Air Traffic Control Association
No. 11, 2014
Being Proactive in an Age of Cyber Attacks Takeaways from ATCA’s 4th Aviation Cyber Security Day
In This Issue: »» ATCA to Form its Own Cyber Committee – The Aviation Cyber Security Initiative »» A Moment in Aviation History »» Member Spotlight: Aprocta »» ATCA Welcomes New Staff
www.atca.org
President’s Message
No. 11, 2014 Published for
By Peter F. Dumont, President & CEO, Air Traffic Control Association
Cyber Security at the Forefront
T
his month ATCA held its fourth Aviation Cyber Security Day. As you know, cyber security is a serious consideration in our everyday lives as it relates to personal information and finances. As we continue to transition the aviation system to new technologies, we must be mindful and preemptive in the development phase to ensure we are protecting the system from cyber threats. We need to address cyber security up front when modernizing the National Airspace System (NAS). A good defense, from the beginning, is the only way to ensure we have a recovery process in place in case of a breach. If you think that the Aurora fire on September 26 debilitated the Chicago area air traffic control services, you can be sure a cyber attack would be so much more disruptive. The difference in the case of cyber security is we cannot just replace some equipment, flip a switch and turn it back on. We can recognize a fire; we know how to battle a fire and we know how to isolate the fire-damaged system. We do not have that same knowledge or ability when it comes to cyber breaches. It isn’t just the U.S. NAS. The issue of cyber security extends to air navigation service providers (ANSPs) worldwide as well as airlines and air-
1101 King Street, Suite 300 Alexandria, VA 22314 Phone: 703-299-2430 Fax: 703-299-2437 info@atca.org www.atca.org President & CEO: Peter F. Dumont
Director, Communications: Marion Brophy
Communications Consultant: Mary Johnson Writer/Editor: Kristen Knott
ports. We must look at the whole system globally when we evaluate aviation cyber risks. To this end, ATCA is putting together an aviation cyber security committee. If you are interested in participating please contact Paul Planzer at paul.planzer@atca.org. More information on this will be forthcoming. In addition, I would like to take just a moment to remember Trevor Paine who passed away on November 18 after his battle with cancer. Trevor was a great asset to our community and a warm and caring individual. He would always take a moment at our events to pull me aside and tell me something I didn’t know about the history of our industry and remind me of his long association and membership with ATCA. He will be missed. And lastly, please join us for our holiday open house on December 9 from 11 a.m. – 2 p.m. for food, drink, and friendship.
Formed in 1956 as a non-profit, professional membership association, ATCA represents the interests of all professionals in the air traffic control industry. Dedicated to the advancement of professionalism and technology of air traffic control, ATCA has grown to represent several thousand individuals and organizations managing and providing ATC services and equipment around the world. Published by
140 Broadway, 46th Floor New York, NY 10005 Toll-free: 866-953-2189 Toll-free Fax: 877-565-8557 www.lesterpublications.com President: Jeff Lester
Vice President & Publisher: Sean Davis Editorial Director: Jill Harris
Managing Editor: Kristy Rydz Art Director: Myles O’Reilly
Senior Graphic Designer: John Lyttle Graphic Designers: Crystal Carrette Jessica Landry Gayl Punzalan
Sales Director: Danny Macaluso Advertising Sales: Quinn Bogusky, Louise Peterson, Blair Sidorow Accounting: Nikki Manalo Distribution: Jen Holmes
Upcoming Events Dec. 9, 2014
ATCA’s Holiday Luncheon and Open House Alexandria, Virginia
2
ATCA Bulletin | No. 11, 2014
March 10 – 12, 2015
World ATM Congress 2015 Madrid, Spain www.worldatmcongress.org
© 2014 Air Traffic Control Association, Inc. All rights reserved. The contents of this publication may not be reproduced by any means, in whole or in part, without the prior written consent of ATCA. Disclaimer: The opinions expressed by the authors of the editorial articles contained in this publication are those of the respective authors and do not necessarily represent the opinion of ATCA. Printed in Canada. Please recycle where facilities exist.
