AV Talks

August 7, 2020
  • Hack-A-Sat Launch Party (#av-hack-a-sat-text)
    August 7, 2020  8:00 am - 8:25 am PDT
    Read more...

    Overview of the Hack-A-Sat competition, teams and CTF challenges

    https://www.youtube.com/watch?v=zx20QY7zWPw  


  • Opening Remarks: Getting the Aerospace Village to Take-Off (#av-terminal-text)
    August 7, 2020  10:00 am - 11:00 am PDT
    Read more...

    Presented by:  Pete Cooper, Chris Krebs, and Dr Will Roper

    Abstract:  Let’s face it, relationships between the hacker / researcher community and the aerospace sector in the past – haven’t been great. 20 months ago, a passionate voluntary group of hackers, pilots, engineers, policy wonks and others, decided to do something about it and start creating a community that would foster trusted relationships across all those interested in aviation cyber security. Here we are at our second DEF CON in the Aerospace Village with a rapidly growing hacker / researcher community supported by the aerospace industry, USAF, DDS, CISA, academia, regulators and more including the first satellite CTF.

    A short intro to the Aerospace Village tells the story of how and why we do this, how we got here and where we are going.

    Then we are honoured to have two guest speakers where we hear from Dir CISA, Chris Krebs, who will be chatting about all things CISA and Aerospace Cybersecurity, after which things are rounded off by Dr Will Roper, Assistant Secretary of the Air Force for Acquisition, Technology and Logistics who will talk to the Space Security Challenge – Hack-a-Sat and their support for the Aerospace Village and its vision.

    https://www.youtube.com/watch?v=qll5Z8JMoVI  

    Bios:

    Pete Cooper - Dir Aerospace Village. His first tech love was a ZX Spectrum but then he then moved on to flying fast jets in the UK Royal Air Force. Then he moved into cyber operations before leaving the military 4 years ago. Since then he has started up his own cyber security firm and has advised on everything from developing global cyber security strategies with UN bodies such as ICAO, advising the ICRC on the nature of state vs state cyber conflict and also enjoys playing with active cyber defence and deception. Pete is also the founder and Dir of the UK Cyber Strategy Challenge “Cyber9/12”, holds an MSc in Cyberspace Operations, is a Senior Fellow at Kings College London, a Non-Resident Senior Fellow at the Atlantic Council Cyber Statecraft Initiative and a Fellow of the Royal Aeronautical Society.

    Christopher Krebs - serves as the first director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). Mr. Krebs was originally sworn in on June 15, 2018 as the Under Secretary for the predecessor of CISA, the National Protection and Programs Directorate (NPPD). Mr. Krebs was nominated for that position by President Trump in February 2018.

    Before serving as CISA Director, Mr. Krebs was appointed in August 2017 as the Assistant Secretary for Infrastructure Protection. In the absence of a permanent NPPD Under Secretary at the time, Mr. Krebs took on the role of serving as the Senior Official Performing the Duties of the Under Secretary for NPPD until he was subsequently nominated as the Under Secretary and confirmed by the Senate the following year.

    Mr. Krebs joined DHS in March 2017, first serving as Senior Counselor to the Secretary, where he advised DHS leadership on a range of cybersecurity, critical infrastructure, and national resilience issues. Prior to coming to DHS, he was a member of Microsoft’s U.S. Government Affairs team as the Director for Cybersecurity Policy, where he led Microsoft’s U.S. policy work on cybersecurity and technology issues.

    Before Microsoft, Mr. Krebs advised industry and Federal, State, and local government customers on a range of cybersecurity and risk management issues. This is his second tour working at DHS, previously serving as the Senior Advisor to the Assistant Secretary for Infrastructure Protection and playing a formative role in a number of national and international risk management programs.

    As Director, Mr. Krebs oversees CISA’s efforts to defend civilian networks, manage systemic risk to National critical functions, and work with stakeholders to raise the security baseline of the Nation’s cyber and physical infrastructure.

    Mr. Krebs holds a bachelor’s degree in environmental sciences from the University of Virginia and a J.D. from the Antonin Scalia Law School at George Mason University.

    Dr. Will Roper - is the Assistant Secretary of the Air Force for Acquisition, Technology and Logistics. As the Air Force’s Service Acquisition Executive, Dr. Roper is responsible for and oversees Air Force research, development and acquisition activities totaling an annual budget in excess of $60 billion for more than 550 acquisition programs. In this position, Dr. Roper serves as the principal adviser to the Secretary and Chief of Staff of the Air Force for research and development, test, production and modernization efforts within the Air Force.

    Prior to his current position, Dr. Roper was the founding Director of the Pentagon’s Strategic Capabilities Office. Established in 2012, the SCO imagines new—often unexpected and game-changing—uses of existing government and commercial systems: extending their shelf- life and restoring surprise to the military’s playbook. Since 2012, SCO has grown from an annual budget of $50 million to the current $1.5 billion request in the President’s 2018 budget with projects spanning new concepts such as hypervelocity artillery, multi-purpose missiles, autonomous fast-boats, smartphone-navigating weapons, big-data- enabled sensing, 3D-printed systems, standoff arsenal planes, fighter avatars and fighter-dispersed swarming micro-drones which formed the world’s then-largest swarm of 103 systems. During his tenure as SCO Director, Dr. Roper served on the Department’s 2018 National Defense Strategy Steering Group, Cloud Executive Steering Group and Defense Modernization Team.

