During the 2022 FAA/EASA International Aviation Safety Conference in Washington, DC which was held from June 14 to 16, 2022, there was a very informative panel discussion on "Managing Cybersecurity Threats" which I had the pleasure of attending. The discussion revolved around:
Regulators and industry are increasingly faced with cybersecurity threats potentially harming aircraft, operator and airspace systems. The panel will present approaches on managing and mitigating such threats and discuss where global harmonization is needed and how cooperation can be achieved. To demonstrate the importance of both resilient design and operational mitigations, the panel will consider how GNSS/GPS manages cybersecurity threats, specifically with regard to spoofing.
The Moderator was Peter Hearding (Deputy Assistant Administrator for Policy, International Affairs & Environment, FAA).
Some highlights of the panel discussion based on my own notes:
- Larry Grossman (Senior Advisor, Cybersecurity & Privacy Services, FAA) provided great insight in the evolving threat landscape. To illustrate the rapid changing exposure, he quoted that in 2016, data generated = 1.6mb/person/second, and then he noted that half the world's data generated in last two years! He gave insight that FAA runs 340+ systems (including mission critical systems) and FAA gives out 1TB of data per day (to both authenticated and unauthenticated users).
- Luc Tytgat (Director, Strategy & Safety Management, EASA) talked about how EASA put in place the 4 pillars based on the ICAO mandate.
- Aircraft cert standards (SCs)
- Information sharing
He also noted that EU will pass regulatory framework to centralize cybersecurity reporting under EASA.
- Stefan Schwindt (Principal Product Security Leader, Aviation) gave interesting insight into an aviation OEM's key challenge, including the challenger of the multiple (and sometimes conflicting) reporting requirements.
- Hank Wynsma (Managing Director Secure Product Solutions & Aircraft Cybersecurity Operations, United Airlines) gave an insightful overview of how cybersecurity and ISMS has been integrated into United's existing SMS.
I've attached the presentation material for those that are interested.