Advancing Cyber Resilience In Aviation: An Industry Analysis
Shaping the Future of Cybersecurity and Digital TrustShaping the Future of Technology Governance: IoT, Robotics and Smart CitiesAdvancing Cyber Resiliencein Aviation: An Industry AnalysisIn collaboration with Willis Towers WatsonJanuary 2020
World Economic Forum91-93 route de la CapiteCH-1223 Cologny/GenevaSwitzerlandTel.: 41 (0)22 869 1212Fax: 41 (0)22 786 2744Email: contact@weforum.orgwww.weforum.org 2020 World Economic Forum.All rights reserved. No part of thispublication may be reproduced ortransmitted in any form or by anymeans, including photocopying andrecording, or by any information storageand retrieval system.1Advancing Cyber Resilience in Aviation: An Industry Analysis
ContentsForeword 4Executive Summary 51. Aviation Industry Context in the Digital Age 71.1Adoption of emerging technologies in the aviation industry 71.2What is at stake? 71.3Need for global collaboration to enhance cyber resilience in aviation 92. Aviation Industry Analysis 102.1Global risk insights 102.2Key insights from industry stakeholders 102.3Threats 112.4Risks 122.5Vulnerabilities 133. Identifying and Managing Cyber Risks across People, Capital and Technology 143.1Common methodologies 143.2People and culture 163.3Capital and risk management 173.4Technology and operations 184. From Insight to Foresight 20Contributors 22Glossary 23Endnotes 24Building Cyber Resilience in the Aviation Sector2
3Advancing Cyber Resilience in Aviation: An Industry Analysis
ForewordCivil aviation is an incredibly safe mode of transport. Year-on-yearstatistics referenced by the International Air Transport Association(IATA) Annual Safety Report demonstrate this. Considering theforecast of double-digit growth over the next 20 years and thenew infrastructure needed to manage capacity and services – andas indirectly evidenced by high levels of consumer confidencedocumented in widely available growth analysis – continued effortstoday will clearly be paramount tomorrow to maintain the safetypromise.Matthew VaughanDirector, Aviation SecurityIATACanadaGains in civil aviation have largely been forged thanks to the waythat industry, government and the International Civil AviationOrganization (ICAO) have collaborated on the basis of empiricaldata. The key objective is to maintain that elusive equilibriumbetween regulation and risk management, to effectively enable thesocial contract responsibility of government while enabling industryto innovate and manage its portion of risk. Arguably, the industryis operating faster, further, more efficiently and reliably than everbefore owing to the successful balance between regulatory andrisk priorities. The industry embraces a philosophy of continuousimprovement and seeks to understand new ways in which tomanage new forms of risk and vulnerability and perhaps nonemore so than cybersecurity in aviation.Noting the merits of this white paper, significant policy, regulatory and risk-based advances have beenachieved for terrestrial-based systems leveraging information technology (IT). As such, IATA’s approachthus far has been to focus on the protection of Operational Technology (OT) associated with the safety offlight. We acknowledge years of successful security-by-design practices led by partner original equipmentmanufacturers (OEMs). Additionally, certification of the airworthiness of systems has enabled advancesto date. But as technology is changing, so are the priorities of aviation stakeholders and more work isrequired to ensure optimal resilience.Empirically, the industry needs to continue to evaluate current risk management frameworks used byaviation and determine how fit-for-purpose they are in terms of managing cyber risk. Moreover, existingaviation safety and security cultures should be governed by a cyber strategy that is linked to evolvingtechnology and a set of agreed principals. The ICAO