    Previously, Dr. Roper served as the Acting Chief Architect at the Missile Defense Agency where he developed 11 new systems, including the current European Defense architecture, advanced drones, and classified programs. Before this, he worked at MIT Lincoln Laboratory and served as a missile defense advisor to the Under Secretary of Defense for Acquisition, Technology and Logistics.


  • MiTM - The Mystery in The Middle. An introduction to the Aircraft Information Systems Domain (#av-aviation-text)
    August 7, 2020  11:00 am - 12:00 pm PDT
    Read more...

    Presented by: Matt Gaffney

    Abstract: The mordern e-Enabled aircraft is often descrbed as a flying data center with half of it on the ground. Sometimes overlooked by researchers in favour of avionics and In-Flight Entertainment systems, this presentation will give an introduction to the Aircraft Information Systems Domain (AISD). This hidden yet important domain logically sits between the Avionics and the passenger network and operators need to consider security in the AISD when bringing e-Enabaled aircraft in to their fleet. 

    https://www.youtube.com/watch?v=r-YIgv3fKOQ  

    Bio: Matt is an aviation cybersecurity consultant at BSSI UK where he also holds the position of Managing Director. He started his cybersecurity career whilst serving in the British Army after being volunteered for a mandatory IT Security Officer course because he ‘has some experience with IT’. With more than 14 years experience across multiple industries from Military and Government to banking and aviation, Matt has mostly worked on the entry into service of e-Enabled aircraft at the operator (airline) level. Due to this, his focus is primarily on systems implemented by the operator and whose touchpoints are the Aircraft Information Systems Domain (AISD). His particular areas of interest are the Electronic Flight Bag (EFB) and ground systems. A relative newbie to the research field, he recently released his first paper ‘Securing e-Enabled aircraft information systems’ and plans on releasing others in the coming months.


  • Satellite Orbits 101 (#av-space-text)
    August 7, 2020  12:00 pm - 12:30 pm PDT
    Read more...

    Presented by:  Matt Murray

    Abstract:  Satellite Orbits 101 will provide an introductory understanding of the orbit of satellites/space vehicles. Leveraging knowledge, experience and visualization tools designed to describe and present orbital behaviors; the presentation will cover introductions to an array of orbital topics including what it even takes to reach and maintain orbit; which launch sites and windows are as important as they are; altitude classifications, such as HEO and LEO; directional classifications; inclination classifications, eccentricity classifications and more. The overlaps and interactions of these topics will also be discussed, as for example a satellite launched from near the equator and destined for a low-inclination orbit could receive help in reaching orbit from the rotation of the earth itself, but how this is not true for satellites bound for high inclination orbits. An attendee will walk away layman’s introductory demystification of just how many layers are beneath the phrase Satellite Orbit.

    Bio: With a degree in Electrical and Computer Engineering at the undergraduate level and Computer Information Systems Engineering with concentrations in Networks and Cyber Security at the Graduate level; Matthew Murray has spent the last twelve of a twenty year career supporting aerospace, cyber and software engineering contracts with Lockheed Martin. His industry knowledge and expertise includes infrastructure hardware, software/hardware interfaces, software development, networking and cyber security. Throughout his career he has gained an in-depth understanding of an array of disciplines and technologies that include satellite orbits and the software development techniques tied to them.


  • GPS Spoofing 101 (#av-space-text)
    August 7, 2020  12:30 pm - 1:00 pm PDT
    Read more...

    Presented by: Harshad Sathaye

    AbstractWith the advent of autonomous cyber-physical systems such as self-driving cars and unmanned aerial vehicles, the use of Global Positioning System (GPS) for positioning and navigation has become ubiquitous. In recent years we have seen a lot of GPS "incidents" which involve either denial of services or spoofing to mislead the receiver. This workshop will include the basics of GPS spoofing with a hands-on exercise and a discussion of state-of-the-art spoofing mitigation techniques

    Bio:  Harshad is a Ph.D. candidate at Northeastern University and a soon-to-be student pilot. He is a cyber security enthusiast with research interests around wireless systems security, specifically navigation systems and development of secure cyber-physical systems


  • Building Connections Across the Aviation Ecosystem (#av-aviation-text)
    August 7, 2020  1:00 pm - 2:00 pm PDT
    Read more...

    Panel with Randy Talley (CISA), Sidd Gejji (FAA), Al Burke (DoD), Jen Ellis (Rapid7), Jeff Troy (A-ISAC), John Craig (Boeing) and Katie Noble (Intel Corp)

    Abstract: Across the Aviation Ecosystem, there is an increased effort to collaborate and coordinate to protect Information Technology (IT) and Operational Technology (OT) systems at airports, airlines, aviation management, and manufacturers and vendors via the supply chain. This diverse panel will share their insights and current activities between government, industry, and the security research community. Learn how you can participate in and ensure the safety and security of the Aviation Ecosystem.

