Scribd Logo
Upload

Welcome to Scribd!

  • Air Navigation Security Lifecycle

    Uploaded by

    Ser Ma
    30 views16 pages
    cyber security

    Original Title

    01_Francessco_CANSO -DI_MAIO_GANIS_FINAL

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    cyber security

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    30 views16 pages

    Air Navigation Security Lifecycle

    Uploaded by

    Ser Ma
    cyber security

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    Air Navigation Services

    as critical
    infrastructure
    ---

    Manage information
    security through
    lifecycle
    Francesco Di Maio
    (ENAV ITA. Head Security)
    CANSO ASWG Chair
    GANIS/SANIS, ICAO HQ, Montreal, 11-15 December 2017
    FOREWORDS

    Information security for any ANSP:


    - Duty of care liability, ethical mission, public
    function;
    - Not only matter of technology people,
    processes, equipment;
    - Security is not a vaccine: security by
    design/security through lifecycle
    ATC AS A SYSTEM OF SYSTEMS: COMPLEXITY

    Evidences:
    stratification of technologies
    legacy and COTS
    lock-in, obsolescence and
    investment protection issues;
    Safety vs security: what is this?
    Interoperability
    interdependencies
    Energy
    Telecommunications
    Ancillary services


    COMPLIANCE + DUE DILIGENCE: PROACTIVE SECURITY

    Liability is based on what


    organizations do before –
    not after – a security breach;
    Compliance and diligence
    cannot be delegated
    Due diligence must be
    always demonstrated
    through evidences.
    DEMISTIFYING CYBERSECURITY

    Professional approach;
    Methodology;
    Apply continuous improvement
    Do not «over» everything
    • Over-regulation
    • Over-auditing
    • Over-expenses
    • …
    Risk based approach always;
    Systematically thinking;
    Focus on both threats and vulnerabilities;
    Share relevant information (IoC) not opinions
    FROM THEORY TO ACTION
    National Organization within EU NIS Directive

    Political-Strategical Level
    PRIME CISR
    MINISTER Inter-Ministerial Committee for National Security

    CyberSecurity Unit
    Scientific
    DIS Committee
    (SECURITY
    INTELLIGENCE Operational/Decisional Support Level
    NISP
    DEPARTMENT)
    Situational and
    Planning Unit Intelligence
    Agencies (AISI/AISE)

    Tactical & Crisis MGMT Level


    INFORMATION SECURITY OPERATION CENTRE

    Operational Corporate Operational Corporate


    network (ATC) network Internet Internet

    i-SOC Services

    CERT-ENAV (in progress)


    ENAV

    External parties coordination and data exchange

    8
    SERVICES PROVIDED LIFECYCLE SPAN
    Risk Management

    Crisis Management

    Civil/Military Coordination

    Classified Information
    Protection

    Security Event Monitoring

    Security Department
    Authentication Authorization
    Accounting

    Information Security Operation Center (i-SOC)


    Endpoint Protection

    Security Intelligence

    Incident Handing & Response

    Policy Enforcement

    Policy Compliance

    Pen Test / Vuln Assessment

    Forensic

    Security Awarness
    Attack Simulation

    Lesson Learned
    & dissemination
    9

    IT Operation

    Assett Management
    SECURITY OPERATIONS - DETAIL
    Security Event Monitoring

    Authentication Authorization
    Accounting

    Endpoint Protection

    Information Security Operation Center (i-SOC)


    Security Intelligence

    Incident Handing & Response

    Policy Enforcement

    Policy Compliance

    Pen Test / Vuln Assessment

    Forensic

    Security Awarness
    Attack Simulation

    Lesson Learned
    & dissemination
    10

    IT Operation

    Assett Management
    SECURITY MODEL

    Security architecture is multi


    layer and multi domain

    - where possible Security is


    delegated to specialized
    systems
    eg. IDS/IPS, antimalware etc.

    - in other cases notable Security


    Events are collected to allow
    early detection of anomalies

    Need to minimize the Central system to collect,


    The data knowledge is a must “background noise” and data index and analyze data in a
    to understand Security Events normalization for analysis fast way
    11
    SECURITY MODEL Cont’d

    Data are collected and


    splitted into Logical
    Security Domains
    - INTRUSION

    - WEB
    - NETWORK
    - MALWARE
    - AUTHENTICATION
    - VULNERABILITIES
    - OS/SERVICES
    - IDENTITIES
    - USERS
    12

    - ASSETS
    FOCUS ON INFORMATION SHARING
    Objective Ensure a pure and trusted Public-Private Partnership using
    standard language and transfer STIX/TAXII protocol and the
    existing SIEM or intelligence platform in the federated entities

    Requirement: no commercial solutions, no lock-in

    Plus Automation and «use what you need» principle

    MineMeld

    STIX/TAXII
    network
    THE ARCHITECTURE

    ● Data collection from


    heterogeneous sources
    ● Export internal IoC
    ● Very HIGH automation
    level
    ● Fitted to business
    ● Fast and reliable: any
    delay in threat
    management could be
    fatal
    Considering this
    Thank you!

    CANSO Headquarters
    Transpolis Schiphol Airport
    Polaris Avenue 85e
    2132 JH Hoofddorp
    the Netherlands

    tel: +31 (0)23 568 5380


    fax: +31 (0)23 568 5389
    email: info@canso.org

    You might also like