Cybersecurity Strategy for Civil Aviation is a goodstarting point. Of the roughly 12,000 standards and recommended practices (SARPs) contained in theChicago Convention 1944, only two deal with cybersecurity. Managing risk through policy and regulationin aviation has long been the harbinger of government, to reduce and/or remove risk altogether.Conventional approaches alone, led by traditional aviation stakeholders, may prove to be a systemicrisk to the industry itself. If not already so. The initiative of the World Economic Forum on Building CyberResilience in the Aviation Sector is pivotal to ensuring a continued and diverse culture of risk managementin aviation based on a posture of risk, resilience and drawing from cross-sector domains. This will allowthe industry, when faced with unavailable services, disruption and economic loss, to maintain continuity ofservices while learning from vulnerabilities and risk and to close down repeat eventualities.As this white paper illustrates, the digital realm is omnipresent – more guidance is therefore neededin view of its accelerating development. Collaboration is our greatest counter measure yet. Just asaviation itself is interconnected across multiple jurisdictions, so too are the challenges and opportunitiesassociated with cybersecurity. IATA fully supports the work of the World Economic Forum in this domainand looks forward to continuing our collaboration in 2020.Building Cyber Resilience in the Aviation Sector4
Executive SummaryCyberattacks are one of the top 10 global risks ofhighest concern for the next decade, accordingto the World Economic Forum Global RisksReport 2019, with data fraud and theft rankedfourth and cyberattacks fifth among these.Globally, their potential cost could be up to 90 trillion in net economic impact by 20301if cybersecurity efforts do not keep pace withgrowing interconnectedness, according tothe Atlantic Council and the Zurich InsuranceGroup, among others. Whereas governmentand corporate leaders are deeply engaged inpromoting effective cybersecurity strategiesand global spending on security continues toaccelerate, the annual number of cyberattacksglobally hit an all-time high in 2018.In January 2019, the World Economic Forum,supported by a multistakeholder community,launched an initiative to increase cyber resiliencein the aviation industry. The objectives are toinform public- and private-sector leadershipdecisions for effective cyber risk managementand to harness the benefits of the digitalizationof the aviation industry. The current and futurechallenges to the industry are significant, and itis recognized that there are many areas where5Advancing Cyber Resilience in Aviation: An Industry Analysispractices can be improved. Effective decisionmaking on risk will be critical to future success.Cyber resilience involves more than security. Itrequires focus on protecting critical functions, notonly assets. Cybersecurity challenges, includingprivacy issues, remain largely underestimated.To ensure a secure and resilient ecosystem, it isessential that public- and private-sector leadersembrace a collaborative and risk-informedapproach globally, by sharing practices, insightsand threat intelligence.This white paper aims to raise awarenessabout the key systemic challenges to cyberresilience in the aviation industry in the contextof the Fourth Industrial Revolution. Results ofthe study conducted in the course of 2019 inthe framework of the Building Cyber Resiliencein the Aviation Sector initiative (hereafter ‘theinitiative’) indicate that the aviation industry willlikely experience cyber risks similar to thoseof other industries grappling with new heightsof digitalization and connectivity. Includingmultiple perspectives from public and privatestakeholders, the findings presented here seekto contribute to the development of a clear andcoherent vision for the aviation industry.