    Bios:

    Katie Noble -
    Katie currently serves as a Director of PSIRT and Bug Bounty at Intel Corp. Where she leads the cyber security vulnerability Bug Bounty program, researcher outreach, and strategic planning efforts. Previous to this position, Katie served as the Section Chief of the Vulnerability Management and Coordination at the Department of Homeland Security, Cyber and Infrastructure Security Agency (CISA) where she led DHS’ primary operations arm for coordinating the responsible disclosure and mitigation of identified cyber vulnerabilities in control systems, enterprise, hardware and software. Katies team is credited by the Secretary of Homeland Security with the coordination and public disclosure of over 20,000 cyber security vulnerabilities within a two year period. Katie is a highly accomplished manager with over 14 years of U.S. Government experience, both in the Intelligence Community and Cyber Security Program Management. She has operated at all levels from individual contributor as an Intelligence Analyst for the National Intelligence Community to Senior Policy Advisor for White House led National Security Council (NSC) Cyber programs. Her work has directly impacted the decision making of the NSC, Defense Information Systems Agency, Office of the Director of National Intelligence, Department of Defense, Federal Communications Commission, Central Intelligence Agency, U.S. Coast Guard, U.K.Ministry of Defense, Canadian Government agencies, and Australian Cabinet Ministry.

    John Craig - is currently the Chief Engineer of Cabin, Network and Security Systems and Product Security Officer for Boeing Commercial Airplanes. In this role, he is responsible for cabin systems, connectivity, onboard networks, cyber security, and airborne software design and implementation. In addition, he is the chairman of the board of the Aviation Information Sharing and Analysis Center, formed to encourage sharing of cyber threat information within the aviation industry. He is on the policy board and program management committee of RTCA to provide input for policy and programs for the aviation. In his 34 years of aviation experience, he has held roles in Electrical Subsystems, Engine Systems, Avionics, Cabin Systems, Onboard Networks, and Connectivity Systems. He is experienced in large scale systems development, software developmental programs and, as a previous FAA Designated Engineering Representative, knowledge of airplane certification programs.

    Jeff Troy - Over the past three years, Jeff developed the A-ISAC comprehensive strategy, led the team’s expansion of the Aviation ISACs services, and tripled membership. He established relationships with global regulators, industry associations, and private sector companies to drive cyber risk
    reduction across the aviation eco-system. Concurrently, Jeff employed by General Electric and is on the Board of Directors, National Defense ISAC. ND-ISAC provides cutting edge cyber security training, intelligence development and a trusted information sharing environment for
    US cleared defense contractors. Jeff spent 25 years as a Special Agent of the FBI. He retired as the Deputy Assistant Director for Cyber National Security and Cyber Criminal Investigations.

    Jen Ellis - Jen Ellis is the vice president of community and public affairs at Rapid7 and her primary focus is on advancing cybersecurity for all by building productive collaboration between those in the security community and those operating outside it. She works extensively with security researchers, technology providers and operators, and various government entities to help them understand and address cybersecurity challenges. She believes effective collaboration is our only path forward to reducing cybercrime and protecting consumers and businesses. Jen is a nonresident fellow of the Atlantic Council, sits on the boards of the Center for Cybersecurity Policy and Law, I Am The Cavalry, and the Aerospace Village, and is a member of the board of advisors for the CyberPeace Institute. She has testified before U.S. Congress and spoken at numerous security or business conferences.

    Al Burke - Mr. Alan W. Burke is the Associate Deputy Director, Air Force Cyberspace Operations and Warfighter Communications and the DOD Chair for the interagency Aviation Cyber Initiative Task Force. Most recently he was a Distinguished Graduate of the College of Information and Cyberspace, National Defense University. He has 36-years of combined active military and government service in the U.S. Air Force and Department of Defense. Previously, he was Chief of the Integrated Air and Missile Defense (IAMD) Division, U.S. Air Forces in Europe-Africa responsible for integrating joint and coalition air, space and missile defense capabilities in support of the Joint Force Air Component Commander and implementation of Presidential policy for missile defense in Europe. On active duty, Colonel Burke was the Director, Operations Support Group and Deputy Director, Warfighter Support Center, Missile Defense Agency (MDA) that delivered global support for Ballistic Missile Defense operations and led the initial Missile Defense Agency Ballistic Missile Defense system deployments in Israel. His active duty service includes operational, staff and command experience in nuclear missile operations, space surveillance, space control, missile warning, national-level command and control, air and missile defense, military training and education, and Research, Development, Test and Evaluation.

    Sidd Gejji - Siddharth (Sidd) Gejji is a Manager in the Federal Aviation Administration (FAA) Office of Information Security and Privacy, within the FAA Office of Information and Technology. Mr. Gejji leads the Aviation Ecosystem Stakeholder Engagement Branch, which is a team of experts responsible for conducting cybersecurity stakeholder engagements throughout the Aviation Ecosystem, including in the Airlines, Airports, Aviation Management, and Aircraft areas. Mr. Gejji serves as a Tri-Chair for the U.S. Aviation Cyber Initiative (ACI). The ACI is a US Government task force with Tri-Chairs from Department of Homeland Security (DHS), Department of Defense (DoD), and FAA. Mr. Gejji and his team support this important interagency mission to reduce cybersecurity risks and improve cyber resilience to support safe, secure, and efficient operations of the Nation’s Aviation Ecosystem. Prior to his current engagement, Sidd spent 12 years in various roles at the FAA, most notably in the FAA Office of Policy where he served as an Acting Manager of the Systems and Policy Analysis Group. He also spent a year on detail to the U.S. Senate Commerce, Science, and Transportation Committee.

