Guidebook on Best Practices for Airport Cybersecurity (2015) / Chapter Skim
Currently Skimming:
Pages 10-19
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 10... ...
10 The underlying goal should be to identify and address vulnerabilities to satisfy the risk tolerance of senior management in an efficient and costeffective manner. Overview The core of a cybersecurity program is the approach that is used to identify, assess, and reduce the risk of successful attack.
|
From page 11... ...
Ma n a g e m e n t S t a ff C o n s u l t a n t s T e n a n t s revoceRdnopseRtceteDtcetorPyfitnedI Targets Threats Estimate Likelihood Inventory Vectors Estimate Impact Countermeasures Vulnerability Prioritize Allocate Resources Establish Policy Training Reports Determine Impact Inform Stakeholders Monitor Issue ? Patches Updates Analyze Triage Contain Remove Restore Metrics Procedures Best Practices Training Material Actor I T P e r s o n n e l Potential Role for Service Providers Motives Figure 3.
|
From page 12... ...
12 Guidebook on Best Practices for Airport Cybersecurity 5. Recover from a cyberattack and update future response capabilities based on lessons learned.
|
From page 13... ...
An Approach to Cybersecurity at Airports 13 Estimate the likelihood of specific cyberattacks by reviewing the numerous combinations of threats, actors, vectors, motives, and targets that exist. The likelihood of these scenarios should be quantified to the extent possible.
|
From page 14... ...
14 Guidebook on Best Practices for Airport Cybersecurity If an issue is detected, those responsible for cybersecurity at the airport should promptly take the appropriate actions. In accordance with the airport's communications policies, inform stakeholders who have previously been identified as being able to assist or who may be affected.
|
From page 15... ...
An Approach to Cybersecurity at Airports 15 An important first step in cybersecurity is to understand the type and sources of threats that airports face. As Sun Tzu, the ancient Chinese General, strategist, and philosopher, stated "Know your enemy" (Sawyer 2007)
|
From page 16... ...
16 Guidebook on Best Practices for Airport Cybersecurity services, the systems that may be affected are not limited to those that the airport directly controls. Furthermore, with the implementation of the Federal Aviation Administration's (FAA's)
|
From page 17... ...
An Approach to Cybersecurity at Airports 17 these devices are publicly accessible, by definition, and a surprising number are not secure. A study in 2008 of private (i.e., non-hotspot)
|
From page 18... ...
18 Guidebook on Best Practices for Airport Cybersecurity The CISO or their staff and consultants should maintain this inventory of airport systems potentially affected by cyber threats. The categorized list of systems in Appendix B can serve as a checklist to help ensure all systems have been considered; however, the list provided should not be considered all inclusive as each airport may have unique systems and the range of systems in use by airports is constantly evolving.
|
From page 19... ...
An Approach to Cybersecurity at Airports 19 their daily work life at the airport, an airport's vulnerability to a cyberattack can be reduced. The following list identifies good cyber hygiene habits: Avoid Social Engineering Tactics -- Social engineering tactics are actions taken by adversaries to trick staff into divulging confidential information.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.