Based on insights from the initiative, thispublication highlights the areas that warrant extraattention from public- and private-sector leaders,while recognizing the key role of the industry aswell as ICAO and national authorities in bringingboth leadership and vision to the challenge.The study conducted under this initiativecomprised interviews, surveys and workshopswith a range of industry participants, includingtrade associations, regulators, air navigationservice providers, airlines, airports and OEMmanufacturers as well as ICT and insurancebusinesses working with and supporting theindustry.Gaps identified can constitute a basis forimprovement and include the opportunity forcollective action, the need to address peopleand cultural risks more effectively, the potentialfor improving risk decision and cyber resiliencematurity, as well as the need to ensure that themultitude of best- practice frameworks andguidelines effectively address cyber risks.Initial findings indicate the followingrecommended collective action:– Building a collective approach that identifiesand addresses industry challenges and gaps– Implementing consistent and suitablemethods in cyber risk management,industry-wide, to enable aviation businessstakeholders in making informed decisions– Working with the risk management, and ICTindustries to develop effective incentives toencourage continuing improvement in cyberresilience– Managing the risk associated with emergingtechnology effectively to increase the successof emerging technologies adoption in theaviation industry– Foster a stronger culture of cyber resilienceacross the industry, including greaterintegration of operational and cyber skill setswithin the industryAviation industry stakeholders have multiplestarting points from which to analyse wherecollective action is most needed to achieve cyberresilience ecosystem-wide by answering thequestion When it comes to cyber resilience, whatdo industry stakeholders need most to addressthe challenges they are facing?Building Cyber Resilience in the Aviation Sector6
1. Aviation Industry Contextin the Digital Age1.1Adoption of emerging technologies in the aviation industryToday, the aviation ecosystem benefits fromnew levels of digitalization and connectivity.Physical things and cyber systems are becomingincreasingly connected – from assets to peopleand data – by harnessing technologies includingbiometrics, artificial intelligence, machinelearning, autonomous vehicles, blockchain andthe industrial internet of things (IIoT).manufacturing and consumer.3 Airport facilityautomation is expected to deliver the fastestworldwide spending growth in 2017-20224.Furthermore, machine learning and artificialintelligence (AI) are becoming more sophisticatedand prevalent, with growing potential to amplifyexisting risks or create new ones, particularly asthe IIoT connects billions of devices.5Technological advances are creating tremendousopportunities for improved flight efficiency,customer service, security, safety operationsand passenger experience – both in the airand on the ground. The opportunities that IIoTcapabilities can generate for the aviation industryare unprecedented. They include operationalefficiencies such as tracking and connectingairport or airline assets with maintenance andinspection functions, facility management toidentify shortages or breakdowns in real time,and automation of cargo vehicles, food services,ramps and taxiways.2Yet along with the new heights of efficiencygained through increasing digitalization andconnectivity come new frontiers of vulnerability.Rapid cyber capability breakthroughs also createnew potential attack vectors at an equally fastpace, with researchers identifying cyber riskamong the top three risks facing the transportindustry globally.According to the International Data Corporation,transport ranks third among the industries thatwill spend the most on IIoT solutions, after1.2What is at stake?Aviation is a vital industry that contributessubstantially to economic development andimproved living conditions. According to theICAO, the 4.1 billion passengers transportedin 2017 are expected to grow to around 10billion by 2040. And according to IATA, 35% ofworld trade by value is transported by air cargo,equivalent to 6.4 trillion of goods. The role ofthe aviation industry in commerce, trade andtransport infrastructure makes it indispensable tothe global economy.Aviation forms part of Critical NationalInfrastructure (CNI) defined by the USDepartment of Homeland Security as“.whose assets, systems, and networks,whether physical or virtual, are considered so7The initiative to reinforce cyber resilience in theaviation sector builds on the Industrial Internetof Things Safety and Security Protocol, a codesigned framework of high-level governanceprinciples developed by over 20 companies,governments, organizations and universities,published by the World Economic Forum in April2018.6Advancing Cyber Resilience in Aviation: An Industry Analysisvital that their incapacitation or destruction wouldhave a debilitating effect on security, nationaleconomic security, national public health orsafety, or any combination thereof”7.One key characteristic of CNI also apparentin the aviation industry is the high level ofinterdependency between the various sectors ofactivity (airports, air navigation services, airlines,etc.), and interconnectivity with related systems(maintenance services, network connectivityservices, fuel distribution systems, etc.). Oneincident at any point in this value chain can havesevere consequences in other areas.8
