• Recall the history, scope, gaps and vulnerabilities of cybersecurity in the aviation industry and in the National Airspace System
• Understand and explain cybersecurity applicability and problems within the aviation industry
• Synthesize the relevant cybersecurity information pertaining to aviation and propose solutions for desired outcomes
• Demonstrate an understanding of the legal, social, economic, environmental, and global ramifications of cybersecurity actions in the aviation industry
• Identify, formulate, and solve cybersecurity problems in the aviation industry by selecting and applying appropriate tools and techniques
• Demonstrate advanced knowledge of cybersecurity and the impact of technology within the aviation industry
• Understand common cybersecurity vulnerabilities and modern threat actors and evaluate their relevance to the aviation industry
• Understand trends in cyber breaches and threats and analyze their importance to aviation management
• Apply principles and best practices of information security, intelligence and risk assessment to mitigate gaps and vulnerabilities in aviation cybersecurity
• Create a cybersecurity strategy for an aviation management company

Course Outline 

Week 1

Learning Objectives:

· Understand the course learning objectives, schedule, policies, and requirements

· Recall and explain marketplace drivers for the U.S. UAS marketplace

· Analyze concerns for cybersecurity in the UAS marketplace

· Recall the history of regulation of various modes of travel for the last 150 years

· Explain the roles of legislation, regulations, judicial processes and their impacts on the aviation industry

· Explain the roles of federal, state, and local governments in regulating air traffic

· Evaluate the 2019, 2020, and 2021 Verizon Data Breach Incident Reports’ conclusions and relevance to aviation cybersecurity

Optional Recommended Reading - Nichols, Chapters 1 & 2;  2019, 2020, and 2021 Verizon Data Breach Incident Reports

Optional Activities - Online discussion post and reply; Knowledge Check 1

Week 2

Learning Objectives:

· Explain the information security requirements that apply to aviation cybersecurity

· Discuss the basics of risk management theory and how it applies to aviation cybersecurity

· Describe the unique challenges that UAS present to cybersecurity

· Explain why public trust in the aviation system is the most valuable asset we must protect as aviation cybersecurity experts

· Describe the problem of countering hostile use of UAS against us national interests.

· Identify critical components of an Unmanned Aircraft System (UAS), identify potential cyber vulnerabilities and understand the taxonomy of UAS operations that may be compromised.

· Propose ways the FAA can help move UAS technology forward in keeping with its mission to ensure a safe and efficient transportation system that meets national interests.

Optional Recommended Reading - Nichols, Chapters 3 & 4; Wurzler (2013). Information Risks and Risk Management. Retrieved from https://www.sans.org/reading-room/whitepapers/bestprac/information-risks-risk-management-34210

Optional Activities - Online discussion post and reply; Written exercise 1; Knowledge Check

Week 3

Learning Objectives:

· Explain the Intelligence Cycle and its relevance to this industry

· Articulate the role of intelligence in aviation cybersecurity

· Articulate a strategy to obtain the intelligence needed for an aviation company

· Explain red teams and blue teams and how they can be used to enhance cybersecurity of aviation companies or aircraft

· Describe how attack/defend scenarios can take cyber defense strategies to the next level

· Explain the communications vulnerabilities of aircraft for cyber attack

· Explain how you can prevent the data being collected by UAS from being intercepted

· Discuss security controls that should be considered for the case where your aviation UAS asset goes missing

· Design a security policy to protect against equipment probing

· Propose a method for knowing when unauthorized UAS are operating near your aviation company or operations

· Explain the potential dangers of unauthorized UAS operating near sensitive areas

Optional Recommended Reading - Nichols, Chapters 5, 6 & 14; National Strategy for Aviation Security (2018). White House. Retrieved from https://www.whitehouse.gov/wp-content/uploads/2019/02/NSAS-Signed.pdf

Optional Activities - Online discussion post and reply; Written exercise 2; Knowledge Check 2

Week 4

Learning Objectives:

· Explain how the IoT is increasing risks to aviation safety

· Explain how data integrity can be attacked and cause hazards to flight

· Propose strategies for driving down the risks to infrastructure, networks, and vehicles in the aviation industry

· Propose a strategy for enhancing the cybersecurity of avionics systems on modern transportation aircraft.

· Describe the weaknesses of the current FAA cybersecurity oversight program

· Explain how you, as a flying company manager, could help your company reduce the risks that the FAA is leaving un-addressed in avionics cybersecurity

Optional Recommended Reading:

· Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (2017). White House. Retrieved from https://www.whitehouse.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/

· FAA Should Fully Implement Key Practices to Strengthen Its Oversight of Avionics Risks. Government Accountability Office. Retrieved from https://www.gao.gov/assets/720/710096.pdf

· Connected Aircraft: Cyber-Safety Risks, Insider Threat, and Management Approaches (2019). Proceedings of the 52^nd Hawaii International Conference on System Sciences. Retrieved from https://scholarspace.manoa.hawaii.edu/bitstream/10125/59759/0319.pdf

Optional Activities - Final Knowledge Check

Instructor

Todd “Rhino” Raines is a senior Air Force civilian at US Cyber Command with expertise in planning and executing cyber operations. His first career was in conventional warfare; he retired after 21 years of flying F-4, F-15, and F-16 fighter aircraft for the Air Force. He also flew for United Airlines. In 2009, he answered a call to come to Fort Meade, Maryland, and help set up Cyber Command.

He has a Bachelor of Science in Astronautical Engineering from the US Air Force Academy, and a Master of Science in Cyber Security from National University. In addition to multiple overseas deployments as an Air Force fighter pilot, he has twice deployed to Afghanistan civilian in cyber warfare and leadership roles. He serves an Adjunct Professor at the National Cryptologic School at Fort Meade, where he teaches Adversary Cyber Methodologies. He also teaches Aviation Cyber Security as an Adjunct in the Masters program at Capitol Technology University, near Fort Meade. He enjoys teaching cyber security as an Adjunct because it helps keep him sharp for his day job, and because adult learners are just fun to teach.

Classroom hours / CEUs: 1.6 classroom hours / 1.6 CEU/PDH

• The course lectures will be delivered via Zoom. You can test your connection here: https://zoom.us/test
• All sessions will be available on-demand within 2 days of the lecture. Once available, you can stream the replay video anytime, 24/7. All slides will be available for download after each lecture.
• No part of these materials may be reproduced, distributed, or transmitted, unless for course participants. All rights reserved.
• Between lectures, the instructor will be available via email for technical questions and comments.