Being Proactive in an Age of Cyber Attacks Takeaways from ATCA’s 4th Aviation Cyber Security Day By Kristen Knott, ATCA Writer and Editor
H
ome Depot, Target, and Walmart. Until recently, these mammoth companies didn’t have much in common for the average person beyond Saturday morning errands. Today, however, they immediately conjure thoughts of some of this year’s biggest cyber attacks. Cyber security isn’t a new issue. In fact, one of our nation’s largest cyber breaches occurred nearly eight years ago in January 2007, when T.J. Maxx’s parent company, TJX Companies, Inc., revealed that a credit card breach cost them $256 million. It’s not just superstores and credit cards that are at risk. The Air Traffic Control Association (ATCA) recognized the risk to aviation in 2010 and responded with the first Aviation Cyber Security Day and established itself as an industry thought leader. For the fourth year, ATCA brought together expert panelists to address this critical issue on November 13 in Arlington, Va. Natesh Manikoth of the Federal Aviation Administration (FAA) summed it up saying, “We’re all shell-shocked; there’s no dearth of bad news.” “We need to address cyber security up front in case of a breach; if you think the Aurora incident [on September 26, 2014 at the Chicago Air Route Traffic Control Center] crippled ATC, you can be assured that a cyber attack would be 10 times worse,” said ATCA’s President and CEO Peter F. Dumont. “In many ways we’re in another cold war – a cold cyber war; the enemy is hard to know,” said Steve Carver of Aviation Management Associates, Inc., who helped orchestrate the event. The annual event, designed as a forum to voice concerns and educate the aviation community, included three
4
ATCA Bulletin | No. 11, 2014
key panel sessions discussing current cyber federal policies, cyber activity and operations, and collaboration for data exchange and industry initiatives.
Cyber Federal Policy and its Effect on Aviation The event’s first panel focused on how best to apply policies such as the Presidential Policy Directive (PDD)-21 and the National Institute of Standards and Technology (NIST) framework to aviation corporations and the community as a whole. “We choose to go to the moon in this decade and do the other things, not because they are easy, but because they are hard, because that goal will serve to organize and measure the best of our energies and skills,” President John F. Kennedy famously said in his address to Rice University in Houston, Texas in September 1962. In his opening remarks, Ron Ross of NIST quoted President Kennedy to show that no challenge – even cyber attacks – is insurmountable; our nation has faced worse. “I think we’re going to have to apply that same strategy today [to tackle cyber security],” he said. “We have a long way to go as opposed to other industries,” said Manikoth. “The FAA is developing policy that’s for aviation across the board, not NAS [National Airspace System] or non-NAS specific; there’s been a shift.” “We’re always in a reactive mode, but need to be proactive,” added Ross. “We’ve done a poor job of connecting security to mission.” He went on to say, “Most of us work above the water line (behind firewalls) and that’s not always on the radar of senior leadership; that’s where educational awareness and cul-
tural awareness [come in], “It’s about being proactive – some of the solutions are building trusted software and hardware and educating the workforce knowing that the enemy will continue,” said Hofmann. “We don’t want a cyber 9/11 to move us forward.”
Aviation Industry Cyber Initiatives The second panel discussed how private industry is reacting to increasing cyber threats and what initiatives they’re promoting and implementing to help protect the nation’s infrastructure. Faye Francy of The Boeing Company asked the question – What if aviation went down for one day? What would the impact be? “We must understand the threat and understand how to go forward after an attack,” said Francy. “We can’t stop aviation; we
must work together.” There are two types of organizations: the type that’s been compromised and the type that doesn’t know it’s been compromised, said panelist Frank Buck of The MITRE Corporation. “Today, 93 percent of those [FAA] services are on point-to-point networks; it’s a relatively safe cyber environment. The FAA is now faced with the challenge of moving away from that for greater flexibility, but as they do that, it opens them up to greater risk,” said Buck. “We really have to understand the mission; it’s really about mission assurance.” “Our air-ground connectivity is not secured today, and that scares me,” said Francy.
