Illustrative programme subject to change.
More presentations to be announced
Copyright IOE Events Ltd 2019
Day One November 5th 2019
8:20 am - 9 am
Delegate Check in
9:00 am - 9:05 am
Welcome from the Cyber Senate and Introduction to our Chairman
James Nesbitt, Cyber Senate, Director
9:05 am - 10:30 am
Wake Up Call: Quick Fire Presentations followed by a Panel with Q&A addressing Vulnerability and Risk Management Strategy in a Hyper-Connected Environment.
Participants will discuss how we are identifying and mitigating key risk brought about by increased connectivity for aircraft, ground operations, communication systems and supply chain.
10:30 am - 11:30 am
Panel Discussion: Supply Chain Cyber Security for the Aviation Sector
Moving on from our Quickfire risk detection and mitigation session, will look at the aviation sectors cyber security maturity model, explore the gaps and we will can improve supply chain visibility and resilience through best practice and procedure.
Do we understand the capabilities and vulnerabilities of the technology we are buying and deploying?
Are we adequately testing components and what assurance do we have in this testing?
How can we patch insecure components when they are already in the field?
Are we vetting 3rd parties effectively and if not how can we better manage this process?
Are vendors getting better at disclosing vulnerabilities? Are they working closer with sector to improve resilience?
To what extent are we involving asset management and asset information divisions in understanding cyber risk? Are we able to work closer with these divisions to get a 360 degree view of our asset base?
How can we better manage the disruption of taking services offline to patch, repair or secure cyber-physical systems? Can we ever safely take them offline?
How far has the industry come in defining cyber security policies and frameworks, roles, responsibilities and procedures?
Are we defining our cyber policies appropriately through procurement and liability contracts?
Nicky Keeley, Head of Cyber Security Oversight, Civil Aviation Authority
Further panellist to be confirmed
11:30 am - 12:00 pm
12:00 pm - 12:30 pm
Panel: Deepening Collaboration and Information Sharing Within the Aviation Sector
What are the challenges we face in obtaining/sharing intelligence and actionable information? Are we seeing the change required to create communities and readily available resources?
What resources and means are available to us at present? (ISAC, Threat intelligence tools, online resources etc)
Who are the stakeholders we may not think to engage with and how can we break down siloed approaches? How can we become more effective at accessing and distributing actionable intelligence from within the organisation and beyond?
12:30 pm - 1:00 pm
More Than Turbulence- Aviation Software Vulnerabilities & Exploitation
Introductions to the challenges of modern aviation and technology
Maintenance and asset management
FAA requirements and recalls
Weaknesses in exposure of various parts databases
Lack of required security testing by FAA on maintenance software
Software utilized in a modern airframe
Explanation of what types of software is in use on both planes and weight balancing
Buffer overflows, the FAA requires memory checks to ensure they stay within hardware operating parameters. But, no full boundary checks.
Explanation of current challenges: F35a has buffer overflow issues requiring a manual reboot of the flight computer, in flight.
Gate logic doesn't equal good code or secure code: explanation of how the software is written whilst pointing out memory leaks, incompatibility with ease of patching unless substantial down time (except the 787) and the lack of any security testing for any aviation software on a plane.
Exposure of various airframe manufacturer systems.
Exposure of various airport ticketing and maintenance systems.
Chris Kubecka, CEO, Hypasec
1:00 pm - 2:00 pm
2:00 pm - 2:30 pm
Managing International Information Sharing Between Airlines and Establishing a Cyber Security Baseline
Ton Van Gessel, SkyTeam, IT Security
2:30 pm - 3:00 pm
The journey from IT to OT Security: Pitfalls, Challenges and Opportunities
With the rising need for cyber security, information security and privacy-by-design in OT environments, the demand for expertise on this area is exploding. Many organisations are turning to the already over-fished pool of IT security professionals to acquire the knowledge and advise they need. There are however important differences between IT security and OT security. Understanding these differences and identifying common pitfalls, challenges and opportunities is very important part of improving OT security. By doing so, organisations can prevent the application over secured or under secured solutions from the IT field in the OT field and instead address the identified risks and threats properly, taking into account the requirements of all stakeholders. In this talk I will show examples of the before mentioned, and present suggestions that could enable more effective and efficient ways to address cyber security risks in an OT environment.
2:30 pm -3:00 pm
Case Study: Industrial Control Systems from an IT Perspective
Ray Secrest, Sr. Manager, Information Security, Tampa International Airport (TPA)
3:00 pm -3:30 pm
3:30 pm -4:00 pm
Case Study: Developing Resilience in an Interconnected Infrastructure
Understanding the severity and parameters of an incident
Evaluating the impact and mitigating further cascading threats
Preparedness and incident coordination
4:00 pm - 5:30 pm
Round Table Discussion: Aviation Specific SOC Management to Drive Efficiency and Improve ROI
Roundtables split into two groups.
SITA will introduce topic and challenge.
Both sessions are outcome driven to encourage a group discussion: what are methodology and strategies to address this issue; findings/opinions form the summary at the end for the audience as take away.
Stephane Gomez, SITA,Cyber Security Lead
Ahmed Fawzi, SITA Cybersecurity, Global Head of Business Development
End of Day One
Proceed to Day Two