The probability and impact of a cyberattack ondifferent parts of the aviation domain may vary.For instance, airports may be more vulnerableto a cyberattack than airlines, and unmannedaircraft systems (UAS) present new threats andchallenges. Drones will operate differently fromtraditional manned aircraft and will be connectedto what is called UAS Traffic Management (UTM).The drone will be connected to that platformby a form of radiofrequency spectrum and willlikely operate off devices such as a pilot-incommand’s cell phone. This presents manypotential cybersecurity challenges, such as adrone’s camera being hacked, that have yet tobe addressed by the industry via a standard.“Technology and digitization not only bring manyadvantages, but also risks associated withthe challenge of finding and managing cybervulnerabilities across complex, internationaloperations from airports, aircraft operators, AirTraffic Management, and supply chain”.9 Ashighlighted by IATA , this complexity makes theaviation industry vulnerable to hidden cyber risksand ever-increasing threats. The airline industry isan attractive target for many cyber threat actorswith diverse motives, ranging from financialgain to causing disruptions and harm, as wellas unintentional motives related to human error,which are often the cause of incidents.10Due to their complexity, cyberattacks on CNImay be more difficult to detect and control andmay generate cascading effects resulting ineconomic loss, industrial disruption and, in somecases, human casualties.11 When applied toCNI that drives economic and social progress,the impact could be severe in the absence ofadequate cybersecurity and resilience measuresand capabilities.According to IATA, “the combined rapidevolution of; technology, vulnerabilities, threatsand adversary motives is occurring againsta background of international complexity ofcybersecurity regulations, complex supply chainand insufficiently understood cyber risks acrossall segments of the aviation industry”.12 Moreover,cyber resilience poses a unique challenge forgovernment regulation of businesses, as theprocess for certifying and enforcing good securitypractices can be too resource-intensive andcostly for governments to address on their own.The consequences of any major failure couldcarry direct public safety and national securityimplications and costs. Additionally, as newdigital capabilities arise, balancing commercialinterests with sound risk management will beeven more critical to avoid significant harm topublic order, confidence and trust.Not all stakeholders are prepared for thepotential risk and liability that may be broughton by new technologies. The complexity of theaviation ecosystem, with its many stakeholders,makes understanding the new nature of riskparticularly challenging and highlights the stronglink between digital identity management, trustand safety of operations. It also indicates theimportance of identifying which aspects of theaviation ecosystem require priority attention andresources above others. The aviation industrytoday is realizing a future in which drones deliverpackages to the doorstep and a daily commutemeans flying over traffic. As industry andgovernment work together on strong policy andregulations, industry consensus standards willbring us closer to that future.Building Cyber Resilience in the Aviation Sector8
1.3Need for global collaboration to enhance cyber resilience in aviationThe aviation industry sits within a broadergeopolitical landscape that includesintergovernmental policies, security concerns,national interests, economics and society.Reaching industry alignment on meeting thechallenges of new technology adoption musttake these factors into account.Without a common understanding and approachto emerging threats, industry players maystruggle – and even fail – to come up witheffective cyber resilience measures for theaviation industry.To foster public-private collaboration anddialogue across the industry, the WorldEconomic Forum has launched an initiativeon Building Cyber Resilience in the AviationIndustry13, which aims to define and addresssome of the salient systemic challengesconfronting this industry through:– Increasing awareness and understandingof cyber risks relative to the adoption ofemerging technologies, and the impact oncritical systems– Fostering collaboration across the aviationindustry to define a common understandingand approach to risk management that isholistic, risk-based and aligned across thedifferent entities of the aviation industryecosystem– Helping aviation stakeholders in makinginformed – and more effective – decisionsrelated to cyber risks– Developing an industry-wide approach tocyber resilience with a multistakeholdercommunity in alignment and collaborationwith the ICAO Secretariat Study Group onCybersecurity (SSGC), industry associationsand national authorities– Creating market incentives to prioritize capitalinvestment for cybersecurity and resilienceTo advance and help build cyber resilience inthe aviation industry, the Forum has mobilizeda community of experts and key stakeholdersfrom international organizations (InternationalCivil Aviation Organization, Organization ofAmerican States, Eurocontrol), governmententities (European Aviation Safety Agency, UKCivil Aviation Authority, Israel National Cyber9Advancing Cyber Resilience in Aviation: An Industry AnalysisDirectorate, UK National Cyber Security Centre),private-sector organizations (aviation, ICT andinsurance sectors) and trade associations(International Air Transport Association, AirportCouncil International and the Industrial InternetConsortium) to identify challenges and initiativesspearheaded by various government andindustry entities to enable the development of analigned global approach.ICAO, the industry and national authorities arecurrently leading many initiatives seeking toprotect critical systems against cyberattacks.Likewise, there is recognition among communityexperts and stakeholders of:1. The need to increase understanding andawareness of cybersecurity risks in thisindustry2. The need for global synchronization of aviationcyber resilience efforts3. The interest in gaining a commonunderstanding, and application, of riskmanagement practicesThe goal of this community is to help promote asecure and resilient aviation ecosystem, enablingparticipants to transfer their industry learningsand best practices across all segments of theaviation industry that operate critical systems.