    Randy Talley - Mr. Talley is a Senior Advisor assigned to the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) located in Arlington, VA. He uses his aviation expertise and operational Homeland Security background to provide aviation-specific advice to CISA leadership. In his primary role, Mr. Talley serves as the DHS Lead for the Aviation Cyber Initiative (ACI), a Tri-Chaired Task Force assigned to collaborate across the Federal Government, aviation industry and the research community to reduce risks and improve resilience within the Nation’s Aviation Ecosystem.


  • Experimental Aviation, Risks and Rewards (#av-aviation-text)
    August 7, 2020  2:00 pm - 3:00 pm PDT
    Read more...

    Presented by: Patrick Kiley

    Abstract: This talk will cover a hacker’s perspective of building your own aircraft, what I consider to be the ultimate maker/hacker project. Over 10 years ago, I decided to see if I could build an aircraft from a set of plans. The model I chose was a 4 seat AeroCanard FG, a somewhat controversial derivative of the Cozy Mark IV. The Cozy itself was also a derivative, basically a widened version of the Burt Rutan designed Long EZ. This talk will cover why someone would choose to build their own aircraft. All of these topics will cover the risk as I see it as a professional who has been in the information risk field his entire professional career.
    - I will break this talk down into the following topics.
    - FAA and the 51% rule
    - Plans vs Kits
    - Composite vs riveted aluminum construction
    - Making changes to tested designs
    - Engine selection, aviation engines vs conversions
    - Avionics selection

    I will complete the talk with some discussion around becoming a test pilot, what you will become when you finally fly your creation.

    Bio: Patrick Kiley (GXPN, GPEN, GAWN, GCIH, CISSP, MCSE) has over 18 years of information security experience working with both private sector employers and the Department of Energy/National Nuclear Security Administration (NNSA). While he was with the NNSA he built the NNSA's SOC and spent several years working for emergency teams. Patrick has performed research in Avionics security and Internet connected transportation platforms. Patrick has experience in all aspects of penetration testing, security engineering, hardware hacking, IoT, Autonomous Vehicles and CAN bus.


  • Talking to Satellites - 101 (#av-space-text)
    August 7, 2020  3:00 pm - 4:00 pm PDT
    Read more...

    Presented by: Eric Escobar

    Abstract: Reaching out into space may seem like it would require a PhD and thousands of dollars of equipment, but it can actually be done for about $100. In this talk I will detail how to get started talking to satellites using basic equipment. With just a Ham Radio license and some gear, you too can talk to satellites and by extension people thousands of miles away.

    Bio: Eric is a seasoned pentester and a Principal Security Consultant at Secureworks. On a daily basis he attempts to compromise large enterprise networks to test their physical, human, network and wireless security. He has successfully compromised companies from all sectors of business including: Healthcare, Pharmaceutical, Entertainment, Amusement Parks, Banking, Finance, Technology, Insurance, Retail, Food Distribution, Government, Education, Transportation, Energy and Industrial Manufacturing.

    His team consecutively won first place at DEF CON 23, 24, and 25's Wireless CTF, snagging a black badge along the way. Forcibly retired from competing in the Wireless CTF, he now helps create challenges!


  • Hack-A-Sat Friday Recap (#av-hack-a-sat-text)
    August 7, 2020  4:00 pm - 4:30 pm PDT
    Read more...

    Recap of Friday's Hack-A-Sat competition and a look ahead to Saturday


  • Exploiting Spacecraft (#av-space-text)
    August 7, 2020  5:00 pm - 6:00 pm PDT
    Read more...

    Presented by: Brandon Bailey

    Abstract: This presentation will describe the high-level cyber threat landscape for space systems and focus on three examples: Command Replay Attack, Command Link Intrusion, and Denial of Service using GPS jamming. These three attacks were performed using high fidelity ground-to-space simulators to demonstrate the benefit of performing such research using simulation. These simulations leverage many of the same software components used in operations today for several operational missions. Recommendations are provided on how to protect against the attacks and references are provided so the audience can build their own simulations to begin their own research.

    Bio: Brandon Bailey is a cybersecurity senior project leader at The Aerospace Corporation. He has more than 14 years of experience supporting the intelligence and civil space arena. Bailey’s specialties include vulnerability assessments/ penetration testing for space systems and infusing secure coding principles within the software supply chain. Before joining Aerospace, Bailey worked for NASA, where he was responsible for building and maintaining a software testing and research laboratory to include a robust cybersecurity range as well as spearheading innovative cybersecurity assessments of ground infrastructure that support NASA’s mission operations. While at NASA, Bailey was honored with several group and individual awards, including NASA’s Exceptional Service Medal for his landmark cybersecurity work, NASA’s Early Career Achievement Award, and NASA Agency Honor Awards for Information Assurance/Cybersecurity. He has also contributed to teams who have received honorable mention in the 2012 and 2016 NASA’s Software of the Year competition. Bailey graduated summa cum laude with a bachelor’s degree in electrical engineering from West Virginia University and currently holds multiple certifications in the cybersecurity field. He recently co-authored Aerospace’s Center for Space Policy and Strategy’s Defending Spacecraft in the Cyber Domain paper which outlines security principles that can be applied on-board the spacecraft to improve its security posture.


