Cyber Threats and Security Controls Analysis for Urban Air Mobility Environments

Slide Note
Embed
Share

The Urban Air Mobility (UAM) environment, with its service-oriented architecture, faces various cyber threats related to end-users, cyber-physical systems, cloud services, and on-premise computing. Threats include unauthorized interception of data, phishing attacks, and Denial of Service (DoS) incidents. Leveraging the MITRE ATT&CK framework can help analyze these threats effectively.

adelheide
adelheide Follow

Uploaded on Jul 23, 2024 | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Cyber Threats and Security Controls Analysis for Urban Air Mobility Environments January 2021

  2. UAM Environment The UAM environment has a service-oriented architecture where UAM operators and service providers work independently to mange aerial vehicles in the urban environment. The UAM environment is derived from the Unmanned Traffic Management (UTM) concept of operations. Providers of Services, UAM operators, and Supplemental Data Service Providers provide services to support flight operations within the UAM environment. Various views of UAM flight information are provided to the public and public safety entities. The FAA can coordinate flight information between the FAA controlled National Airspace System (NAS) and the UAM environments through the Flight Information Management System (FIMS) 2

  3. UAM Environment UAM environments will consist of a wide range of diverse systems supporting flight missions The UAM environment can be viewed from the perspective of four significant high-level components, end-users, cyber-physical systems, cloud services, and on-premise computing services. Threats, vulnerabilities, weaknesses, and security controls for the UAM environment, are studied from these four components' perspective. The applicable threats, vulnerabilities, and weaknesses of the UAM environment's four component areas will differ due to the cyber- physical, cloud, and on-premise architectures. 3

  4. Identified Threats for UAM Environments Cyber threats associated with End-Users are an ever-changing threat landscape The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) model and framework can be leveraged to analyze threats to UAM systems Globally-accessible knowledge base of adversary tactics and techniques based on real-world observations of cyber security threats Sample UAM Threats The unauthorized interception or sniffing of a conversation, communication, or data transmission, leading to the loss of data confidentiality. Adversaries may attempt to position themselves between two or more networked devices using a man-in-the-middle (MiTM) technique to support follow-on attack behaviors such as Network Sniffing (leading to loss of confidentiality) or Transmitted Data Manipulation (leading to loss of data integrity). Adversaries may send deceptive email phishing messages, with the intent to to gain access to victim systems. A single system or multiple systems may be used to perform a Denial of Service (DoS) or Distributed Denial of Service (DDoS). The purpose of the attack is to degrade or block the availability of services to users. Eavesdropping Man in the Middle Attacks (MITM) Phishing Attacks Distributed Denial of Service (DDoS) 4

  5. NIST Computer Security Resource Center National Institute of Standards and Technology (NIST) Computer Security Resource Center (CSRC) NIST Special Publication 800-53 Security and Privacy Controls for Federal Information Systems and Organization NIST Cybersecurity Framework 5

  6. Cyber Security Framework NIST Cybersecurity Framework (CSF) provides a common language for understanding, managing, and expressing cybersecurity risk Identify Manage cybersecurity risk for the UAM environment systems, people, assets, data, and capabilities. Protect Appropriate safeguards to ensure the delivery of critical services. Detect Identify the occurrence of a cybersecurity event. Respond Actions regarding a detected cybersecurity incident. Recover Timely recovery to normal operations to reduce the impact from a cybersecurity incident 6

  7. NIST Special Publication 800-53 Security controls are safeguards/countermeasures for information systems Protect the confidentiality, integrity, and availability of information Satisfy a set of defined security requirements Reflect the objectives of the information and system to be protected All laws, executive orders, directives, regulations, policies, standards, guidance, and mission or business needs are considered Security and privacy controls could change with changes to the system and should be removed, revised, and added as necessary 7

  8. Safeguards and Countermeasures Sample UAM Threats with Safeguards and Countermeasures Encrypting data in transit is a safeguard against eavesdropping Cryptographic key exchange is required for encryption to work across organizations. As a result, methods to ensure safe keeping of the keys is critical as well. Eavesdropping UAM environments comprise of highly automated systems using application programming interfaces (APIs), to enable data exchange. As new services are added, new APIs need to be developed and tested for vulnerabilities, that could lead to system access Man in the Middle Attacks (MITM) 8

  9. Safeguards and Countermeasures Sample UAM Threats with Safeguards and Countermeasures Security controls such as cybersecurity literacy training and awareness need to be implemented. Practical exercises include social engineering attempts to collect information, gain unauthorized access, or simulate the adverse impact of opening malicious email attachments or invoking malicious web links Phishing Attacks Implementing the appropriate security detection methods for identifying DDoS attacks is critical to detecting the attack. Countermeasures, such as , implementing temporary automatic lockouts initiated by the systems, when the maximum number of attempts are exceeded. Distributed Denial of Service (DDoS) 9

Related


Understanding Cyber Security and Risks

Understanding Cyber Security and Risks

kathryn
Overview of Cyber Operations and Security Threats

Overview of Cyber Operations and Security Threats

joan
Artificial Intelligence in Cyber Security: Enhancing Threat Detection and Response

Artificial Intelligence in Cyber Security: Enhancing Threat Detection and Response

annabelle
Understanding Cyber Threat Assessment and DBT Methodologies

Understanding Cyber Threat Assessment and DBT Methodologies

jgra
Managing Covid-19 Cyber and Data Protection Risks

Managing Covid-19 Cyber and Data Protection Risks

kaisen
Cyber Security Toolkit for Boards: Comprehensive Briefings and Key Questions

