Instructed by Mr. Todd Raines, senior Air Force civilian at US Cyber Command
ü From October 26 – November 18, 2021 (4 Weeks, 8 Classes, 16 Total Hours)
ü Every Tuesday and Thursday at 1300-1500 Eastern Time (all sessions will be recorded and available for replay; course materials will be available for download)
ü All students will receive an AIAA Certificate of Completion at the end of the course
Overview
This course covers Aviation Cybersecurity Management, a discipline that is fast becoming one of the most important aspects of the aviation industry. Aircraft systems integrity, airport security, security of the passengers, cargo and the myriad systems that support aviation are a few areas where the reliance on computer networks is significant and the consequences of cyber breaches are great. Students will learn the needs and developments of cybersecurity, and techniques to minimize or eliminate threats. The course treats aviation cybersecurity management within the context of rapid technological changes.
- Recall the history, scope, gaps and vulnerabilities of cybersecurity in the aviation industry and in the National Airspace System
- Understand and explain cybersecurity applicability and problems within the aviation industry
- Synthesize the relevant cybersecurity information pertaining to aviation and propose solutions for desired outcomes
- Demonstrate an understanding of the legal, social, economic, environmental, and global ramifications of cybersecurity actions in the aviation industry
- Identify, formulate, and solve cybersecurity problems in the aviation industry by selecting and applying appropriate tools and techniques
- Demonstrate advanced knowledge of cybersecurity and the impact of technology within the aviation industry
- Understand common cybersecurity vulnerabilities and modern threat actors and evaluate their relevance to the aviation industry
- Understand trends in cyber breaches and threats and analyze their importance to aviation management
- Apply principles and best practices of information security, intelligence and risk assessment to mitigate gaps and vulnerabilities in aviation cybersecurity
- Create a cybersecurity strategy for an aviation management company
Course Outline
Week 1
Learning Objectives:
· Understand the course learning objectives, schedule, policies, and requirements
· Recall and explain marketplace drivers for the U.S. UAS marketplace
· Analyze concerns for cybersecurity in the UAS marketplace
· Recall the history of regulation of various modes of travel for the last 150 years
· Explain the roles of legislation, regulations, judicial processes and their impacts on the aviation industry
· Explain the roles of federal, state, and local governments in regulating air traffic
· Evaluate the 2019, 2020, and 2021 Verizon Data Breach Incident Reports’ conclusions and relevance to aviation cybersecurity
Optional Recommended Reading - Nichols, Chapters 1 & 2; 2019, 2020, and 2021 Verizon Data Breach Incident Reports
Optional Activities - Online discussion post and reply; Knowledge Check 1
Week 2
Learning Objectives:
· Explain the information security requirements that apply to aviation cybersecurity
· Discuss the basics of risk management theory and how it applies to aviation cybersecurity
· Describe the unique challenges that UAS present to cybersecurity
· Explain why public trust in the aviation system is the most valuable asset we must protect as aviation cybersecurity experts
· Describe the problem of countering hostile use of UAS against us national interests.
· Identify critical components of an Unmanned Aircraft System (UAS), identify potential cyber vulnerabilities and understand the taxonomy of UAS operations that may be compromised.
· Propose ways the FAA can help move UAS technology forward in keeping with its mission to ensure a safe and efficient transportation system that meets national interests.
Optional Recommended Reading - Nichols, Chapters 3 & 4; Wurzler (2013). Information Risks and Risk Management. Retrieved from https://www.sans.org/reading-room/whitepapers/bestprac/information-risks-risk-management-34210
Optional Activities - Online discussion post and reply; Written exercise 1; Knowledge Check
Week 3
Learning Objectives:
· Explain the Intelligence Cycle and its relevance to this industry
· Articulate the role of intelligence in aviation cybersecurity
· Articulate a strategy to obtain the intelligence needed for an aviation company
· Explain red teams and blue teams and how they can be used to enhance cybersecurity of aviation companies or aircraft
· Describe how attack/defend scenarios can take cyber defense strategies to the next level
· Explain the communications vulnerabilities of aircraft for cyber attack
· Explain how you can prevent the data being collected by UAS from being intercepted
· Discuss security controls that should be considered for the case where your aviation UAS asset goes missing
· Design a security policy to protect against equipment probing
· Propose a method for knowing when unauthorized UAS are operating near your aviation company or operations
· Explain the potential dangers of unauthorized UAS operating near sensitive areas
Optional Recommended Reading - Nichols, Chapters 5, 6 & 14; National Strategy for Aviation Security (2018). White House. Retrieved from https://www.whitehouse.gov/wp-content/uploads/2019/02/NSAS-Signed.pdf
Optional Activities - Online discussion post and reply; Written exercise 2; Knowledge Check 2
Week 4
Learning Objectives:
· Explain how the IoT is increasing risks to aviation safety
· Explain how data integrity can be attacked and cause hazards to flight
· Propose strategies for driving down the risks to infrastructure, networks, and vehicles in the aviation industry
· Propose a strategy for enhancing the cybersecurity of avionics systems on modern transportation aircraft.
· Describe the weaknesses of the current FAA cybersecurity oversight program
· Explain how you, as a flying company manager, could help your company reduce the risks that the FAA is leaving un-addressed in avionics cybersecurity
Optional Recommended Reading:
· Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (2017). White House. Retrieved from https://www.whitehouse.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/
· FAA Should Fully Implement Key Practices to Strengthen Its Oversight of Avionics Risks. Government Accountability Office. Retrieved from https://www.gao.gov/assets/720/710096.pdf
· Connected Aircraft: Cyber-Safety Risks, Insider Threat, and Management Approaches (2019). Proceedings of the 52nd Hawaii International Conference on System Sciences. Retrieved from https://scholarspace.manoa.hawaii.edu/bitstream/10125/59759/0319.pdf
Optional Activities - Final Knowledge Check
Instructor
Todd “Rhino” Raines is a senior Air Force civilian at US Cyber Command with expertise in planning and executing cyber operations. His first career was in conventional warfare; he retired after 21 years of flying F-4, F-15, and F-16 fighter aircraft for the Air Force. He also flew for United Airlines. In 2009, he answered a call to come to Fort Meade, Maryland, and help set up Cyber Command.
He has a Bachelor of Science in Astronautical Engineering from the US Air Force Academy, and a Master of Science in Cyber Security from National University. In addition to multiple overseas deployments as an Air Force fighter pilot, he has twice deployed to Afghanistan civilian in cyber warfare and leadership roles. He serves an Adjunct Professor at the National Cryptologic School at Fort Meade, where he teaches Adversary Cyber Methodologies. He also teaches Aviation Cyber Security as an Adjunct in the Masters program at Capitol Technology University, near Fort Meade. He enjoys teaching cyber security as an Adjunct because it helps keep him sharp for his day job, and because adult learners are just fun to teach.
Classroom hours / CEUs: 1.6 classroom hours / 1.6 CEU/PDH
Course Delivery and Materials- The course lectures will be delivered via Zoom. You can test your connection here: https://zoom.us/test
- All sessions will be available on-demand within 2 days of the lecture. Once available, you can stream the replay video anytime, 24/7. All slides will be available for download after each lecture.
- No part of these materials may be reproduced, distributed, or transmitted, unless for course participants. All rights reserved.
- Between lectures, the instructor will be available via email for technical questions and comments.
Contact: Please contact Lisa Le or Customer Service if you have questions about the course or group discounts (for 5+ participants).