356A and ED-203A, DO-355/ED-204, ED-201, DO-355/ED-204 and DO-356A / ED-203A
  • Hardware Assurance (HwA)
  • The level of confidence that hardware
  • Assessment of electronic components such as integrated circuits and printed circuit boards, functions
  • Assessment of vulnerabilities, either intentionally or unintentionally designed or inserted as part of the system’s hardware throughout the life cycle.
  • Software assurance (SwA)
  • Software vulnerabilities
  • Anti-tamper (AT)
  • Systems engineering activities intended to prevent or delay exploitation
  • Assessment of configurations to impede countermeasure development, unintended technology transfer, or alteration of a system due to reverse engineering
  • Supply Chain Risk Management (SCRM)
  • Risks, sabotage, maliciously introduce unwanted function
  • Design integrity, manufacturing, production, distribution, installation, operation or maintenance of a aircraft system
  • Surveil, deny, disrupt, or otherwise degrade the function
  • Software data loading equipment for all types of aircraft
  • ARINC 615A – Software Data Loader Using Ethernet Interface
  • ARINC 667 – GUIDANCE FOR THE MANAGEMENT OF FIELD LOADABLE SOFTWARE
  • ARINC 811 – COMMERCIAL AIRCRAFT INFORMATION SECURITY CONCEPTS OF OPERATION AND PROCESS FRAMEWORK
  • Protecting Military Avionics Platforms from Attacks on MIL-STD-1553 Communication Bus
  • Protecting Civilian Avionics Platforms from Attacks on ARINC 429 Communication Bus
  • System security policy
  • Tempest
  • Encryption
  • Trusted message routing and control design
  • Effects of malware on infected devices and the logical effects of external system

System and Network Attacks

  • Exploiting Systems and Devices
  • The Stages of System Exploitation
  • Initial Reconnaissance
  • Exploitation
  • Firmware Unpacking and Modification
  • Detecting
  • Extracting
  • Analysis
  • Modification and Creation of new firmware
  • Hacking/exploitation techniques, tools and entry points
  • Defensive technologies

Cybersecurity Attacks and Best Mitigation Practices for Aviation Systems

  • Non-Invasive Hardware Reverse Engineering
  • Component identification
  • Interface Analysis
  • Communications Protocols Sniffing
  • Decoding and Deciphering Captured Bits
  • Critical Data Identification and Detection
  • Component Removal and Replacement
  • Electronics and Circuit analysis
  • Security Measures

Risk Management Framework (RMF) Applied to Aviation and Avionic Systems

  • Functions
  • Category
  • Subcategory
  • Application
  • Difficulty
  • Effectiveness
  • Assessment of Aviation Critical Security Controls
  • Inventory of Authorized and Unauthorized Avionics Devices
  • Inventory of Authorized and Unauthorized Software.
  • Secure Configurations for Hardware, Software and Firmware
  • Continuous Vulnerability Assessment and Remediation.
  • Controlled Use of Administrative Privileges
  • System Maintenance, Monitoring, and Analysis of Audit Logs
  • Protections
  • Malware Defenses
  • Limitation and Control of Networks, Protocols, and Services
  • Data Recovery Capability.
  • Secure Configurations for Avionics Devices
  • Aviation Boundary Defense.
  • Data Protection.
  • Controlled Access
  • Account Monitoring and Control.
  • Security Skills Assessment
  • Aviation Application Software Security
  • Incident Response and Management.
  • Penetration Tests and Red Team Exercises

Case Studies and Workshops

  • Analysis of Cybersecurity Cases Aviation Systems
  • Design Process
  • System CONOPS
  • Mission objectives
  • Test and Evaluation
  • Threat Analysis
  • System Design and Security Requirements
  • System Implementation Security
  • Attack surface
  • Physical Attack Surface
  • Aviation software, hardware and firmware analysis
  • Attack types against Aviation and wireless communications protocols, buses, terminals, embedded operating systems, applications
  • Automated Threat Modeling
  • Threat Modeling
  • Threat Modeling Methodologies
  • Threat Modeling Software
  • Threat Modeling Tools
  • Mitigation approaches and techniques
  • Hacking/exploitation techniques, tools, and entry points
  • Trust hardware and software components
  • Risk Assessment
  • Control Plan
  • Mitigation

Tonex Aviation Cybersecurity Assessment

  • Evaluate your aviation system security vulnerabilities
  • Assessing cyber-related information and control systems to relevant regulations, standards and guidance
  • Gap analysis to unveil security holes
  • real-time situational awareness
  • Insider and external threat protection
  • System hardening and active defenses for comprehensive protection of Aviation system environment
  • Aviation cybersecurity patching

 

Aviation Cybersecurity Training Bootcamp

Request More Information

Please enter contact information followed by your questions, comments and/or request(s):
  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.