Aircraft Network Security

and Compliance

Presented by:

John Zban

Tuesday, March 22nd | 8:00 a.m. – 9:15 a.m.

International Operators Conference | San Diego, CA | March 21 – 24, 2016

2

John Zban• MCSA, MCSE, CCNA, CET, Aero IT

– CIO, Satcom Direct

– 25 years in IT

– 10 years with Satcom Direct

– Aircraft Network Support

– Aircraft Network Engineering

– Development and Deployment of

Value Added Services, Products and

Terrestrial Infrastructure

3

Network Security Risks

• Data theft or disruption of network systems is a critical issue, costing money,

downtime and possible embarrassment to a company

• Methods range from social engineering attacks to theft of passwords and

credentials, spam, malware and more

• Measures must be taken within all environments for data to be secure

• Remote locations must follow the same policies set forth by a company

• Users have a responsibility to help secure data

– Being educated

– Following corporate policies and procedures

– Know what you are connected to

4

Network Security Risks

• Common types of network threats:

– Evil Twin/Rogue Access points

– Spear Phishing

– Command-and-Control Malware

– Advanced Persistent Threats

5

Network Security Risks

• Common types of network threats:

– Evil Twin/Rogue Access Points: often close to, or while parked at an FBO

– A user unknowingly associates with a rogue or fake wireless access point that

has the same name as the legitimate access point

• The intent is to capture/steal data passing through the rogue access point

6

Network Security Risks

• Spear Phishing

• An email which appears to be from a

known individual or business but is not:

– Typically targets a specific

organization or group (the execs

on the AC)

– Intent is to get credit card, bank

account numbers, passwords,

trade secrets, etc., typically by

clicking a link to enter information

– End user (employee) can decide to

click the rogue link

7

Network Security Risks

• Command-and-Control Malware

• Malware that is unknowingly installed and will conduct a “call-home” to fetch

updates and instructions from the Command-and-Control servers

– Will also send back stolen information

8

Network Security Risks• APT (Advanced Persistent Threats)

– An Advanced Persistent Threat is a

network attack in which a person

gains access to a network (through a

variety of sources) and resides

undetected for an extended period of

time

• The goal is typically to steal data

undetected rather than cause

damage to the network

• Typically targeted toward high-

value sectors, such as national

defense, manufacturing and

financial

1. RECONNAISSANCEAttacker leverages information from a

variety of factors to understand their

target.

2. INCURSIONAttackers break into network by using

social engineering to deliver targeted

malware to vulnerable systems and

people.

3. DISCOVERYOnce in, the attackers stay “low and

slow” to avoid detection.

They then map the organization’s

defenses from the inside and create a

battle plan and deploy multiple parallel

kill chains to ensure success.

4. CAPTUREAttackers access unprotected systems

and capture information over an

extended period.

They may also install malware to

secretly

acquire data or disrupt operations.

5. EXFILTRATIONCaptured information is sent back to

attack team’s home base for analysis

and

further exploitation fraud – or worse.

9

Multiple Networks

• Multiple Internet gateways increase your

exposure

– Having multiple Internet connections

adds to the complexity

• No single monitoring/filtering for

exiting traffic

• No guaranteed compliance

policy application

• No central logging capability

• Allows for multiple attack entry

points

10

Forced Routing

• Inmarsat Swift Broadband

– China SAS: When entering Chinese

airspace, all traffic will be transferred

to the Chinese SAS

– Russia SAS: When entering Russian

airspace, all traffic will be transferred

to the Russian SAS

Risk Mitigation

12

The Wall

• Stopping all malicious activity isn’t possible

– The wall will stop 99%

– Mitigation, mitigation, mitigation

– Monitor everything

– Sense change

– Act to remove the threat

13

What Can We Do?

• Protect your aircraft network

– Password protect your Wi-Fi network

– Know what network you are connected to

– Use strong passwords

– Use caution and common sense

– Understand that security is not convenient

14

What Can We Do?

• Be a smart computer user

– Check links in emails (hover over it)

– Be skeptical of ANY attachment

– Use caution and common sense

– Verify if you have any doubts

– Involve your IT Department; they are the

experts

15

What Can We Do?

• Careful when installing software!

– LOOK and READ each Pop Up!

– Avoid unfamiliar downloads

– Use caution and common sense

– Obey your corporate policies

16

Forced Routing Mitigation

• Talk to your service provider

– Ask about notification options

– Ask about encryption options

– Ask about private network options

– Limit transmission of highly sensitive data

– If the risk is considered too great, turn the

system off if corporate policy so requires

17

Flight Tracking Data Protection

• Talk to your service provider

• Understand tracking data sources and methodology

– Ask about service provider options

– Understand the sources of tracking data

– Choose the one that’s right for you and the

hardware on your aircraft

– Understand the BARR and how it works