Presented at
Black Hat USA 2019,
Aug. 7, 2019, 5:05 p.m.
(25 minutes)
When you consider critical infrastructure, we rarely consider the enabling technology and systems that realize such infrastructure; such as, agribusiness' reliance on weather and climate satellites, the U.S. military's reliance on intelligence satellites, and various transportation industries' reliance on global positioning system (GPS) satellites. Most of the world's critical infrastructure relies on space systems. Despite efforts to improve the cybersecurity of critical infrastructure, there has been little focus on cybersecurity for space systems. Challenges to secure space systems included technology development, ownership, and management perspective. This leads to the lack of guidance in the form of standards that govern space system security and, ultimately, policies that enforce these standards.
This presentation first discusses the recent major cybersecurity threats to space systems, and the potential motivations for cybercriminals or nation states would be interested in compromising space systems. Next, we discuss the various perspectives required to secure space systems. The majority of the presentation describes a Honeywell technique for assessing security risks for safety-critical systems like space systems. We conclude with a discussion of possible next steps in advancing cybersecurity for space systems.
Presenters:
-
Daniel Johnson
- Aerospace Cybersecurity Fellow, Honeywell
Dr. Johnson is currently responsible for network security design and certification oversight for Honeywell aerospace wireless systems. He has over 30 years of experience in systems engineering, analysis, design and development of secure reliable systems for industrial and avionics systems.
<ul>
<li>Member of FAA Aviation Rulemaking Advisory Committee (ARAC) Aircraft Systems Information Security Protection (ASISP) Working Group</li>
<li>Co-chair of RTCA SC-216 <em>Aeronautical System Security</em> from 2007 to 2017</li>
<li>Member of RTCA SC-217 <em>Aeronautical Databases</em></li>
<li>Industry editor for RTCA Standard DO-326 and EUROCAE Standard ED-202, <em>Airworthiness Security Process Specification</em> published in December 2010, RTCA; Standard DO-356, <em>Airworthiness Security Methods and Considerations</em>, published in June 2014; and of the revision DO-326A <em>Process Specification for Airworthiness Security</em> published in June of 2014 as the basis for future aircraft network security certification.</li>
</ul>
-
Ken Heffner
- Senior Engineering Fellow for Honeywell Defense and Space, Honeywell International
Dr. Ken Heffner is a Senior Engineering Fellow for the Honeywell Defense and Space. Ken has 34 years of experience leading internal and DoD-sponsored research in space and defense precision navigation systems, electronics systems, 3D-system-on-chip microsystems along with TRUST technologies for microcircuits. Ken leads Honeywell’s secure systems engineering technology and product strategy for integrated systems across Honeywell Corporate Strategic Business Groups. Ken holds 20 U.S. patents in the field of security technologies. Ken recently authored four IEEE publications and is a contributing author of a new book on cyber physical systems security engineering for the automotive industry. Ken received his Ph.D. in Chemistry from the University of South Florida. Ken is also a certified Six Sigma Black Belt.
-
Ly Vessels
- Cybersecurity Risk Assessment for Safety-Critical Systems, Honeywell
Dr. Ly Danielle Vessels is a distinguished cybersecurity leader at Honeywell with 30+ years of experience as a researcher, architect, strategist, and technologist. Her experience crosses over multiple technology areas: cybersecurity, distributed computing, networking, OS, cloud computing, aviation, and defense. She held key leadership and technical positions Microsoft, General Dynamics, Sandia National Laboratories, IBM, and Scientia.
Links:
Similar Presentations: