Air Traffic Control Association
No. 12, 2015
THREE PIECES OF CYBER SECURITY ADVICE from Cylance CEO Stuart McClure
IN THIS ISSUE: »» A Sneak Peek at ATCA’s Cyber Security White Paper »» Photos from ATCA’s Holiday Party »» Aviation History Corner »» And more!
No. 12, 2015 By Peter F. Dumont, President & CEO, Air Traffic Control Association
Art of the Airport Tower
ith the end of the year quickly approaching, I was recently reflecting on all that ATCA has accomplished in 2015. Beyond our successful events and publications, I realized we were involved in a project that I really haven’t written about: the “Art of the Airport Tower” exhibit at the Smithsonian National Air and Space Museum. If over your holiday break you get the opportunity to visit the National Air and Space Museum here in Washington, DC, be sure to visit this wonderful exhibit, which is open through November 2016. It is a photographic display of air traffic control towers from around the world. Many of the photos are abstract but all of them are beautiful displays of ATC tower architecture, all by photographer Carolyn J. Russo. The reason I bring this up is because the National Air and Space Museum contacted me about 18 months ago to see if ATCA was interested in sponsoring the exhibit and an accompanying book. I said yes because I thought that enabling this project was a very good thing for our industry. Everyone sees the tower at an airport but few really think about it. This exhibit might very well change that. CNN, in its recent article, put it this
way: “[Air traffic control towers] stand watch over airfields around the planet, ensuring that tens of thousands of flights take off, land and taxi safely every day. Yet airport control towers are often overlooked by air travelers – or at least some would be if they weren’t so weird looking. Built by some of the world’s most experimental architects, many belie their functional purpose by displaying an often stark beauty worthy of more than passing attention.” To read the article in its entirety, visit http://goo.gl/TN3lbC. I couldn’t have said it better myself. I was able to enjoy the exhibit when I attended its opening last month at the Air and Space Museum. After a year at the museum, the exhibit will then travel around the world. If you are interested in the coffee table book (or even a copy signed by Ms. Russo herself ) give me a call at 703-299-2430. Earlier this month ATCA celebrated our members with our annual holiday party. Please flip to pages six and seven to see photos from the party. May you all have a healthy and prosperous New Year and I look forward to continuing to serve you as ATCA’s President in 2016.
1101 King Street, Suite 300 Alexandria, VA 22314 Phone: 703-299-2430 Fax: 703-299-2437 firstname.lastname@example.org www.atca.org President & CEO: Peter F. Dumont
Director, Communications: Marion Brophy Writer/Editor: Kristen Knott
Formed in 1956 as a non-profit, professional membership association, ATCA represents the interests of all professionals in the air traffic control industry. Dedicated to the advancement of professionalism and technology of air traffic control, ATCA has grown to represent several thousand individuals and organizations managing and providing ATC services and equipment around the world. Published by
140 Broadway, 46th Floor New York, NY 10005 Toll-free: 866-953-2189 Toll-free Fax: 877-565-8557 www.lesterpublications.com President: Jeff Lester
Vice President & Publisher: Sean Davis
Director of Business Development: Jeff Wall Editorial Director: Jill Harris
Editorial Assistant: Andrew Harris Art Director: Myles O’Reilly
Senior Graphic Designer: John Lyttle Graphic Designers: Crystal Carrette, Jessica Landry, Gayl Punzalan Advertising Sales: Book Leader: Quinn Bogusky Colleen McDonald Louise Peterson Distribution: Nikki Manalo
© 2015 Air Traffic Control Association, Inc. All rights reserved. The contents of this publication may not be reproduced by any means, in whole or in part, without the prior written consent of ATCA.
Upcoming Events January 12, 2016
Aviation Cyber Security Day Westin Crystal City Arlington, VA
ATCA Bulletin | No. 12, 2015
March 8–10, 2016
World ATM Congress iFEMA, Feria de Madrid Madrid, Spain
Disclaimer: The opinions expressed by the authors of the editorial articles contained in this publication are those of the respective authors and do not necessarily represent the opinion of ATCA. Printed in Canada. Please recycle where facilities exist.
Cover photo: Ensuper/Shutterstock.com Stock photography provided by Shutterstock.com
Three Pieces of Cyber Security Advice from Cylance CEO Stuart McClure By Kristen Knott, ATCA Writer and Editor
Stuart offers three pieces of cyber security advice for organizations: 1
Know your risks. Be aware of your organization’s vulnerabilities (a.k.a. its “cracks in the dam”)
Know and develop relationships with the decision makers in your organization. Quantify the risks for your audience to the leaders in your organization.