“We’re developing relationships to understand the threat and share that threat.” One such relationship is with the Aviation Information Sharing and Analysis Center (A-ISAC), a non-profit organization whose mission is
ATCA Bulletin | No. 11, 2014
5
to analyze and share timely, relevant, and actionable information as it pertains to threats, vulnerabilities, and incidents. Francy added that the aviation community also needs to work on the NIST framework. “No network is secure – even pointto-point – so you have to defend it,” said Dr. John Brence of Knight Point Systems, adding that everyone targets critical infrastructure. “For me, I’m worried about the terrorists because they have nothing to lose,” he added. “The basics are also important; you need to know what’s on your network. That’s basic hygiene – no one wants to make The Washington Post.” “Eleven percent of our IT budget was spent on cyber security, and about two-thirds of that is spent watching our networks,” said Buck. “You’re getting
situational awareness of what the bad guy is doing; it’s a game-changer.”
Cyber Activity in Aviation Engineering and Operations From avionics to the air navigation service provider (ANSP) system, a collaborative effort is needed to assure interoperability. The last panel of the day discussed ANSP initiatives to secure the aviation infrastructure, such as Unmanned Aerial Systems (UAVs), data link, and private sector telecommunications (i.e., cloud computing). You can’t intersect the NAS of today; you need to think about tomorrow’s NAS, noted Stephen Van Trees of the FAA. “You fundamentally have to trust the people working for you,” said Kim Troutman of NAV CANADA. “We really
haven’t seen a malicious internal attack, but we’ve had some mistakes,” he continued, citing UAVs as great examples. “We try to put in checks from a software point of view,” said Troutman “To go to a third-party cloud environment, I’m not sure where the big benefit is – you’re going to share data, but it would be a big, big challenge. We’re going to wait before going wholesale and putting our mission-critical data on cloud.” “My vote right now is for a hybrid model – at the end of the day, it’s really about managing risk and that’s what we do at the FAA,” said Dennis Filler of the FAA. Ultimately, the last line of defense comes down to individuals and their training, concluded Van Trees.
Remember To Join Us at
ATCA’s Holiday Open House & Luncheon ON Tuesday, December 9! 11 a.m. – 2 p.m. ATCA Headquarters 1101 King St., Suite 300 Alexandria, VA 22314
MaxyM/Shutterstock
RSVP to Ashley at Ashley.Swearingen@atca.org
6
ATCA Bulletin | No. 11, 2014
A Moment in Aviation History
As we prepare to slow down and enjoy the holidays, we’re reminded of a pilot who spent November 1929 on a more ambitious venture: “Nov 28-29, 1929: Richard E. Byrd, crew members, became the first to fly over the South Pole, operating a Ford Trimotor from the U.S. base at Little America. Earlier, on May 9, 1926, Byrd and Floyd Bennett had made a flight credited as the first over the North Pole, in a Fokker F.VII.” - FAA Historical Chronology, Department of Transportation
Committed to Providing Proven, Cost-Efficient
Training Solutions
FAA
for the
CACI is a leading provider of a wide range of aviation and aerospace offerings, with core competencies in: Enterprise training Advanced simulation ■ Remote and classroom education With experience managing and delivering training services to over 40 government organizations in the United States and around the world, CACI assures the FAA of high-quality, cost-efficient solutions that produce results. ■ ■
For more information:
Suzan Zimmerman, Senior Vice President I N F O R M AT I O N D E P L O Y E D . © CACI 2014 A355_1402
■
szimmerman@caci.com
S O LU T I O N S A D VA N C E D.
