Los Angeles World Airports
Cyber Security at Airports Bob Cheong, CISM, CISSP Chief Information Security Officer, Office of Information Security 2/16/2012
1
Agenda Questions We Need To Ask Ourselves? Why Do We Need A Cyber Security Team? Cyber Incidents At Airports What Are We Trying to Protect? What Threats Are We Facing Today? Situational Awareness? Forming A Cyber Security Team Security Monitoring Console Snapshots of Security Incidents Questions??? 2/16/2012
2
Questions We Need To Ask Ourselves? What are the chances that a cyber security threat can affect the operations of the airport? Should we be concerned? If so, how concerned? Can we apply our contingency and disaster recovery process against these threats? Should cyber security incidents require an immediate operational response? How do the cyber incidents get defined in Aviation operations? 2/16/2012
3
Why Do We Need A Cyber Security Team?
Aviation continues to be the number one terrorist target. Heavy dependency on computer systems to drive our business. Do you know what is going on in your network? Tracking contractors/employees leaking sensitive information. Increasing numbers of critical business systems are interconnected with partners and customers on the internet which present a danger of cyber attacks on these systems. No one can guarantee that intrusions or other malicious acts will not happen. If this happens, the speed to recognize, analyze, and response to an incident will limit the damage and lower the cost of recovery to an organization. 2/16/2012
4
Cyber Incidents At Airports Malware affects a new baggage systems located in a private network. How does this happen? Botnet affects the public safety private network and did call backs to its C&C server (Command & Control Server) Botnet affects the Airport Coordination Center and did call backs to its C&C server (Command & Control Server) Hacker tried 6,408 various attempts to hack into a new file transfer server unsuccessfully two days after it was deployed.
From 7/10 to 7/11, we’ve blocked 58,884 internet misuse and abuse such as P2P File Sharing & Streaming Media From 7/10 to 7/11, we’ve blocked 2.9 millions hacking attempted at our internet infrastructures
These incidents could happen to you but you may not be aware of it. 2/16/2012
5
What Are We Trying To Protect? Protecting Four Key Domains: Confidentiality – preventing unauthorized access to information Integrity – preventing unauthorized modification or theft of information Availability – preventing denial of service and ensuring authorized access to information Non-Repudiation – preventing the denial of an action that took place or the claim of an action that did not take place
What elements were most important? Cost? Privacy? Reliability? Security Effectiveness? 2/16/2012
6
What Threats Are We Facing Today? Narus, an internet traffic intelligence & analytic company, reveals the Top 10 Cyber Security Threats of 2011: Attacks via USB Large-scale, targeted Botnet attacks DDoS attacks Attacks via Social Networks Click Jacking and Cross-Site Scripting Web Attacks Phishing from ‘trusted’ third parties Online fraud Cloud Computing Concerns Data Exfiltration and Insider Threats Mobile Devices and Wireless Networks Attacks 2/16/2012
7
Situational Awareness As the security landscape changes constantly, we need to be aware of these changes in order to make better decisions handling a cyber incident. Current blacklist of malicious or bad URLs sites. Current blacklist of hackers source ip addresses. Newly discovered cyber attacks and hacking tools. Newly discovered systems security vulnerabilities. Newly discovered worms, viruses, botnets, malwares, etc Natural disasters such as earthquakes, power outages, terrorist attacks, etc that impact critical communication infrastructure. 2/16/2012
8
Forming A Security Team
2/16/2012
9
Security Monitoring Console Screen
2/16/2012
10
Security Monitoring Console Screen
2/16/2012
11
Los Angeles World Airports
Questions??? Contact Info: Bob Cheong, CISM, CISSP email:
[email protected]
2/16/2012
12