Use the money you do have to focus in on the source of the problem instead of reactive technologies. “If you put half [of that money] toward prevention, you’ll kill 80 percent of the problem,” said McClure.
everything possible / Shuterstock.com
tuart McClure knows cyber security. As founder and CEO of Cylance, Inc. – the revolutionary company with the first math-based approach to cyber threat detection and protection – he is all too familiar with the topic. He stresses the importance of taking steps now to proactively prevent cyber attacks. It’s just one of the reasons that he will deliver the keynote address at ATCA’s Aviation Cyber Security Day on January 12. “I want to help all attendees understand the cyber security risks present in global critical infrastructure and embedded security systems, and [provide] a high level understanding of how bad it is and what we can all do to mitigate those risks to avoid a catastrophe,” said McClure. “It
ATCA Bulletin | No. 12, 2015
can happen any minute, any day. Until we have that cyber armageddon, we’re a reactive species and have to see what can happen before we prevent it.” McClure agrees that aviation operations are an often overlooked aspect of cyber security. It was another strong motivator in his engaging with ATCA. “All of these [aviation] systems are antiquated. There are very little authentication authorization controls and I desperately want to change that in our products and services,” said McClure. The biggest change in cyber security attacks in recent years is who is targeted, says McClure. No one is safe now. Stuart cites the 2014 cyber hack of Sony Pictures Entertainment as an example. “Who would’ve though they would be a target and they got sent back to the Stone Age,” said McClure. “Avionics and air traffic control are no different. [Cylance has] developed products that are portable for any platform.” For more information about ATCA’s Aviation Cyber Security Day (or to register for the event), visit atca.org/cyberhome.
In his own words: Stuart McClure on the importance of prevention On February 24, 1989, United Flight 811 left Honolulu, Hawaii, on its way to Auckland, New Zealand, with 364 souls on board. Somewhere between 23,000 and 24,000 feet an enormous explosion ejected nine passengers into the dark void over the Pacific Ocean. This aviation disaster was later determined to have been caused by a simple design flaw combined with the lack of corrective action…The result: nine people lost their lives. The other 337 passengers, plus 18 crew members who survived, live with the memory every day; all of it due to a highly preventable design flaw. As a 19-year-old young adult, I was grateful to have survived but I had no idea how that single event would impact my future in such a profound way. Much of my passion for cyber security can be directly attributed to that fateful day. The United Flight 811 accident proves just how important it is to detect flaws before tragedy strikes. Preventable disasters like this are what motivates the Cylance team to create a safer world. We do everything we can to uncover the flaws in technologies before they damage the physical or cyber world. Our mission is simple: to protect the world. – An excerpt from “Operation Cleaver,” Cylance’s 2014 technical report detailing a cyberwarfare covert operation targeting critical infrastructure organizations worldwide
Aviation Cyber Security Day January 12, 2016
TRAFFIC JAM AHEAD. PLAN ACCORDINGLY.
Transforming the air trafﬁc management (ATM) system is essential for improving safety, efﬁciency and the environment around the globe. Boeing is fully committed and uniquely qualiﬁed to help make ATM transformation a reality. It’s the right time and Boeing is the right partner.
Happy Holidays From everyone here at ATCA, we wish you a safe holiday season filled with family, friends, and good cheer.
ATCA Bulletinâ€‚ |â€‚ No. 12, 2015
ATCA Bulletin | No. 12, 2015
ATCA’s Cyber White Paper is Available!
or most organizations in 2011, cyber security was merely an afterthought. ATCA, on the other hand, saw the growing threat and had the foresight to host its first Aviation Cyber Security Day. Four years later, cyber security is on everyone’s radar and has grown into one of the biggest hot-button issues in the aviation industry. ATCA saw the need to take its investment in cyber security one step further: this year it formed its own cyber security committee to draft a white paper that addresses the topic as it relates to aviation operations – an often overlooked aspect of cyber security. The committee, which was formed in April 2015, met bi-monthly to develop ATCA’s first cyber white paper. “This is a first step in influencing cyber policies. In my opinion, having the conversation just wasn’t enough anymore. We needed to take the next step by putting together our cyber-smart members to help,” said Peter F. Dumont, ATCA’s President & CEO. The white paper, “Forming a Strategic Initiative to Combat Modern Cyber Security Threats,” will be unveiled in its entirety on the morning of Jan. 12, 2016, prior to the start of ATCA’s Aviation Cyber Security Day in Arlington, VA. In the meantime, here’s a sneak peek. For more information, please visit atca.org/cyber-home.