August 8, 2020
  • Attacking Flight Management Systems: This is your captain speaking, We have a small problem! (#av-aviation-text)
    August 8, 2020  8:30 am - 9:00 am PDT
    Read more...

    Presented by:  Mohammad Reza Zamiri, Reza Dorosti and Javad Dadgar.

    Abstract:  Modern aircrafts are heavily relied on flight management systems to automate a wide variety of in-flight tasks, including producing flight plans, reducing the workload on the pilot, or allow the airplane to hook up the autopilot. Vulnerabilities in such systems could allow an attacker to manipulate critical data that are important during a flight. 

    In this talk, we will present the result of our research on the security of a famous flight management system and how we managed to detect a weakness in its security mechanism using reverse engineering. Then we will discuss possible risk scenarios regarding manipulation of mentioned critical data. 

    During this research, we have found a method to modify the navigation data on a flight management computer and also identified some risk scenarios that we think could cause some problems. We hope this may lead to future research and make the aviation industry more secure.

    Bios:

    Mohammad-Reza Zamiri - is a cybersecurity researcher with more than 8 years of experience. His research focuses on computer and network security, with an emphasis on detecting vulnerabilities and threats, penetration testing, as well as embedded or cyber-physical systems. He has published several research papers and presented on top conferences including (ACM CCS, ACSAC, Kaspersky) and currently is working as a senior security analyst. He also likes to play CTF and was the champion of the first national ICS CTF(2019) in Iran.

    Reza Dorosti - is a software reverse engineer with more than 15 years of experience with performing dynamic analysis of software binaries and also assembly language, including x86, ARM, MIPS. He is a fan of embedded devices security.

    Javad dadgar - is an independent security researcher. He is currently working as a red teamer and part-time bug bounty hunter with 4 years of experience. Also he is interested in the aviation industry.


  • Hack-A-Sat Kickoff Segment (#av-hack-a-sat-text)
    August 8, 2020  9:00 am - 9:30 am PDT
    Read more...

    Abstract:  The daily kickoff for Hack-A-Sat informs attendees of the day's schedule and activities for the competition.  Tune in if you want to follow the CTF.  


  • Aerospace Village Badge (#av-terminal-text)
    August 8, 2020  9:30 am - 10:00 am PDT
    Read more...


    Presented by: Rick Hansen

    Abstract: Inexpensive Software-Defined Radios (SDRs) can be used to receive digital communications from aircraft and satellites. This talk presents simple experiments in receiving these communications and assessing the associated strengths and vulnerabilities. This year’s Aerospace Village Badge can be used as an antenna for receiving aviation and satellite data. Materials can be purchased from Amazon and attendees will be able to follow along with the video.

    Bio: Professor Rick Hansen teaches cybersecurity and IoT at Capitol Technology University. He performs original research in vulnerability assessment for embedded systems and telecommunications. Rick also serves as the CEO of APS Global llc which provides cybersecurity, research, and training to government and industry. Rick is an Air Force veteran with degrees in computer science and electronic engineering. He volunteers with Capitol’s Astronautical Engineering program, assisting students with payloads operating in near-space and low-earth orbit. Professor Hansen was honored to be featured in this year’s NSA Centers of Excellence in Cyber Defense video (https://www.captechu.edu/student-experience/centers-and-labs/center-cybersecurity-research-and-analysis-ccra). Last year Rick’s DEFCON presentation focused on exploiting vulnerabilities in automotive LIDAR, which was the focus of this article by Unicorn Riot (https://unicornriot.ninja/2019/hacking-lidar-changing-what-autonomous-vehicles-see/).


  • Hackers and ISACs (#av-aviation-text)
    August 8, 2020  10:00 am - 11:00 am PDT
    Read more...

    Panel hosted by Pete Cooper with Jeff Troy (A-ISAC), Erin Millar (S-ISAC), Matthew Gaffney (BSSI UK) and Ken Munro (PenTest Partners)

    Abstract:  Across the aerospace sector, good faith research has a key role in highlighting both risks and vulnerabilities but it hasn’t always been welcomed with open arms. ISACs are often seen as a key point of contact for researchers and hackers doing this work but how best do we create relationships across hackers and ISACs to learn the lessons of the past and build the trust that we need?

    Bios:

    Pete Cooper - Director, Aerospace Village


    Pete Cooper, Dir Aerospace Village. His first tech love was a ZX Spectrum but then he then moved on to flying fast jets in the UK Royal Air Force. Then he moved into cyber operations before leaving the military 4 years ago. Since then he has started up his own cyber security firm and has advised on everything from developing global cyber security strategies with UN bodies such as ICAO, advising the ICRC on the nature of state vs state cyber conflict and also enjoys playing with active cyber defence and deception. Pete is also the founder and Dir of the UK Cyber Strategy Challenge “Cyber9/12”, holds an MSc in Cyberspace Operations, is a Senior Fellow at Kings College London, a Non-Resident Senior Fellow at the Atlantic Council Cyber Statecraft Initiative and a Fellow of the Royal Aeronautical Society.

