The Federal Aviation Administration (FAA) is responsible for ensuring people can fly safely and efficiently throughout our National Airspace System. The FAA focus is on air transportation safety, including the enforcement of safety standards for aircraft manufacturing, operation and maintenance.
Each year the Air Traffic Organization (ATO) Cybersecurity Group hosts the FAA Cybersecurity Awareness Symposium to promote cybersecurity awareness, collaboration, and partnerships between the FAA, Interagency Stakeholders, Industry, and Academia. The event is an opportunity to discuss current security challenges as well as to network with peers and leading industry experts. Through information sharing of this type, we can strengthen the cybersecurity of the aviation ecosystem and meet our shared mission to provide the safest and most efficient aviation system in the world!
Exhibit Halls will be available between 9:30 am to 2:30 pm ET. Please join FAA Collaboration Initiative Hall to meet and greet with a variety of cybersecurity professionals currently collaborating on FAA initiatives. Visit the Explore ATO Cybersecurity - Meet the Workforce Hall to interact with FAA ATO professionals and to learn about the myriad components comprising cybersecurity to include: policy development/enforcement, communications/outreach, and architecture design and enterprise solution development.
Attack Vectors – Ransomware
Incidents involving ransomware have risen dramatically. This presentation will provide a definition of ransomware, explore the methods used by and motives of the agents behind the phenomena, and discuss steps that can be taken to minimize the potential impact of a ransomware incident.
Harry Regan, CISSP, CISM, PSP – Technical Director, Consulting Services, Securicon, LLC
Detection – Penetration Testing
Penetration testing is a tried and true field of study within computer security. However, operational technologies (OT) provide unique opportunities and challenges from traditional information technologies (IT). We define OT systems as a category of computing and communication systems to manage, monitor and control industrial operations with a focus on the physical devices and processes they use. This presentation provides insights and recommendations learned from conducting penetration testing and threat operations against a variety of OT systems including electrical power and satellite control systems.
Dr. Michael VanPutte — Chief Scientist, Provatek, LLC
Defensive Measures – Remote Access Protections & Operating Environments
Legacy disparate remote access solutions have been deployed across the FAA that do not provide the adequate security controls and introduce additional risk. Learn about the different enterprise remote access solutions available today and coming in the future to help Second Level Engineering perform their job securely and efficiently.
Tim Irvin – Security Engineer, SysNet Technologies
Christian Pol – Security Engineer, SysNet Technologies
Attack Vectors – ACI Cyber Rodeo
The Aviation Cyber Initiative (ACI) Cyber Rodeo is a venue for aviation cyber RDT&E experiments, trials and demonstrations. Its objective is to demonstrate risk to missions and systems within the civil-military aviation ecosystem. It brings government, industry and academia together to advance solutions and mature technology readiness levels as well as advancing aviation cyber capabilities to support operational system trust indicators.
Joe Pagano – Manager, FAA Surface & Secondary Surveillance Test & Evaluation Branch
Detection – Trust and Verify: The intersection of Innovation & Integration
Future state air traffic management capabilities, advanced by innovations in technologies and evolution in services, are highly dependent on integrating internal and external systems. Modernization employing capabilities such as, microservices, DevSecOps and Zero Trust Architecture (ZTA) promise to help decompose, segment, and isolate system access minimizing enterprise exposure. This session presents the current state of ICAO cyber activities, international aviation cyber strategies, and the detection regimen needed to address this highly integrated, “not-so-future-state” services-based revolution.
David J. Almeida – Director, Research & Technical Strategy, LS Technologies, LLC
Defensive Measures – Trust Relationships & Zero Trust Architecture
Defining the operational requirements and governance for an International Aviation Trust Framework as a first step toward federated International Aviation zero trust.
Rob Segers – NAS Information Systems Security Architect, NextGen ANG-B3
Exhibit Halls will be available between 9:30 am to 2:30 pm ET. Please join FAA Collaboration Initiative Hall to meet and greet with a variety of cybersecurity professionals currently collaborating on FAA initiatives. Visit the Explore ATO Cybersecurity - Meet the Workforce Hall to interact with FAA ATO professionals and to learn about the myriad components comprising cybersecurity to include: policy development/enforcement, communications/outreach, and architecture design and enterprise solution development
Attack Vectors – Supply Chain
Today’s supply chains are under maximum stress across the Global Industrial Base. Organizations must find ways to protect their supply chains while assuring the flow of goods and services at a cost effective price point. Learn how Air Force Materiel Command manages supply chain risk to ensure a secure operational environment.