Forming a Strategic Initiative to Combat Modern Cyber Security Threats Over the past 20 years, cyber security has positioned itself as an independent community in the world of operations. While cyber security is comprised of a field of specialists, those specialists must work hand-in-hand with the development and operations team so that small and large irregularities are reported. This is vital so that when a cyber threat is suspected, a well-orchestrated action plan can be executed. Zero day attacks, where hackers find a previously unknown path into a software system creating a data breach or a technical meltdown, is a reoccurring news story. Technology cannot mitigate all of these threats. It is critical to the safety and efficiency of aviation operations that operational service anomalies be communicated in such a manner to operations that a pre-rehearsed process help mitigate
these violations. No longer should cyber security vulnerabilities be seen as solely a technical responsibility. Operations can play a large part in keeping aviation service available until the impact area is found and mitigated. The entire aviation industry – FAA, airlines, pilots, ANSPs, airport authorities, and private sector – needs an agreed-upon policy to identify system impacts from cyber threats to operations; this is necessary for the Air Navigation Service Providers (ANSPs) as well as aviation partners. This effort has to be a collaborative one in which ANSPs identify the aviation partners and lead this effort. Organizations like the Aviation Information Sharing and Analysis Center (A-ISAC) have made great strides in cyber security, but it is just the beginning.
Thank you to our Cyber Security Committee members! Steve Carver, Chair Everett Ayers, ARINC Mike Ball, Northrup Grumman David Batchelor, SESAR JU Daniel Hanlon, Raytheon Jerry Hoff, Steven Hofman, DOD
Hunter Johnson, Northrup Grumman Christopher Mariano, CGI Federal Jeff Snyder, Raytheon Paul Stork, ARINC Dr. Rebekah Tanti-Dougall, Tanti-Dougall & Assoc. ATCA Bulletin | No. 12, 2015
Make the future of ATM your business.
This Month in Aviation History On December 17, 1993…
Continental Express began the first FAA-approved use of the Global Positioning System (GPS) for nonprecision airport approaches in operations at Aspen and Steamboat Springs, Colo. Four days later, the Department of Transportation (DOT) announced the report of a joint DOT/Department of Defense (DOD) task force on the GPS. The task force recommended that DOT should take stronger role in managing the DOD-controlled system, and that technical steps be taken to improve the integrity and availability of GPS for all transportation modes. Andrey Armyagov / Shutterstock.com
– FAA Historical Chronology
QUALITY SERVICE FOR OVER 35 YEARS Founded in 1978, Midwest ATC supports a diverse customer base, including the US Federal Aviation Administration, the FAA International Office, the US Department of Defense, the North Atlantic Treaty organization, and the Canadian Department of Defense. With our solid reputation and team of highly qualified aviation experts, Midwest ATC is dedicated to providing clients with an outstanding level of service and commitment to safety at a reasonable price.
ATCA Bulletin | No. 12, 2015
The ATCA Bulletin (ISSN 0402-1977) is published monthly by the Air Traffic Control Association. Periodical postage paid at Alexandria, VA. $5.00 of annual dues are allocated for the publication of the ATCA Bulletin. POSTMASTER: Send address changes to ATCA BULLETIN, 1101 King Street, Suite 300, Alexandria, VA 22314. Staff Marion Brophy, Director, Communications Ken Carlisle, Director, Meetings and Expositions Ashley Haskins, Office Manager Kristen Knott, Writer and Editor Christine Oster, Chief Financial Officer Paul Planzer, Manager, ATC Programs Rugger Smith, International Accounts Sandra Strickland, Events and Exhibits Coordinator Ashley Swearingen, Press and Marketing Manager Tim Wagner, Membership Manager Theresa Clair, Associate Director, Meetings and Expositions
1101 King Street Suite 300 Alexandria, VAâ€‚ 22314
Officers and Board of Directors Chairman, Neil Planzer Chairman-Elect, Charles Keegan President & CEO, Peter F. Dumont Treasurer, Rachel Jackson East Area Director, Susan Chodakewitz Pacific Area, Asia, Australia Director, Peter Fiegehen South Central Area Director, William Cotton Northeast Area Director, Mike Ball Southeast Area Director, Jack McAuley North Central Area Director, Bill Ellis West Area Director and Secretary, Chip Meserole Canada, Caribbean, Central and South America, Mexico Area Director, Rudy Kellar Europe, Africa, Middle East Area Director, Jonathan Astill Director at Large, Rick Day Director at Large, Vinny Capezzuto Director at Large, Michael Headley