Cyber Security Toolkit for Boards: Comprehensive Briefings and Key Questions

adalwolf
Guide to Cyber Essentials Plus and IASME Gold Certification

Guide to Cyber Essentials Plus and IASME Gold Certification

eros
Technical Guide on Audit of Internal Finance Controls in Public Sector Banks

Technical Guide on Audit of Internal Finance Controls in Public Sector Banks

hart
Types Cyber Attacks: Cyber Security Training Workshop

Types Cyber Attacks: Cyber Security Training Workshop

anara
Bharat Mobility Global Expo 2024 - Shaping the Future of Automotive Industry

Bharat Mobility Global Expo 2024 - Shaping the Future of Automotive Industry

adolph
The Evolution of Dyninst in Cyber Security

The Evolution of Dyninst in Cyber Security

kell_161
Challenges in Security Analysis of Advanced Reactors

Challenges in Security Analysis of Advanced Reactors

ailani
Understanding Malicious Attacks, Threats, and Vulnerabilities in IT Security

Understanding Malicious Attacks, Threats, and Vulnerabilities in IT Security

ciel
Understanding Cyber Crimes and Remedies in Gangtok by Himanshu Dhawan

Understanding Cyber Crimes and Remedies in Gangtok by Himanshu Dhawan

fern
Understanding Cyber Laws in India

Understanding Cyber Laws in India

amoura
Understanding Cyber Crimes: History, Categories, and Types

Understanding Cyber Crimes: History, Categories, and Types

monica
Comprehensive Digital Risk Assessment Guide for Businesses

Comprehensive Digital Risk Assessment Guide for Businesses

kennedy
Advancements in Air Pollution Prediction Models for Urban Centers

Advancements in Air Pollution Prediction Models for Urban Centers

jeffrey
Enhancing Economic Mobility Through Education: A Data-Driven Approach

Enhancing Economic Mobility Through Education: A Data-Driven Approach

kamden
Adversarial Risk Analysis for Urban Security

Adversarial Risk Analysis for Urban Security

zmora
Preliminary Results of IEEE 802.11-19/0728r1 11ax Evaluation on Mobility in Dense Urban eMBB Scenario

Preliminary Results of IEEE 802.11-19/0728r1 11ax Evaluation on Mobility in Dense Urban eMBB Scenario

nia
Evolution of Mobility Landscape in Central & Eastern Europe

Evolution of Mobility Landscape in Central & Eastern Europe

esmai
BHARAT MOBILITY 2024

BHARAT MOBILITY 2024

caliban
Essential Steps to Enhance Cyber Security

Essential Steps to Enhance Cyber Security

cicely

More Related Content

Comparative Analysis of Electrical Mobility Curricula in European and Western Balkan Higher Education Institutions
Comparative Analysis of Electrical Mobility Curricula in European and Western Balkan Higher Education Institutions
AEP Enterprise Security Program Overview - June 2021 Update
AEP Enterprise Security Program Overview - June 2021 Update
Educational Activities on Updating Devices and Cyber Security
Educational Activities on Updating Devices and Cyber Security
Introducing the Cyber Security Toolkit for Boards
Introducing the Cyber Security Toolkit for Boards
Overview of Cyber Security Recommendations for Vehicle Manufacturers
Overview of Cyber Security Recommendations for Vehicle Manufacturers
Exploring Adversarial Machine Learning in Cybersecurity
Exploring Adversarial Machine Learning in Cybersecurity
802.11ax Evaluation for IMT-2020 eMBB in Dense Urban Environments
802.11ax Evaluation for IMT-2020 eMBB in Dense Urban Environments
Cyber Threat to Nuclear Facilities: A Critical Analysis
Cyber Threat to Nuclear Facilities: A Critical Analysis
The Role of International Student Mobility in Luxembourg's Higher Education Policy Discourse
The Role of International Student Mobility in Luxembourg's Higher Education Policy Discourse
Regional E-Mobility Policy Roadmap for PICs: A WB Study
Regional E-Mobility Policy Roadmap for PICs: A WB Study
Making the Most of Erasmus+: Opportunities for Higher Education Sector
Making the Most of Erasmus+: Opportunities for Higher Education Sector
Mainstreaming Human Mobility in National Adaptation Plans for Climate Resilience
Mainstreaming Human Mobility in National Adaptation Plans for Climate Resilience
Mobility Risk Assessment Process in Client Care
Mobility Risk Assessment Process in Client Care
Challenges and Solutions in Urban Land Delivery and Pricing in Namibia
Challenges and Solutions in Urban Land Delivery and Pricing in Namibia
Cutting-Edge Insights on Future Mobility at SIAT 2024
Cutting-Edge Insights on Future Mobility at SIAT 2024
Overview of SULM Bihar State Urban Livelihood Mission
Overview of SULM Bihar State Urban Livelihood Mission
Dallas Comprehensive Urban Agriculture Plan Summary
Dallas Comprehensive Urban Agriculture Plan Summary
Guidelines for Reporting on the Implementation of the New Urban Agenda
Guidelines for Reporting on the Implementation of the New Urban Agenda
Overview of Uganda's Urban Development and Management Law
Overview of Uganda's Urban Development and Management Law
Understanding Environmental Hygiene: Air Pollution and Composition of Air
Understanding Environmental Hygiene: Air Pollution and Composition of Air
Interactive Cyber Security Activities for Children
Interactive Cyber Security Activities for Children
Understanding Air Pollution and Its Impact on Health and Environment
Understanding Air Pollution and Its Impact on Health and Environment
Air Quality Management Division Overview
Air Quality Management Division Overview
How to Identify and Mitigate Cyber Threats
How to Identify and Mitigate Cyber Threats