Michael (Mike) Hoover, Air Force Materiel Command (AFMC) Supply Chain Risk Management (SCRM) Focal Point
Detection – Aviation Data Link Security Risk Assessment Tool
As part of our aviation security risk detection efforts, a security risk assessment tool was developed to evaluate the level of risk resulting from potential cybersecurity events. Critical aviation data links and security threats were replicated on a testbed environment. The tool creates models for the threat analysis and risk assessment of the critical data links.
Anna Baron Garcia – Ph.D. Candidate, ERAU
Radu Babiceanu – Professor of Systems Engineering, ERAU
Remzi Seker – Associate Provost for Research, ERAU
Daniel Diessner – Senior Research Scientist, ERAU
Defensive Measures – Enhance Robust Layered Defenses
Discuss current and near-future FAA capabilities for enterprise cybersecurity research, testing, training and collaboration; i.e., dedicated facilities providing specialized tools and safe, closed environments that afford rapid configuration before and easy restoration after testing. The three capabilities:
• Implement stronger defense and offensive cybersecurity best practices to further protect operations and support the agency mission, such as vulnerability remediations, asset inventory, penetration testing, network architecture solution (i.e. Data Diodes) and hardening,
• Mimic the FAA production network hierarchy for FAA cybersecurity testing,
• Address whole-of-nation incident response to facilitate collaboration with other government agencies and partners.
Hector Morales – Manager (A), FAA ATO Cybersecurity Enterprise Architecture Group
Linda Santon – Cybersecurity Engineer, FAA ATO Cybersecurity Engineering Group
Kristof Preisner – Cybersecurity Test Engineer, FAA ATO Cybersecurity Testing Group
Dominic (Bud) Timoteo – Cybersecurity Test Facility Engineer, FAA ANG Information Security Branch
Dom Ali – Secure Enterprise Cyber Test Range Classified Information Security Manager, FAA ANG Information Security Branch
Attack Vectors – Lateral Movement
Learn about a common and effective cyber attack technique, and a proof-of-concept AI-based capability aimed at expanding monitoring, detection, and alerting of events related to unauthorized lateral movement, that could have broad applications across the aviation ecosystem.
Leslie Shing – Technical Staff, MIT Lincoln Laboratory
Detection – Operational Technology Security and Resilience Solutions
While there are common Operational Technology (OT) challenges across the critical infrastructure (CI) community, there are also unique OT security and resilience challenges within each sector, subsector and segment. Learn about the ways Idaho National Lab, a world leader in securing CI and improving the resiliency of vital national security and defense assets, is here to support your OT security and resilience efforts in today’s cyber threat environment.
O.T. Gagnon III – Chief Strategist, Idaho National Lab, National & Homeland Security, Infrastructure Assurance and Analysis
Defensive Measures – ATO Data Evolution
The FAA’s Air Traffic Organization’s Data Champion presents a summary of the ATO’s Data Evolution efforts. Topics will include the development of an executive leadership team and working group of ATO data professionals, the first steps towards an informed culture and the role that data governance will play in the provision and protection of data to make informed decisions.
Kim Pyle, Director, Policy and Performance, Safety and Technical Training and ATO Data Champion
Gian Burdhimo, Program Manager, ATO Data Evolution
ATO Cybersecurity Steering Board (ATO-CSB) Panel – Executive Cybersecurity Collaboration & Insights
Frequently Asked Questions
Yes, you will need to register for the event in order to receive login information.
From our conference website home page, please find the “Register” button at the top. Complete the fields and create a username and password. Once you have registered, you will receive a confirmation email for your registration.
Yes, you may access the conference using a desktop, laptop, tablet, or smartphone
The Symposium is hosted on a zoom-based platform, so no additional software other than zoom should be required.
Find and click on the “Info” area to chat with a support rep.
Yes, the sessions will be available to view on-demand for up to one month after the conference. After the 30 days, content will be available to FAA employees and contractors only by contacting 9-AJWB4-ACG@faa.gov
Please see the information desk within the Summit platform. If you are having trouble accessing the platform, please contact 9-AJWB4-ACG@faa.gov