2. Aviation Industry Analysis2.1Global risk insightsThe second most frequently cited risk in theWorld Economic Forum Global Risks Report201914, was the pairing of cyberattacks withcritical information infrastructure breakdown.The potential vulnerability of critical technologicalinfrastructure has increasingly become a nationalsecurity concern. The report highlighted thatthe disruption of operations and infrastructureresulting from cyberattacks ranked among thetop five global systemic risks.Figure 1 clearly shows the sensitivity to cyberrisk among aviation industry respondents.Peers in the transportation industry prioritize“Increased security threat from cyber anddata privacy breaches” higher than theaviation industry. This suggests that aviationparticipants find it challenging to balance cyberalongside other risks in a particularly complexoperational environment as digitalization andinterconnectedness become the new norm.Figure 1 – Transportation Risk IndexAirRankTransportation sector1Increased security threat fromcyber and data-privacy breachesFailure of critical IT systemsCompetition/anti-trust law scrutinyassociated with M&A activity2Failure of critical IT systemsCompetition/anti-trust lawscrutiny associated with M&AactivityChange in seasonal demand,leading to shortfall or oversupplyof transport (utilization/capacity)affecting prices3Dependence on third-partysuppliersDependence on third-partysuppliersFailure of critical IT systems4Third-party security vulnerabilitydigital supply chain resilienceInability to keep up with paceof change and technologicaladvancementExtreme weather events/naturaldisasters, epidemics and armedconflicts5Competition/anti-trust lawscrutiny associated with M&AactivityOver-dependence on nationalinfrastructureIncreased security threat fromcyber and data-privacy breaches(All industrial capabilities providing flightabove the ground, including space)AirportsSource: Willis Towers Watson2.2Key insights from industry stakeholdersThe impact is seen broadly across theindustry, with operational disruption and legalconsequences becoming more widespread, andall areas of the aviation industry experiencinglosses in the last year.15 Noting the risks thatcyber threats pose for the aviation industry,including potential safety risks, industrystakeholders are developing cyber-resiliencestrategies to mitigate these effects and to protectcritical assets and functions.Aviation stakeholders must assess the threatsagainst which they want to defend the industry,establish the design principles and controlobjectives accordingly, implement effectivecontrols and keep them up to date. A recentsurvey conducted under the initiative (alsoreferred as “the survey”) examined how somemembers of the aviation industry view cyberrisks, threats and vulnerabilities relevant tothe sector. The findings shared here arerepresentative of the surveyed communityand while they have been validated by furtherresearch, they are not exhaustive. The objectiveof capturing and publishing these findings is toraise awareness among key aviation stakeholdersas a first step to mobilizing collective action toaddress systemic challenges.Building Cyber Resilience in the Aviation Sector10
2.3ThreatsCyber threats generally refer to attempts tocompromise the confidentiality, integrity oravailability of systems, networks or informationusing a data communications pathway anddiverse vectors to compromise their target.This access can be directed from within anorganization by trusted users, often inadvertently,or from remote locations by unknown personsusing the Internet. Threats, and more importantlyAdvanced Persistent Threats, come from threatactors such as hostile governments, advancedcyber criminals, terrorist groups, disgruntledemployees, malicious intruders, or hacktivistgroups.16 Historically, industrial control systemshad a focus on availability and not confidentialityand/or integrity as those networks were typicallynot connected to the internet. This is changingrapidly as these systems are being connected toless secure networks and systems and could beexposed to cyberattacks targeting the weakersystems.nation state offensive capabilities17, able todisrupt or destroy critical national infrastructure,combined with continuing geopolitical instabilityand the ongoing evolution of organized crime18present a