Meeting the Information Needs of Aviation

For more information please contact:

info@airinformatics.com

Copyright © 2008-2016 Air Informatics® LLC

e-Enabled Aviation® Information Security, e-Enabled AvInfoSec®, is a global challenge. A weakness in an Airline's or Airport's Aviation Information Security Architecture on the other side of the globe and can play out in the skies of your home town and at your airport. Information security threats, either direct with intent, or malicious software in the wild, can directly impact flight operations and business reputation of the industry and individual companies in previously unimaginable ways. Threats no longer require a physical presence at the airplane or airport.

e-Enabled Aviation® Information Security

e-Enabled Aviation® Security (e-Enabled AvSec®) and e-Enabled Aviation Information Security (e-Enabled AvInfoSec®) is the practice of defending aviation, operational information, systems, aircraft, airports and the Air Traffic Control Network from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. This includes e-Enabled Aviation Security (e-Enabled AvSec®), e-Enabled Aviation® Information Technology Security and Information Assurance. The key concept and basic principles include:

  1. Confidentiality

  2. Integrity

  3. Availability

  4. Authenticity

  5. Non-Repudiation

  6. Trustworthiness

  7. Privacy

The goal of any organization is one of reasonableness

  1. Ultimately, the goal is provide an aviation system free of threats of any and all kinds

  2. Practically, the goal is the reduction of risk to an acceptable level

While any system is composed of many components a varying complexity and form, the single greatest vulnerability remains the human element, the user, designer, or operator, be it by intent, error, or unintended design.

To reduce the risk and impact, the following must be considered:

  1. Security policy

  2. Organization of information security

  3. Human resources security

  4. Physical and environmental security

  5. Communications and operations management

  6. Implementation assurance

  7. Consistent controls selection

  8. Information security incident management

  9. Business continuity management

  10. Regulatory compliance

The solution is a robust Defense-in-Depth, provided by a robust Risk Management Program, and thereby provide a well understood, multi-layered and on-going e-Enabled Security® and governance program. This would including:

  1. Proper integrated and balanced controlls

  2. An effective and proactive administrative policies, procedures, standards and guidelines.

  3. A set of privilege, logical and physical controls

  4. A robust Defense in Depth

  5. A classification of information and systems

  6. Full tracking, recording, auditing, security verification and validation

  7. A Robust Change Management Process

  8. An Engaged Enterprise Security Governance Council

  9. Proactive Due Diligence and Agressive Incident Response

  10. A Culture of Ownership and Accountability