    Jeff Troy - President, CEO, Aviation ISAC

    Over the past three years, Jeff developed the A-ISAC comprehensive strategy, led the team’s expansion of the Aviation ISACs services, and tripled membership. He established relationships with global regulators, industry associations, and private sector companies to drive cyber risk reduction across the aviation eco-system. Concurrently, Jeff employed by General Electric and is on the Board of Directors, National Defense ISAC. ND-ISAC provides cutting edge cyber security training, intelligence development and a trusted information sharing environment for US cleared defense contractors. Jeff spent 25 years as a Special Agent of the FBI. He retired as the Deputy Assistant Director for Cyber National Security and Cyber Criminal Investigations.

    Erin Miller - VP of Operations for Space ISAC, National Cybersecurity Center  

    Erin has over a decade of experience building meaningful tech collaborations and has formed hundreds of formal partnerships between government, industry and academia to solve problems for warfighters and national security. Currently Erin is building a Public-Private Partnership (P3), called Space ISAC. This is the third non-profit launch Erin has led and has been passionate about P3 for her entire career.

    Erin was the Managing Director of the Center for Technology, Research and Commercialization (C-TRAC) and brought three USAF-funded programs to bear at the Catalyst Campus for Technology & Innovation (www.catalystcampus.org) from 2016-2018. Her expertise in brokering unique partnerships using non-FAR type agreements led to the standup of the Air Force’s first cyber focused design studio, AFCyberWorx at the United States Air Force Academy, and the first space accelerator, Catalyst Accelerator, at Catalyst Campus in Colorado Springs - in partnership with Air Force Research Laboratory and AFWERX.

    In 2018 Erin was recognized by the Mayor of Colorado Springs as Mayor’s Young Leader (MYL) of the Year Award for Technology. She is also the recipient of Southern Colorado Women’s Chamber of Commerce Award for Young Female Leader in 2018. Erin serves on the board of cyber teaching certifications at Handshake Leadership. A company putting purpose over profit.

    Matthew Gaffney - Managing Director, BSSI UK
    Matt is an aviation cybersecurity consultant at BSSI UK where he also holds the position of Managing Director.  He started his cybersecurity career whilst serving in the British Army after being volunteered for a mandatory IT Security Officer course because he ‘has some experience with IT’.  With more than 14 years experience across multiple industries from Military and Government to banking and aviation, Matt has mostly worked on the entry into service of e-Enabled aircraft at the operator (airline) level.  Due to this, his focus is primarily on systems implemented by the operator and whose touchpoints are the Aircraft Information Systems Domain (AISD).  His particular areas of interest are the Electronic Flight Bag (EFB) and ground systems.  A relative newbie to the research field, he recently released his first paper ‘Securing e-Enabled aircraft information systems’ and plans on releasing others in the coming months.   

    Ken Munro- Boss Pen Tester, Pen Test Partners
    Ken Munro is Partner and Founder of Pen Test Partners, a firm of ethical hackers. He and colleagues hold private pilot’s licenses and have been interested in aviation security for many years. They also publish and blog about their research into aviation cyber security, covering topics from airborne connectivity, the potential risks of publicly available avionics component information, and even the entire attack surface of the modern airport. Ken and Pen Test Partners have also been invited to speak at various aviation industry events, and on aviation at specialist security events such as DEFCON’s Aviation Village, the Global Connected Aircraft Summit, and the Aviation ISAC Summit among others.







  • A View from the Cockpit: Exploring Pilot Reactions to Attacks on Avionic Systems (#av-aviation-text)
    August 8, 2020  11:00 am - 11:30 am PDT
    Read more...

    Presented by:  Matt Smith

    Abstract:  Researchers have been crafting attacks on aviation systems for almost a decade now, on wireless technologies like ADS-B and ACARS to In Flight Entertainment (IFE) devices. Many attacks seek to affect what the pilots see or how the aircraft is flown. Although we can work out what should happen in theory, does this translate to practice? In this talk, we describe how we investigated this using a flight simulator and 30 type-rated commercial pilots.

    In particular, we will discuss:
    - What happens when your aircraft thinks you are on collision course - but nothing is there,
    - How pilots respond when landing guidance puts you at the wrong end of the runway (i.e. the reverse Die Hard),
    - Can attackers push flight crew into switching systems off?

    Bio:  Matt is a Postdoctoral Research Associate in the System Security Lab led by Prof. Ivan Martinovic, at the Department of Computer Science, University of Oxford. His research looks at the security of wireless systems in aviation, most recently focusing on the impacts of attacks on safety systems. Prior to this, Matt completed his PhD in the Department of Computer Science, University of Oxford, covering avionic data links and the effects of attacks in the cockpit. He holds a Masters degree in Computer Science from the University of Warwick.


  • Checklist for Aviation Vulnerability Disclosure: Don't go it alone (#av-aviation-text)
    August 8, 2020  11:30 am - 12:00 pm PDT
    Read more...

    Presented by: Jay Angus

    Abstract:  Cybersecurity vulnerabilities are ever present in IT and OT systems and the aerospace sector is not exempt from these findings. What should a researcher or vendor do when they find a vulnerability? This is a common question but can have many and variety complex answers. Showing how a few simple steps by each participant in the process of coordinated disclosure can decrease the stress of the efforts and result in trust among researchers and a more resilient aviation sector.

