Paul's Blog

THOUGHTS ON CYBER WARFARE

FAA’s Next Generation Air Transportation System (NextGen)

          

Billington CyberSecurity and Georgetown University never disappoint. I attended a great event in the DC area featuring David M. Bowen, the CIO of the FAA. Overseeing the FAA’s $2 billion IT budget, Mr. Bowen is responsible for protecting FAA’s critical information systems, networks, and administrative systems from cyber terrorism and malicious activities.  Mr. Bowen is intimately involved with the FAA’s Next Generation Air Transportation System (NextGen), the FAA plan to modernize through 2025.  Critical to his goals are defining the cyber security strategies and the opportunities for government contractors in the future.

The event price is right, and so is the venue. Great value indeed!  I would recommend their event to anyone involved with cyber security as a great way to network and learn.

The event started at 9:30am Copley Formal Lounge at Georgetown University. I was accompanied by David Etue, CSFI-WR (Washington Relations) Officer. Thank you, David, for your support and great conversation! David and I had the opportunity to network and mingle with the crowd; I was glad to see the DHS in particular was present at this event with some interesting questions for the presenter.

This presentation could not be recorded or filmed, but I did received permission to post my personal notes, which I will share with my readers.

The main topic of Mr. Bowen’s presentation was the FAA’s Next Generation Air Transportation System (NextGen). NextGen is an umbrella term for the ongoing, wide-ranging transformation of the National Airspace System (NAS). At its most basic level, NextGen represents an evolution from a ground-based system of air traffic control to a satellite-based system of air traffic management. This evolution is vital to meeting future demand and to avoiding gridlock in the sky and at our nation’s airports.

Mr. Bowen explained that the main technological transition would be the migration to an air transportation system based on satellite technology, and the FAA should have the entire technological migration finalized by the year 2025.

I would recommend watching the video FAA NextGen Gate to Gate: http://www.youtube.com/watch?v=ZX15tBHeC1E  (I found this video on YouTube, which is the same video Mr. Bowen shared at the event).

Now that you have a better understanding of the NextGen technology, I would like to share some of my notes covering the cyber security side of things. The core elements of NextGen are comprised of CATM-T (Collaborative Air Traffic Management Technologies), SWIM (System Wide Information Management), NNEW (NextGen Network Enabled Weather), and NVS (Airspace System Voice Switch).  All of these critical elements rely heavily on technological advances and are meant to increase situational awareness and information sharing.

While NextGen adds amazing capabilities to NAS, the risk of compromise multiplies under the new platform. There is more data movement and data exchange, creating the need for trusted communications and integrity checks.  One of the points that grabbed my attention was the use of the cloud as a way to maximize operational results. The interesting part is the fact that the FAA will run its own cloud and not rely on 3rd party providers like some of our governmental institutions in the US are planning on doing. I find this move from the FAA a wise one. They are implementing security in depth and following NIST standards. Their cyber security objectives sound in line with good security standards. Some of the concerns I have would relate to the supply chain security strategy the FAA would implement, application security and proper software development, control center resiliency, how to deal with sophisticated cyber-attacks against NextGen (including state sponsored cyber operations in case of cyber warfare), training and education of FAA cyber personnel.

One of the concerns that Mr. Bowen voiced in response to a question on data integrity was the fact that weather data packets are far bigger than coordinate data bytes, making it difficult to run accurate data integrity checks. Proper exploitation of weather data by cyber adversaries could in theory compromise accurate data exchange between systems, giving pilots and the towers false information. These are scenarios that cyber security professionals and adversaries can easily envision. The FAA does not have a choice to keep their legacy systems as we all have to embrace newer technologies in order to grow as a society. However, it is my belief that many vulnerability doors could be opened with NextGen, and we cyber security professionals should be ready to support the FAA with their efforts. I am glad I had the opportunity to tell Mr. Bowen about CSFI and exchange a few words of support.

I congratulate Mr. David M. Bowen for his courage, energy and professionalism in taking upon himself this enormous challenge. It is worth noting that Mr. Bowen is also a pilot.

Please visit the FAA’s website for further information: http://www.faa.gov/.

Paul de Souza, CSFI Founder Director

Advertisements

Filed under: Uncategorized

Career Thoughts

I am humbled and honored to have the opportunity to manage and run one of the biggest and most active forums on the Internet dealing with cyber warfare and cyber security – CSFI (The Cyber Security Forum Initiative). With over 16 years of cyber security experience, I continue to actively raise Cyber Warfare/Cyber Security awareness worldwide. I have worked as a Chief Security Engineer for AT&T, where I designed and approved secure networks for MSS. I have also consulted for several governments, military and private institutions on best network security practices throughout my career.

CSFI and its divisions CSFI-CWD (Cyber Warfare Division), CSFI-LPD (Law and Policy Division) and CSFI-WD (Wireless Division) continue to grow and expand with more than 60,000 information security members.

One of my personal goals is to serve our security community to the best of my abilities, in the protection and defense of our American national security interests, the American people, and that of our international partners. I am always ready to serve and to give of my time and skills to help our society with the growing problems we experience in cyberspace. I thank God and my family for the opportunities I have had in life and the most precious of all opportunities, which is the chance to serve others. I love what I do, and I appreciate all the support I have received from friends, family and our CSFI members.

___________________________________________

Paul de Souza, CSFI Founder Director

%d bloggers like this: