SOFTWARE ENGINEERING - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

SOFTWARE ENGINEERING

Description:

Information Systems Security Architecture (ISSA) Technology Program Plan ... Expand ISS Architecture to cover non-NAS in version 2.0 of ISSA ... – PowerPoint PPT presentation

Number of Views:22
Avg rating:3.0/5.0
Slides: 13
Provided by: RCoo
Category:

less

Transcript and Presenter's Notes

Title: SOFTWARE ENGINEERING


1
Federal Aviation Administration (FAA) RD in
Information Assurance RD Strategy for a
Dependable Information Society Workshop EU-US
Collaboration 1-2 December 2001 Düsseldorf (D)
Ernest R. Lucier Technical Advisor on High
Confidence Systems FAA/AIO-4 800 Independence
Avenue SW Washington, DC 20591
ernest.lucier_at_faa.gov 202 493-5269
2
Office of the Assistant Administrator for
Information Services and Chief Information
Officer (AIO)
  • Office established spring of 1999
  • Assistant Administrator for Information Services
    and Chief Information Officer for the FAA
  • Dr. Dan Mehan
  • Chief Scientist for Information Technology in AIO
  • Marshall Potter

3
FAA Environment
4
CIOs Security Mission
Protect the FAAs information infrastructure and
help the aviation industry reduce security risks
through leadership in innovative information
assurance initiatives
5
FAAs 5 Layers of System ProtectionCYBER
Perspective
Authentication
Integrity
Awareness and Execution
Architecture and Engineering
6
Impact of Goals on Architecture
  • DoD has historically ranked Confidentiality and
    Access Control as their first and second goals
  • They accomplish these goals by using encryption
    and techniques such as passwords that are
    normally also encrypted
  • The FAAs two highest goals are integrity and
    availability
  • In contrast to DoD, the banking industry, etc.,
    FAA data and systems are open and visible and
    encryption may be a poor solution method due to
    impacts on latency/performance as well as the
    need to have a world-wide standard
  • FAA system goals of safety, security and
    efficiency need to be met and are times impacted
    by ISS requirements
  • These decisions have a major impact on the NAS
    system architecture

7
FAAs Information Systems Security Approach
8
RD Technical Approach
  • Analyze potential attack scenarios and future NAS
    architectural traffic proposals (Understand the
    nature of the FAA unique problems)
  • Evaluate and Assess new FAA programs against
    threats being investigated within the RD
    community
  • Experiment with potential scenarios at the Tech
    Center to evaluate how well new RD
    (Detect/Protect/Respond/Recover) tools work
    within a NAS environment
  • Develop engineering recommendations for
    detection, protection, response and recovery
    mechanisms and experiment with them at the CSIRC
  • Evaluate leveraged RD products from other
    Government partners for potential use in the NAS
  • Develop Future ISS Guidelines and Procedures as
    potential straw man policies based on the results
    of the above assessments
  • Grow NAS knowledgeable ISS Gurus

9
Accomplishments
  • Computer Security Incident Response Center
    (CSIRC)
  • Information Systems Security Architecture (ISSA)
  • Technology Program Plan
  • National Airspace System (NAS) Protection Profile
    based on Common Criteria
  • Education/Training
  • New Information Systems Security (ISS) RD (There
    is RD in the FAA but not ISS yet)
  • ISS status display
  • Establish RD projects with FAA project teams

10
Computing and Software Technology FAA Needs
Supported
RD Focus Areas
FAA Operational Goals
Technology Needs
Safety
Real Time Intrusion Detection, Monitoring
Recovery
  • Situational understanding
  • Intrusion Detection Isolation
  • Malicious code protection
  • Indicators and Warnings
  • Vulnerability Assessments
  • Cryptography
  • Adaptive Survivable Infrastructure
  • Security of mobile systems
  • Dynamic Virtual Private Networks
  • Composable Trust
  • Mobile code integrity
  • Protective Mechanisms

Security
Public Key Infrastructure (PKI)
Efficiency
Trustworthy System from Untrustworthy Components
Performance
11
Linkage to Other Federal Initiatives
  • Joint work with Defense Advanced Research
    Agency (DARPA) National Science Foundation
    (NSF) National Information Assurance
    Partnership (NIAP) Naval Research
    Laboratory Air Force Research Laboratory NASA
  • Collaboration with standards-setting
    organizations (e.g., NIST)
  • Review of ISS Architecture, Version 1.1, by
    Industry Advisory Council and Naval Research Lab

12
FY 2002 Objectives
  • Continue certification and authorization of
    critical systems
  • Continue aggressive training and awareness
    programs
  • Augment monitoring for policy conformance
  • Expand Computer Security Incident Response
    Capability
  • Improve boundary protection and security on new
    telecom acquisitions
  • Expand ISS Architecture to cover non-NAS in
    version 2.0 of ISSA
  • Nurture RD program to FAA unique needs
  • Conduct an Integrated Facility Certification
    prototype.
  • Implement an outreach program to coordinate with
    industry, airports, and other partners
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "SOFTWARE ENGINEERING" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!