significant challenge for increasinglyinter-connected and data-reliant industries suchas aviation.The survey analysis raises a shared concernabout the ability to respond to the cyber risks.Specifically, the role of human behaviour asa potential threat, the increasing adoptionof open or shared technology platforms andthe emergence of new technologies acrossaviation operations, combined with businesstransformation and talent shortages, areincreasing the exposure to cyber threats (Figure2).Renewed concern over human behaviour asboth a threat and vulnerability is apparent acrossmultiple sectors with 87% of executives aroundthe world citing untrained staff as the greatestcyber risk to their business.19Furthermore, the threat landscape is continuallychanging, and new attack vectors are createdat an equally fast pace. The emergence of newFigure 2 – Perceived impact of emerging issues to the aviation industryHuman behaviourAdoption of open platforms, APIsand cloud based servicesSupply of cybersecurity talent / war for IT talentAdoption of new technologies suchas AI, IIoT and blockchainSpeed of internal digital transformation of businessConnectivity between industry participantsCreation of digitally-enabled products,services and customer interfacesIncreasing connectivity and use of mobile technologyRegulatory changes and heightened government securityIncrease in global operationsGrowth through acquisitions, jointventures and partnershipsExpanded supply chain of vendors, suppliers, etc.Heightened customer and public concernsReinventing workplace and collaborativeenvironments of the futureAvailability of cybersecurity insurance011Advancing Cyber Resilience in Aviation: An Industry Analysis123Weighted Threat Impact Score45
2.4RisksWorld Economic Forum research onUnderstanding Systemic Cyber Risk20 explainedthat “systemic risk is inherently different fromnon-systemic risk in that the consequencesare more widespread – systemic risk is therisk of ‘breakdowns in an entire system, asopposed to breakdowns in individual parts andcomponents’ – and more complex as multiplevariables, connections, dependencies andinterdependencies result in cascading, oftenunexpected, consequences”. The industrychallenges associated with systemic risk areconsequently also increasingly interconnected,widespread and complex.In addition to the risk insights disclosed by thesurvey, the following challenges were prioritizedby initiative aviation community membersmeeting in November 2019:1. Highly interconnected/interdependent supplychain2. Global synchronization of aviation cyberresilience efforts / initiatives3. Developing an aviation cyber resilience cultureacross the entire industry4. Building coherent understanding ofcybersecurity risk across safety, physicalsecurity and enterprise5. Aviation cybersecurity workforce development6. Increasing objectivity and transparency ofaviation security riskTechniques used during risk assessment impactthe ability to evaluate the extent of risk associatedwith an organization’s perceived threats. Whenasked about the assessment techniques used,nearly 75% of survey participants reported usingqualitative techniques, with the remainder usingsemi-quantitative techniques such as assigningfinancial exposure values in risk register.As industry risk-management practices becomemore mature, a more quantitative approach torisk management may be introduced, to betterunderstand the risks associated with thesethreats and to build a more resilient industry.Entity level risksHuman factorOperations technologycontrol weaknessInformation technologycontrol weaknessLimitation in communications withboars and stakeholders, or withinthe industryOperational andprocess failureIneffective governance andprioritization of risks and controlsAdoption of emergingtechnologies such as IIoT012345 6 7Risk level8910Source: Initiative survey results, Willis Towers WatsonSector level risksInformation technologycontrol weaknessHuman factorWhile industry-wide survey participantshighlighted connectivity and technology change,individual organizations considered the humanfactor to be the primary risk concern for them.Awareness of this risk factor has increased, yetthere still is an industry need to further develop acomprehensive cyber culture.As Willis Towers Watson and ESI Thought Labemphasized in 2019, “Leaders in cybersecurityare devoting significant resources towardsprotecting IT and risk functions within theirorganizations against external threats, butemployee processes and training as well ascorporate culture play a more integral role thanmany realize.”21Operations technologycontrol weaknessIneffective governance andprioritization of risks and controlsOperational andprocess failureAdoption of emergingtechnologies such as IIoTLimitation in communications withboars and stakeholders, or withinthe industry012345 6 7Risk level8910Source: Initiative survey results, Willis Towers WatsonBuilding Cyber Resilience in the Aviation Sector12
