Resilience best practices in the aviation field

Slides:



Advertisements
Similar presentations
IT Service Continuity Management
Advertisements

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.
Safety and Security in Air Traffic Management Rod Graff Agenda Item 2.
Establishing Research Priorities for Public Health Emergency Preparedness in Canada: Results of a Scoping Review and Priority- Setting Meeting Yasmin Khan,
GAMMA Overview. Key Data Grant Agreement n° Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget:
Alexander Brandl ERHS 561 Emergency Response Environmental and Radiological Health Sciences.
New and Emerging Threats to Civil Aviation and the Way Ahead Date: 27th of September, 2010 Aws Al Khanjari Director Aviation Security & Infrastructure.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Bridging the Gaps: Public Health and Radiation Emergency Preparedness Mr. James Kish, Director Technological Hazards National Preparedness Directorate.
National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.
Risk and Business Continuity at SWIFT
© BT PLC 2005 ‘Risk-based’ Approach to Managing Infrastructure a ‘Commercial Prospective’ Malcolm Page BT UK AFCEA Lisbon 2005.
Reliability Risk Assessment
“ Hard work and concern for the society is the key to success ” - O P Jindal On-site and Off-site Emergency Plans Based on Integral Risk Management – Key.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Overview FAA IT & ISS R&D: Security Today Security Tomorrow Marshall Potter Chief Scientist for Information Technology Federal Aviation Administration.
1 National Workshop on Aviation Software Systems: Design for Certifiably Dependable Systems Natasha Neogi October 5-6, 2006 Arlington, VA.
6th Framework Programme Thematic Priority Aeronautics and Space.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
SMS Implications for Education Jim Dow Chief, Flight Training & Examinations Transport Canada Presentation to National Training Aircraft Symposium
Space Systems as Critical Infrastructure Iulia-Elena Jivanescu 1st Space Retreat, Tenerife, Spain, 8-22 January, 2013.
Overview of Systems Audit
SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.
MITIGATION PREPAREDNESS RESPONSE RECOVERY FOUR PHASES OF EMERGENCY MANAGEMENT Pre-event Post event Pre-event.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.
Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
National Rural Transit Assistance Program. Learning Objectives Safety Safety Security Security Emergency Preparedness Emergency Preparedness.
WHAT IS SYSTEM SAFETY? The field of safety analysis in which systems are evaluated using a number of different techniques to improve safety. There are.
Can our ATM systems cope?
Association of Defense Communities June 23, 2015
International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara.
Industrial Risk Control
International Recovery Forum 2014 ~ The Role of Private Sector in Disaster Recovery ~ 21 January 2014 Kobe, Japan Dr Janet L. Asherson THE LINK BETWEEN.
Health Emergency Risk Management Pir Mohammad Paya MD, MPH,DCBHD Senior Technical Specialist Public Health in Emergencies Asian Disaster Preparedness Center.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
ASPEC Damaging Energies New Staff Induction What is this course about? This course is designed to talk through the major damaging energies on site. It.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Swedish Risk Management System Internal management and control Aiming to Transport Administration with reasonable certainty to.
Roles and Responsibilities of Community Health Workers (CHW) within the overall DRM system in Pakistan Module 1 Session 1.4 National Disaster Management.
A Technology Partnership for the New Millennium Anne Harlan, Director William J. Hughes Technical Center 68th NASAO Annual Convention September 20, 1999.
Revision N° 11ICAO Safety Management Systems (SMS) Course01/01/08 Module N° 9 – SMS operation.
Business Continuity Disaster Planning
S3.1 session day 3 1 training delivered by Oxfam GB, RedR India and Humanitarian Benchmark; January 2012, Yangon, Myanmar approved by the Advisory.
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.
Horizon 2020 Secure Societies Disaster-Resilience Workshop 18 Mar /06/2016.
LECTURE 7 AVIATION SAFETY & SECURITY
Business Continuity Planning 101
Process Safety Management Soft Skills Programme Nexus Alliance Ltd.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-I)
Surveillance and Security Systems Cyber Security Integration.
Information Security Management Goes Global
THINK DIFFERENT. THINK SUCCESS.
Žilinská univerzita v Žiline Fakulta špeciálneho inžinierstva
4th SG13 Regional Workshop for Africa on “Future Networks for a better Africa: IMT-2020, Trust, Cloud Computing and Big Data” (Accra, Ghana, March.
and Security Management: ISO 28000
Information Technology Sector
Critical Infrastructure Protection Policy Priorities
Air Carrier Continuing Analysis and Surveillance System (CASS)
I have many checklists: how do I get started with cyber security?
HSE Case: Risk Based Approach.
Protective Security Advisor Program Brief
UA Road Transport Safety Forum Hazard & Effects Management Program
John M. Felker Director, NCCIC.
Threat identification & analysis
Securing Critical Chemical Assets: The Responsible Care® Security Code
European Programme for Critical Infrastructure Protection (EPCIP)
Deborah Housen-Couriel, ADV.
Presentation transcript:

Resilience best practices in the aviation field - ERNCIP Workshop - Matias KREMPEL 27. April 2016 1

10 years banking industry System development & operations Matias Krempel Business Graduate, (Dipl.-Betriebswirt) 10 years banking industry System development & operations 6 years IT-industy Consulting & Project Management 22 years DFS German Air Traffic Control Project & Security Management Process & Quality Management Crisis & Contingency-Management External activities Member of SESAR definition and development phase Convenor of CEN TC 377 WG 1 (ATM Cyber Security) Member of National Critical Infrastructure Working Groups German Armed Forces Reserve (LTC)

Lessons from the Times of Sailing Ships Consider all hazards („TAHOI“) Run the company and their ships as functional systems Consider the life cycle Maintain proper trade-offs A holistic view The ship as a socio-technical (functional) system (BITOP) with the overall Building, the information, the Technical Systems installed, the organisational structures and rules and the people The Hazards (TAHOI): Technical Failures (due to weaknessesin construction) , Acts of God (notably in terms of bad weather), Human Error (lack of experience, untrained staff), Organisational Weakness and Intentional acts (pirates, war, mutiny) Dimensions of resilience Overall construction Information (in terms of intelligence to avoid dangerous routes) Spare parts for repairs, guns for self defence Organisation (emergency procedures, watch system vs. All hands for endurance) People (specialists for reparis, multi role training) Trade offs: security vs. commerical aspects in ship building and operations, special security forces (Bombay navy) Complementary aspects of safety and security in reslience f.e. in terms of repair capabilities ISPRA 2016

Air Traffic – Element of the Transport Sector Passengers Priorities? Cross Cutting Effects? Safety Capacity Cross cutting effects + with other transport infrastructures (example: training) + local effects of failures of airports + dependency on other critical infrastructures (notably telecom and energy) Cargo ISPRA 2016

Resilience in Aviation Safety view: „Avoiding harm to people“ Security view: „Surviving attacks“ Organisation Upstream Design Maintenance Downstram Technology „Managing the Risk Appetite“? Capacity View: „Maintaining Critical Services“

Resilience & Accident Analysis & Risk Assessment methodology Systematic since 2009: FRAM, STAMP Organisational since 1980 MORT, STEP, MTO, TRIPOD, CREAM, MERMOS, AcciMap A (new) challenge: integrating safety & security Human Factor since 1930 /1980 (Domino) Swiss cheese, HPES, HERA, TRAEr, AEB Technical since 1950, i.e. FMEA, HAZOP, Fault tree, FMECA

The Operational View: Phases of a Flight ISPRA 2016

The Technical View - ATM & CNS Systems Command & Control Sensors & Actors

The Technical View - ATM & CNS Systems

Resilience - Communication Technical Multiple redundancy & diversity Organisational Formalized communication procedures Readback / Retransmission Procedures for communication failure situations (COMLOSS)

Resilience - Navigation Technical Diversity of sensors (ground & space based)

Resilience - Surveillance Technical Overlapping of Sensors Meshing of sensor networking Organisational Controlled reduction of service Airspace capacity reduction Adjustment of maintenance schedules

Resilience – Command & Control COMMUNICATE – NAVIGATE - AVIATE Technical Fall-Back-Systems Aiding-Failing units Safety Nets Organisational Capacity reduction Organisational Fallback Crisis management Humans Emergency & crisis management-training Staff management

ARIEL – An Air Traffic Resilience Project Coping with complexity in resilience Structured Threat Information Expression (STIX™)

Outlook: Drones - „game changers“? Is there an ethical dimension of resilience ? ISPRA 2016