■
703-725-7671
MISSIONS ACCOMPLISHED.
www.caci.com
ATCA Bulletin | No. 11, 2014
7
Knumina Studios/Shutterstock.com
with pilot Bernt Balchen and two other
THE DIRECT ROUTE TO
TOMORROW’s
ATM
10-12 March 2015 | Madrid, Spain IFEMA, Feria de Madrid Register today at www.WorldATMCongress.org/register
Member Spotlight:
Aprocta – Spanish Air Traffic Controllers Association the Spanish administration and other political actors, the aviation sector, and mass media – all the while enhancing air traffic controllers’ reputations and reaffirming them as a key part of the aviation sector. In order to further assist their members, Aprocta is able to draw on their relationships with multiple aviation sector enterprises and organizations to provide technical advice. It also provides a full-service catalogue. Such additional services add value to Aprocta’s activity and assist the association with fulfilling its key objective – preserving and promoting excellence in air traffic control.
Know of a corporation in the aviation or air traffic community that hasn’t yet become an ATCA member?
Klemen Misic/Shutterstock.com
A
procta is the largest air traffic controllers association in Spain. The non-profit organization works to ensure that air navigation safety standards are improving every year to protect more than two billion passengers that pass through Spanish air space. Founded in 2009, Aprocta promotes the professional interests of Spanish air traffic controllers and works as an independent technical expert on both a national and international level, thus ensuring the legality of air navigation operations and access to the highest level of quality training. Aprocta works on a daily basis with its stakeholders including
Refer them to ATCA’s Membership Manager, Tim Wagner! Contact Tim at tim.wagner@atca.org or +1 703-299-2430 x314.
Midwest ATC was honored to be awarded the 2014 IHS Jane’s Runway Award for its Kandahar Runway Efficiency program at the CANSO ATM dinner in Madrid, Spain on 3 March. After being selected in 2003 as the first company to provide air traffic control and airfield management services in a combat zone for the U.S. Department of Defense, Midwest ATC continues to deliver safe and reliable aviation services throughout Afghanistan. That this award was earned on one of the world’s busiest single runway airfields while at the same time supporting intense combat operations is testament to the professionalism and dedication of the Midwest team at Kandahar AB. We are proud to celebrate their accomplishments as indicative of our commitment to safety and professional performance. Whether you are looking for air traffic control, weather observing and reporting, training, ground handling, or airfield management, Midwest has over 35 years of global experience and expertise to assist in the successful accomplishment of your mission. With a track record of servicing over 100 facilities across nine countries, Midwest is a proven low-risk, best value partner with tested operational procedures to ensure the safe, orderly and expeditious flow of traffic. Its team of supremely qualified aviation experts is dedicated to providing clients with an outstanding level of safety and commitment throughout the world. Using Midwest’s flexible and professional approach will enable you to achieve success.
Midwest Air Traffic Control Service, Inc. 7285 W 132nd Street, Suite 340, Overland Park, KS 66213 1514682_Midwest ATC.indd 1
Phone: + 1 913 782 7082 Web: www.atctower.com 13/03/2014 12:03
ATCA Bulletin | No. 11, 2014
9
ATCA Welcomes New Staff MARY JOHNSON
ASHLEY SWEARINGEN
Mary Johnson will be filling in for Marion Brophy, Director of Communications, until she returns from maternity leave in March 2015. Mary has led communications and marketing efforts for numerous associations, including the American Composites Manufacturers Association, the Spina Bifida Association, and the National Association for Energy Service Companies. Most recently, she has been a consultant for EEI Communications. She lives with her husband and two cats in Old Town Alexandria, just blocks from the ATCA office. In her spare time, she enjoys traveling, sailing, cooking, reading about food and eating.
Ashley Swearingen joined ATCA as their new Press and Marketing Manager. Prior to joining ATCA, Ashley worked at the American Bar Association in their Governmental Affairs Office. She graduated from the University of South Carolina in 2011 and has since gained experience in writing, marketing, strategic communications and event planning. Ashley lives in Washington, D.C., and spends her free time with friends, traveling, running, and cheering on the South Carolina Gamecocks in every sport.