    Major points will focus on:
    - What researchers should be doing in preparation of disclosure.
    - When a researcher should be looking for help with coordination.
    - Questions vendor should be asking in preparation of a public disclosure.
    - Each disclosure is a unique event and should be leveraged to build upon.

    Bio:  Mr. Jay Angus is a career civil servant with 16 years of experience as a federal employee. He currently serves as the federal lead for the Industrial Control Systems Vulnerability Management and Coordination program within Cybersecurity Infrastructure Security Agency. Prior to joining CISA, he worked for 10 years as an Information Assurance Manager at Naval Hospital Pensacola and SpaWar.

    In his current role, he manages day to day operations within the Cybersecurity Infrastructure Security Agency ICS vulnerability disclosure program. As the federal lead for this program he provides oversight of the responsible disclosure of Industrial Control Systems, IoT equipment, and medical devices. One of the significant challenges of this mission space is developing the trust of vendors, asset owners, and researchers, while providing actionable mitigation and remediation strategies to the system owners across the sixteen critical infrastructure sectors.


  • Low-Cost VHF Receiver: Eavesdropping Pilot/Controller Communication (#av-aviation-text)
    August 8, 2020  12:00 pm - 1:00 pm PDT
    Read more...

    Presented by:  Allan Tart and Fabian Landis

    Abstract:  The objective of the talk is to give an overview of the latest development in OpenSky Network – recording Air Traffic Control ATC voice communications. 

    As the receiver-feeder system will be developed within ATCO2 project, an undertaking financed by the European Union, a short overview of the ATCO2 project will be given. The central question covered in this first part of the talk is: “What will happen with the voice recording after it’s uploaded to OpenSky Network?”

    The main part of the talk will focus on how to set up the receiver which is built around RTLSDR-Airband - an open source multichannel AM/NFM receiver (more about it here: https://github.com/szpajder/RTLSDR-Airband/wiki).

    Participants are encouraged to take an active role during the workshop and set up the receiver during the talk. In order to do that, listeners should make sure they have the following items available:
    - Raspberry Pi (any version should work).
    - SDR-RTL dongle (RTL-SDR Blog R820T2 RTL2832U 1PPM TCXO SMA Software Defined Radio with Dipole Antenna Kit available from https://www.rtl-sdr.com/buy-rtl-sdr-dvb-t-dongles/ as includes antenna and antenna cables).
    - SD card (with memory of 16GB is sufficient)

    Bios:  

    Allan Tart - joined OpenSky network in July 2019, where his main responsibilities include leading special research and development projects. He has more than a decade worth of experience working in the air traffic management domain, where he has filled different positions ranging from being surveillance systems engineer to leading various development projects. In addition to his work in ATM, he has been actively conducting research in the field of array processing and spatial filtering at Tallinn University of Technology. In recent years his research interests have shifted toward the area of radio network deployment, in which he cooperates with the Standards and Technology department in Ericsson AB.

    Fabian Landis - received his master's degree at the Swiss Federal Institute of Technology Zurich in 2004 in the areas of computer networks, computer vision, IT security and speech processing. He has been a developer since, working for banks and software providers in the area of infrastructure, trade finance and IAM. He has recently joined Opensky Networks and is now focusing on the ATCO2 project which this talk will cover to some extent.


  • Product Cybersecurity: Secure Airplane Development Lifecycle (#av-aviation-text)
    August 8, 2020  1:00 pm - 1:30 pm PDT
    Read more...

    Presented by:  Michael Vanguardia

    Abstract:  The Aviation industry has always focused on safety and with the advent of the e-enabled aircraft must now also contend with cybersecurity threats. Malicious intent via cyber means is a new area of concern that needs to be accounted for during airplane design, development, and verification. This talk will provide an overview of Boeing's Secure Airplane Development Lifecycle and activities that the Commercial Airplane, Product Security organization has undertaken to enhance the cyber resiliency of commercial aircraft.

    Bio:  Michael Vanguardia is an Associate Technical Fellow and Senior Product Cybersecurity Engineer for Boeing Commercial Airplanes, out of Seattle, Washington. In this role he supports security throughout the entire airplane development cycle; from security architecture definition and design, though software development and verification. This includes the execution of security testing against embedded avionic systems and networks across Boeing’s fleet of commercial aircraft. Recently, Michael’s role has been extended to spearhead security researcher engagement and airplane cyber incident investigations. Michael comes with 20+ years of experience working with space systems and avionics across the Department of Defense and the Commercial Aviation sectors.


  • Introduction to ACARS (#av-aviation-text)
    August 8, 2020  1:30 pm - 2:00 pm PDT
    Read more...

    Presented by:  Alex Lomas

    Abstract:  We'll go through what ACARS is, its roots in Telex, through to how it's implemented and used in modern airline operations today over VHF, HF, and SATCOM.

    We'll talk about how to setup your own ACARS receiver using an RTL-SDR and do a live demo of capturing real ACARS transmissions and attempt to decode what those messages are about. Then we'll take a thought experiment on how potentially malicious transmissions could be made to affect the aircraft.

    There will also be a discussion around how ACARS is used in modern CPDLC air traffic to pilot data links, instead of voice communications and how these could be vulnerable, and a brief look at SELCAL which reduces the need for pilots to monitor the radio.

    Lastly we'll look at the future of ACARS over IP and how this will integrate with modern e-enabled aircraft.

