National Academies Press: OpenBook

Guidebook on Best Practices for Airport Cybersecurity (2015)

Chapter: Glossary, Abbreviations, Acronyms, and Symbols

« Previous: Chapter 7 - Conclusions and Suggested Research
Page 73
Suggested Citation:"Glossary, Abbreviations, Acronyms, and Symbols." National Academies of Sciences, Engineering, and Medicine. 2015. Guidebook on Best Practices for Airport Cybersecurity. Washington, DC: The National Academies Press. doi: 10.17226/22116.
×
Page 73
Page 74
Suggested Citation:"Glossary, Abbreviations, Acronyms, and Symbols." National Academies of Sciences, Engineering, and Medicine. 2015. Guidebook on Best Practices for Airport Cybersecurity. Washington, DC: The National Academies Press. doi: 10.17226/22116.
×
Page 74
Page 75
Suggested Citation:"Glossary, Abbreviations, Acronyms, and Symbols." National Academies of Sciences, Engineering, and Medicine. 2015. Guidebook on Best Practices for Airport Cybersecurity. Washington, DC: The National Academies Press. doi: 10.17226/22116.
×
Page 75

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

73 Glossary Actor—An individual or group that can manifest a threat. Attribution—Information on an actor, primarily to specify their identity, location, motives, and level of sophistication. Countermeasure—An action, device, procedure, or technique that reduces a threat, vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken. Cyberattack—A deliberate attempt to violate the security of a digital system. A successful attack is one that achieves its goal, typically causing harm to information, systems, or infrastructure or disrupting operations that rely on these resources. Cybersecurity—Means and methods that protect data and systems from unauthorized access, inappropriate modification, or unintentional loss. Defense in Depth—The implementation of multiple layers of countermeasures as a means of providing additional protection should one layer fail. Industrial Control Systems—Information systems used to control industrial processes such as manufacturing, product handling, production, and distribution. ICS include SCADA systems used to control geographically dispersed assets as well as distributed control systems and smaller control systems using programmable logic controllers to control localized processes (Joint Task Force Transformation Initiative 2012). Insider Threat (malicious)—A current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integ- rity, or availability of the organization’s information or information systems (Carnegie Mellon University 2014). Motive—Something that causes a person to act (Merriam-Webster 2014). Target—The data or system to which an actor wishes to gain access. Threat—Any circumstance or event with the potential to adversely impact organizational opera- tions (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service (Committee on National Security Systems 2010). Vector—The channel or conduit by which an attack is carried out, including email, malware, physical access, and other means. Glossary, Abbreviations, Acronyms, and Symbols

74 Guidebook on Best Practices for Airport Cybersecurity Vulnerability—A weakness that exposes data and/or systems to threat. Vulnerability is intro- duced by the lack of countermeasures to adequately protect an asset (Committee on National Security Systems 2010). Worm—A type of infectious software that replicates itself in order to spread to other computers. It is typically propagated by replicating itself using computer networks and exploiting vulner- able systems. Unlike viruses or other types of malware, worms do not need to attach themselves to an existing code base, and they may potentially damage both network devices and computer systems. The most important protection against worms is user awareness which is enhanced by antivirus software deployment. Removing a worm is a tedious process that starts with a com- prehensive outbreak analysis that will lead to isolating infected systems and then applying the latest system recovery process. Abbreviations and Acronyms ACI-NA Airports Council International–North America ACRP Airport Cooperative Research Program AES Advanced Encryption Standard AFDX Avionics Full Duplex Switched Ethernet A-ISAC Aviation Information Sharing and Analysis Center AVI Automatic Vehicle Identification BCS Building Control Systems BIDS Baggage Information Display Systems BIT Business Information Technology Committee BYOD Bring Your Own Device CARMA Cybersecurity Assessment and Risk Management Approach CCTV Closed Circuit Television CDE Cardholder Data Environment CIA Central Intelligence Agency CIO Chief Information Officer CIP Critical Infrastructure Protection CISO Chief Information Security Officer COOP Continuity of Operations COTS Commercial off the Shelf CRUD Create, Retrieve, Update, and Delete CSET Cyber Security Evaluation Tool CUPPS Common Use Passenger Processing Systems CUSS Common Use Self-Service CUTE Common Use Terminal Equipment DCS Distributed Control Systems DDoS Distributed Denial of Service DHS Department of Homeland Security DMZ Demilitarized Zone EFB Electronic Flight Bag ERAU Embry-Riddle Aeronautical University FBI Federal Bureau of Investigation FIDS Flight Information Display Systems FISMA Federal Information Security Management Act FTE Full-Time Equivalent GPS Global Positioning System HIPAA Health Insurance Portability and Accountability Act HUMS Engine Health and Usage Monitoring Systems

Glossary, Abbreviations, Acronyms, and Symbols 75 ICS Industrial Control Systems IDS Intrusion Detection Systems IEC International Electrotechnical Commission IPS Intrusion Prevention Systems ISAC Information Sharing and Analysis Center ISO International Organization for Standardization IT Information Technology KSAs Knowledge, Skills, and Abilities LAN Local Area Network MDM Mobile Device Management MS-ISAC Multi-State Information Sharing and Analysis Center NACS Network Access Control System NCIC National Crime Information Center NERC North American Electric Reliability Corporation NICE National Initiative for Cybersecurity Education NIST National Institute of Standards and Technology NSA National Security Agency OMB Office of Management and Budget PAC Programmable Automation Controller PARCS Parking Access and Revenue Control Systems PCI Payment Card Industry PCI DSS Payment Card Industry Data Security Standards PII Personally Identifiable Information PLC Programmable Logic Controller POS Point of Sale PSK Pre-shared Key SCADA Supervisory Control and Data Acquisition SDLC Software Development Life Cycle SIEM Security Information and Event Management SLA Service Level Agreement SMS Short Message Service SQL Structured Query Language SSI Sensitive Security Information SSL Secure Sockets Layer TRB Transportation Research Board URL Uniform Resource Locator USB Universal Serial Bus VPN Virtual Private Network WAN Wide Area Network WEP Wired Equivalent Privacy WIPS Wireless Intrusion Prevention System WPA-2 Wi-Fi Protected Access Symbols The following symbols have been used in this document: Threat Countermeasure Resource Target Multimedia

Next: References »
Guidebook on Best Practices for Airport Cybersecurity Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB’s Airport Cooperative Research Program (ACRP) Report 140: Guidebook on Best Practices for Airport Cybersecurity provides information designed to help reduce or mitigate inherent risks of cyberattacks on technology-based systems.

Traditional IT infrastructure such as servers, desktops, and network devices are covered along with increasingly sophisticated and interconnected industrial control systems, such as baggage handling, temperature control, and airfield lighting systems.

The guidebook also includes a CD-ROM of multimedia material that may be used to educate all staff at airports about the need, and how, to be diligent against cybersecurity threats.

The CD-ROM is also available for download from TRB’s website as an ISO image. Links to the ISO image and instructions for burning a CD-ROM from an ISO image are provided below.

Help on Burning an .ISO CD-ROM Image

Download the .ISO CD-ROM Image

(Warning: This is a large file and may take some time to download using a high-speed connection.)

CD-ROM Disclaimer - This software is offered as is, without warranty or promise of support of any kind either expressed or implied. Under no circumstance will the National Academy of Sciences or the Transportation Research Board (collectively "TRB") be liable for any loss or damage caused by the installation or operation of this product. TRB makes no representation or warranty of any kind, expressed or implied, in fact or in law, including without limitation, the warranty of merchantability or the warranty of fitness for a particular purpose, and shall not in any case be liable for any consequential or special damages.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!