There is nothing new under the sun Kohelet

Backup slides (provided a different focus is needed) ISPRA 2016

Air Traffic Management - Architectural Elements Capability Layer Story Board Step: The operational step defined in the concept story board. Validation Target: The overall contribution to the high level (ECAC) network performance targets set in the first edition of the ATM Master Plan. Capability: The ability of one or more of the enterprise?s resources to deliver a specified type of effect or a specified course of action to the enterprise stakeholders. Operational Layer Node: A logical entity that performs Activities. Nodes are specified independently of any physical realisation. (includes a Node: Crisis Management) Role: An aspect of a person or organisation that enables them to fulfil a particular function. Activity: A logical process, specified independently of how the process is carried out. Information Exchanges: describes the need for actors to deliver and receive information and information products Information Element: A formalized representation of information. Information Entity: A definition (type) of an item of interest Service Layer Service: The contractual provision of something (a non-physical object), by one, for the use of one or more others (see SWIM Services) Service Function: (not defined yet) Service Interface: (not defined yet) Data Element: A formalised representation of data. System Layer Capability Configuration: A combination of Roles and Systems configured to provide a Capability derived from operational and/or business need(s) of a stakeholder type. System: A collection of technical components organized to accomplish a specific function or set of functions Functional Block: A grouping of functions within a System that are assembled to assist in the conducting of one or more Operational Activities. Resource Interaction: A relationship specifying the need to exchange data between Capability Configurations. System Port: An interface provided by a System. A System Port Connector asserts that a connection exists between two System Ports. Programme Layer Project management: A temporary endeavour undertaken to create a unique product, service or result. Operational Focus Area: A limited set of dependent operational and technical improvements related to an Operational sub-package, comprising specific interrelated OIs designed to meet specific performance expectations of the ATM Performance Partnership. Operational Improvement Step: The elementary level of an operational improvement. The EATMA portal currently contains only SESAR Story Board Step 1 information. Enabler: new or modified technical system/infrastructure, human factors element, procedure, standard or regulation necessary to make (or enhance) an operational improvement

Challenges in the aviation age ISPRA 2016

Potential Impacts (SESAR) Stress, minor injury, …, fatality Personnel Reduction, loss Capacity Reduction, loss Performance Financial loss Economic Reputation Branding Impact of a Security Failure The potential impact of a failure in security is broad. Several impacts may be realised simultaneously. Personnel Ranges from discomfort, minor injury, through to one or more serious injuries or fatalities. Capacity A minor reduction in system capacity through to a complete loss of service. No aircraft in the sky. Performance (Including other KPAs) Minor system quality issues through to major quality issues which render multiple, major systems inoperable. Economic Minor loss of income through to bankruptcy. Branding Reputational loss for one or more stakeholders or for ATM as a whole. For example, a change in the perceived risk of flying in the general public could reduce the number wishing to fly. Regulatory A failure to comply with legal or regulatory requirements could result in legal or financial consequences. Environment Ranges from insignificant or short term-impact on the environment through severe pollution with long-term impact, to catastrophic impact. (Obtained from SESAR ATM Security Risk Assessment Methodology, Ed. 00.01.01, 24th January 2012). Breach of requirement Regulatory Impact on environment Environment

Risks – Security - Safety

Treatment

Resilience Recovery Response Continuity Response Emergency Response Disruptive Incident Recovery Response Meet Ongoing Operational Requirements Preparedness Continuity Response Meet Critical Operational Objectives Organizations must know how to prepare and respond to unexpected and potentially devastating incidents. Organisational resilience requires pro-active preparation for potential incidents and disruptions to avoid suspension of critical operations or services, and to resume operations and services as rapidly as required by those who depend on them. Emergency Response – The initial response to a disruptive incident usually involves the protection of people and property from immediate harm. Continuity Response – Processes, controls and resources are made available to ensure that critical operational objectives continue to be met. Recovery Response – Processes, resources and capabilities are re-established to meet ongoing operational requirements. (Source : ISO/PAS 22399:2007 - Incident Preparedness and Operational (business) Continuity Management (IPOCM)) Prevention Emergency Response Initial response Pre-incident t = 0 Time Post-incident

ATM-Safety – Capacity - Financial Availability, Integrity Services & Security Business Objectives ATM-Safety – Capacity - Financial Risk Management Concepts Sec.Mgmt. Process Services & Processes "CNS/ATM" "PDCA" Sicherheitsmanagement Security-Management Architecture Technology Security Architecture Assets "BITOP" "NEC" Security objective Availability, Integrity (Confidentiality) "CIA" Security- Risk Analysis Threats "TAHOI" Vulnerabilities Risks Options Transfer Avoid Reduce Accept "TARA" Measures Preventive Reactive Special Protection Basic Protection Emergency & Crisis mgmt Contin- gency/ Continuity DFS Deutsche Flugsicherung GmbH VY, Unternehmenssicherheitsmanagement-25 Security-Systems