2.5VulnerabilitiesVulnerability can be understood as “weaknessin an information system, system securityprocedures, internal controls, or implementationthat could be exploited or triggered by a threatactor”.22Most participant organizations were willing toshare the type of incident(s) incurred withinthe previous 12 months. This knowledge andthe practice of sharing breach informationhelps provide a basis for identifying where keyvulnerabilities lie. By understanding the incidentsthat have occurred, the industry is able torecognize where attackers are targeting and canbegin building more resilient controls.Most interestingly, human vulnerabilities weremost commonly cited, with most participantsreporting incidents emerged from s
1. Aviation Industry Context in the Digital Age 7 1.1 Adoption of emerging technologies in the aviation industry 7 1.2 What is at stake? 7 1.3 Need for global collaboration to enhance cyber resilience in aviation 9 2. Aviation Industry Analysis 10 2.1 Global risk insights 10 2.2 Key insights from industry stakeholders 10 2.3 Threats 11
- Cyber Resilience Review - Cyber Infrastructure Survey Tool Cyber Security Advisors Protective Security Advisors 3 . Presenter's Name June 17, 2003 Critical Infrastructure Cyber Community (C3) DHS launched the C3 Program in February 2014 to complement the launch of the NIST . DHS Cyber Resources - Operations Focused .
- Cyber Resilience Review - Cyber Infrastructure Survey Tool Cyber Security Advisors Protective Security Advisors 3 . Presenter's Name June 17, 2003 Critical Infrastructure Cyber Community (C3) DHS launched the C3 Program in February 2014 to complement the launch of the NIST . DHS Cyber Resources - Operations Focused .
Cyber Security Training For School Staff. Agenda School cyber resilience in numbers Who is behind school cyber attacks? Cyber threats from outside the school Cyber threats from inside the school 4 key ways to defend yourself. of schools experienced some form of cyber
Cyber Vigilance Cyber Security Cyber Strategy Foreword Next Three fundamental drivers that drive growth and create cyber risks: Managing cyber risk to grow and protect business value The Deloitte CSF is a business-driven, threat-based approach to conducting cyber assessments based on an organization's specific business, threats, and capabilities.
the cyber governance strategies, and establishing the right controls and capabilities to be cyber resilient. KPMG'S CYBER GOVERNANCE AND RESILIENCE APPROACH It is essential that leaders take control of allocating resources to deal with cyber security, actively manage governance and decision making over cyber security, and build an informed and
DHS Cyber Security Programs Cyber Resilience Review (CRR) Evaluate how CIKR providers manage cyber security of significant information services and assets Cyber Infrastructure Survey Tool (C-IST) Identify and document critical cyber security information including system-level configurations and functions, cyber security threats,
risks for cyber incidents and cyber attacks.” Substantial: “a level which aims to minimise known cyber risks, cyber incidents and cyber attacks carried out by actors with limited skills and resources.” High: “level which aims to minimise the risk of state-of-the-art cyber attacks carried out by actors with significant skills and .
Accounting Standard (IAS) terminology and requiring pre sentation in International Standard format. Approach – These qualifications were designed using Pearson’s Efficacy Framework. They were developed in line with World-Class Design principles giving students who successfully complete the qualifications the opportunity to acquire a good knowledge and understanding of the principles .