In partnership with:
In association with:
2ND ANNUAL
SAFETY IN AIR TRAFFIC CONTROL
The Kensington Close Hotel, London, UK, 11th - 12th December 2014
WHAT KEY QUESTIONS WILL BE ANSWERED? • Do safety methodologies need to change to support SESAR? • What new regulations/ standards are under discussion and when will they be introduced into operations? • The concept of Safety II: What is being actioned in the industry to implement it?
• Increasing resilience and minimising damage when things go wrong: How can a fail culture be embraced?
• Looking forward: How can pilots and controllers work together more effectively to maintain safety?
• How can data be shared and learnt from across different organisations?
• When does it make sense to have remote control towers? Are there enough tools to mitigate concerns?
• The role of human factors and performance in safety management systems
CONFIRMED SPEAKERS INCLUDE: Alfred Vlasek Head of Safety and Occurrence Investigation Austrocontrol Brendan Ginn Team Leader Safety and Compliance Dubai Air Navigation Services (UAE) Giancarlo Buono Regional Director for Safety and Operations, Europe, IATA Paul Rinaldi President, NATCA Murdo Morrison Editor Flight International Craig Lippett Head of UAS Resource Group Neil May Head of Human Factors, NATS
Barry Humphreys Chairman British Air Transport Association Jose Calvo Fresno Chief Regulatory & Institutional affairs SESAR Joint Undertaking Senior Representative Eurocontrol Marian Schuver van Blanken Senior Human Factors Consultant, ATC Air Traffic Control The Netherlands (LVNL) Per Ahl VP Head of Commercial, Civil Security and Traffic Management, Western Europe, SAAB Eric de Causemacker Expert ATM Performance Belgian Supervisory Authority
Download the brochure
Media Partner:
Book now at www.flightglobalevents.com/ safetyATC2014 quoting promo code YZZ73401
10
ATCA Bulletin | No. 11, 2014
REGISTER TODAY ATCA members save 20% quote promo code YZZ73401
yienkeat /Shutterstock.com
Two new members join the team
TRAFFIC JAM AHEAD. PLAN ACCORDINGLY.
Transforming the air traffic management (ATM) system is essential for improving safety, efficiency and the environment around the globe. Boeing is fully committed and uniquely qualified to help make ATM transformation a reality. It’s the right time and Boeing is the right partner.
The ATCA Bulletin (ISSN 0402-1977) is published monthly by the Air Traffic Control Association. Periodical postage paid at Alexandria, VA. $5.00 of annual dues are allocated for the publication of the ATCA Bulletin. POSTMASTER: Send address changes to ATCA BULLETIN, 1101 King Street, Suite 300, Alexandria, VA 22314. Staff Marion Brophy, Director, Communications Ken Carlisle, Director, Meetings and Expositions Mary Johnson, Communications Consultant Kristen Knott, Writer and Editor Christine Oster, Chief Financial Officer Paul Planzer, Manager, ATC Programs Claire Rusk, Vice President of Operations Mindy Soranno, Office Manager Rugger Smith, International Accounts Sandra Strickland, Events and Exhibits Coordinator Ashley Swearingen, Press and Marketing Manager Tim Wagner, Membership Manager
1101 King Street Suite 300 Alexandria, VA  22314
Officers and Board of Directors Chairman, Neil Planzer Chairman-Elect, Charles Keegan President & CEO, Peter F. Dumont Treasurer, Rachel Jackson East Area Director, Susan Chodakewitz Pacific Area, Asia, Australia Director, Peter Fiegehen South Central Area Director, William Cotton Northeast Area Director, Mike Ball Southeast Area Director, Jack McAuley North Central Area Director, Bill Ellis West Area Director, Chip Meserole Canada, Caribbean, Central and South America, Mexico Area Director, Rudy Kellar Europe, Africa, Middle East Area Director, Jonathan Astill Director at Large, Rick Day Director at Large and Secretary, Sandra Samuel