ATO Cybersecurity Awareness Symposium

Please join the virtual FAA Collaboration Initiative Hall to meet and greet with a variety of cybersecurity professionals currently collaborating on FAA initiatives. Visit the virtual Meet the Managers Hall to interact with FAA Leadership and to learn about the myriad components comprising the ATO Cybersecurity Group to include: program governance and control, policy development, architecture design and enterprise solution development, cyber engineering, cyber testing & integration/outreach.

Gabriel Elkin, MIT Lincoln Lab - Assistant Group Leader, Air Traffic Control Systems Group

Applications of Artificial Intelligence and Machine Learning for Cyber Defense within a Zero Trust Framework

This talk will present a framework for understanding the essential elements of a Zero Trust Architecture, and discuss where machine learning and artificial intelligence technologies can play a role in improving cyber defense within that framework. An example use case will be provided.

William Seskey, CSCP – Manager, Government & Public Sector, Deloitte Consulting LLP

Managing Supply Chain Risk in a Global Complex Environment

The challenges of managing supply chains in a multi-hemispheric, globally disaggregated ecosystem is very real. Supply chain risk has proven to be to significant cause of concern for all, as witnessed in the onset of the COVID pandemic and the continued impacts that persist this very day. This presentation provides a holistic approach to address supply chain risk across all the phases of the risk lifecycle by building resilience and strengthening security in industrial base supply chains.

Evan Kozlowski, HackerOne - Federal Account Executive

Will Kapcio, HackerOne - Federal Sales Engineer

Crowdsourced Security Within The Federal Government

This presentation will discuss: Crowdsourced Security - What Is It? and Federal Government Success Stories.

Sebastian Dunne, Red Hat, Inc., Principal Solution Architect

Zero Trust Framework and FAA NAS Cybersecurity and Resilience

Cybersecurity and resilience for the NAS have never been more critical. And the executive order mandating Zero Trust has added to our necessary, but labor-intensive IT security work. Importantly, implementing Zero Trust does not require a comprehensive replacement of existing networks or a massive acquisition of new technologies. It's really about implementing the security best practices we've known about for years, but implementing them consistently and implementing them everywhere. We'll talk about using existing IT automation technology to secure our systems and networks while enhancing resilience in the NAS.

Matthew Butkovic, CISSP, CISA, Technical Director, Cyber Risk and Resilience CERT - Software Engineering Institute, Carnegie Mellon University

SBOM Without Risk Management is Just Another List

Software Bill of Materials (SBOM) is a concept with great promise. The objective of introducing SMOBs is to reduce risk and increase transparency. In this session we explore how SBOM integrates with foundational risk management practices. We'll discuss how risk-informed decisions should guide our construction, deployment, and operation of software. The session also examines ways to avoid the traditional pitfalls of information sharing (e.g., threat intelligence).

Ollie Gagnon, CISSP, CPP, PSP – Strategic Advisor, Critical Infrastructure Security and Resilience, Idaho National Laboratory

Addressing Consequence within Operational Risk: An Approach for Understanding an Organization's Unique Infrastructure Landscape

The endeavor of tackling operational risk focused on consequences is challenging even for the most resourced entity but can be advanced though a simplified approach: identifying, binning, and prioritizing the infrastructure environment. Attaining a common understanding of the infrastructure landscape as part of addressing consequences within operational risk is not easy to do or resource light, but the process outlined provides the framework to further any entity's efforts in this space. This approach is also a critical step prior to integrating any new technology into the infrastructure landscape.

Please join the virtual FAA Collaboration Initiative Hall to meet and greet with a variety of cybersecurity professionals currently collaborating on FAA initiatives. Visit the virtual Meet the Managers Hall to interact with FAA Leadership and to learn about the myriad components comprising the ATO Cybersecurity Group to include: program governance and control, policy development, architecture design and enterprise solution development, cyber engineering, cyber testing & integration/outreach.

Jason Porter, Vice President, Emerging Technology Practice, CGI Federal & Christine Horwege, Director, Cyber Strategy, CGI Federal

The Evolution of the Identity-driven Zero Trust Model

Overview of the presentation: The presentation will include the origins of Zero Trust Architecture and the 7 core tenets as outlined in NIST Special Publication 800-207. We will compare the differences of ZTA and the established security design principles that have been used for decades. We will explore the implications of implementation across the 5 pillars of enterprise networks, and discuss meeting the federal mandates with identity-driven Zero Trust.

Carol Woody, Ph.D., Principal Researcher, Software Engineering Institute, Carnegie Mellon University

Acquisition Security Framework (ASF): Integration of Supply Chain Risk Management Across the System Lifecycle

The ASF is designed to proactively enable system security and resilience engineering across the lifecycle and supply chain. Using a dual focus on practice and process, ASF produces an efficient and predictable acquisition and development environment, which ultimately leads to reduced security and resilience risks in deployed systems.

Arup Bhuyan, Idaho National Laboratory (INL), Technical Director, INL Wireless Security Institute (WSI)

Securing Use of 5G for the Aviation Ecosystem

While use of wireless can modernize operations with cost efficiencies in the aviation ecosystem, it has to meet the stringent requirements for safety and reliability that are necessary for aviation. 5G brings transformational changes to a cellular network and the spectrum available for its use and can potentially benefit the aviation operations significantly. The use cases that can benefit from 5G are discussed for the aviation ecosystems including the aircraft and the airport. The security procedures that the 3GPP standards for 5G has introduced are summarized along with how they should be applied for critical operations including aviation.

Wayne LeRiche, CISSP - Federal Civilian Field CTO, Palo Alto Networks

Zero Trust Architectures in Diverse System Environments

The recent OMB memorandum on Federal zero trust architecture (ZTA) strategy has made Zero Trust a priority. This presentation will discuss a holistic approach to Zero Trust Architectures following federal guidance. We will also discuss what we learned on our own Zero Trust journey at Palo Alto Networks - automating and remediating 17 billion security events a day to just 10 events that our SOC handles manually.

Remzi Seker, Vice President for Research and Innovation, Western Michigan University

Supply Chain Security Events Analysis Risk Assessment and Mitigation Solutions

Aircraft manufacturing relies on a complex supply chain due to need for large number of HW/SW components from multiple vendors. Unknown events affecting the critical components at any stage is an unacceptable risk to aircraft and air traffic operations. This presentation explores the security disruptions within an aircraft manufacturer supply chain and discusses metrics for risk assessment and mitigation solutions.

Radu Babiceanu, Ph.D., Interim Chair & Professor of Systems Engineering, Department of Electrical Engineering and Computer Science, Embry-Riddle Aeronautical University

Juan Ortiz Couder, Ph.D. Candidate, Department of Electrical Engineering and Computer Science, Embry-Riddle Aeronautical University

Leveraging AI/ML Methodologies to Strengthen the Security of PNT Services

AI/ML models are implemented to provide increased functionality, such as outcome prediction, data identification, and event classification. This presentation explores the use of AI/ML models to address the security of PNT services. The models consider data communication among aircraft and ground stations to uncover directed alterations coming from external or internal sources. The proposed models include data collection, training and testing, and overall performance evaluation in simulated scenarios.