    Bio:  Alex is Pen Test Partner’s aerospace specialist. Alex undertakes penetration testing of traditional IT, such as networks, web applications, and APIs, as well as more aviation-specific areas including airport operational technology and avionics embedded systems such as inflight entertainment and e-enabled aircraft.


  • Ticketing to Takeoff: An Airport Hacking Choose Your Own Adventure (#av-aviation-text)
    August 8, 2020  2:00 pm - 3:00 pm PDT
    Read more...

    Presented by:  Liz Wharton

    Abstract:  Check-in software glitches, payment system data breaches, gate signage ransomware attacks... Airports are an interconnected, mini-smart city of retail, dining, infrastructure, and transportation logistics operated by a hodgepodge of business interests + federal, state, and local entities and agencies. Join an interactive adventure as a passenger navigating the airport to catch a flight before hackers cause chaos, highlighting security pitfalls and risks all based on publicly disclosed incidents.

    Bio:  Liz, a technology-focused business and public policy attorney, has advised researchers, startups, and policymakers at the federal, state, and local level. Currently SCYTHE’s Chief of Staff, she was the World’s Busiest Airport’s technology attorney and hosted the Buzz Off with Lawyer Liz podcast.


  • ILS and TCAS Spoofing Demonstration (#av-aviation-text)
    August 8, 2020  3:00 pm - 3:30 pm PDT
    Read more...

    Presented by: Alex Lomas

    Abstract: The Traffic Alert & Collision Avoidance System or TCAS was first developed in the early 1980s using transponders on aircraft to interrogate other aircraft within a set range about their distance, altitude, and heading. If a collision course is detected and the aircraft is suitably equipped, a TCAS alert will be sounded. In certain autopilot modes (mostly on Airbus), the aircraft will automatically follow the TCAS Resolution Advisory and climb or descend with no input from the pilot.Others have shown that it’s possible to create fake TCAS traffic. We’ve taken this further and investigated how airplanes equipped with autopilots capable of flying a resolution advisory themselves would respond in certain scenarios.  

    Bios:

    Alex Lomas is Pen Test Partner’s aerospace specialist. Alex undertakes penetration testing of traditional IT, such as networks, web applications, and APIs, as well as more aviation-specific areas including airport operational technology and avionics embedded systems such as inflight entertainment and e-enabled aircraft.


  • A Deeper Dive Into ILS and ADS-B Spoofing (#av-aviation-text)
    August 8, 2020  3:30 pm - 4:00 pm PDT
    Read more...

    Presented by:  Harshad Sathaye

    Abstract:  Modern aircraft heavily rely on several wireless technologies for communications control and navigation. Researchers demonstrated vulnerabilities in many aviation systems e.g., spoofing ILS signals to disrupt the landing, injecting ghost aircraft into airspace, spoof locations, and manipulate key communication messages. This presentation will give the viewers a better understanding of the fundamental problems associated with these critical systems and what makes spoofing attacks possible

    Bio: Harshad is a Ph.D. candidate at Northeastern University and a soon-to-be student pilot. He is a cyber security enthusiast with research interests around wireless systems security, specifically navigation systems and development of secure cyber-physical systems.


  • Hack-a-Sat End of Day Recap (#av-hack-a-sat-text)
    August 8, 2020  4:00 pm - 4:30 pm PDT
    Read more...

    Abstract: This segment will provide a round-up of the day's Hack-A-Sat activities, notable achievements and other information for the rest of the competition.  


  • General Aviation (GA) Electronic Flight Bags (EFB) (#av-aviation-text)
    August 8, 2020  5:00 pm - 6:00 pm PDT
    Read more...

    Presented by:  David Robinson

    Abstract:  Over the last while I have been looking at General Aviation (GA) Electronic Flight Bags (EFB). This talk will look at some of the potential security related issues I have noticed along the way. This talk will be a high level overview of the classes of problems which have been observed, opposed to focusing on particular products and individual bugs in these products. The goal here is to help an industry who is adding more connected services to their products and understanding the risks which the benefits bring.

    The talk will highlight some categories of issues which have been identified. Along with information about why it is an issue, there will be information on methods to mitigating these security risks. I would like to see as an outcome form this talk people who develop EFBs taking away some of the ideas and mitigating the risk in their own products.

    Bio:  Dave/Karit is currently part of the team at ZX Security in Wellington, New Zealand and works as a penetration tester. Since joining ZX Security Dave has presented at Defcon and Kiwicon along with other Cons and meetups. Along with aerospace, he has a keen interest in lock-picking and all things wireless.


August 9, 2020
  • Hacking Airplane Air to Ground (A2G) Systems (#av-aviation-text)
    August 9, 2020  8:30 am - 9:00 am PDT
    Read more...

    Presented by: Ali Abdollahi

    Abstract: One of the most important parts of avionic systems is the communication. Airplanes use mobile communication to connect to stations on the ground. In many cases the connection is based on LTE-Advanced technology and in some cases when an airplane is on the seas or somewhere else that there is no base station on the ground, It uses the satellite as a hub. In this presentation I will explain vulnerabilities and ways to take advantage of A2G systems and other avionic components.

    Bio: Ali Abdollahi a cyber security expert with over 8 years of experience working in a variety of security fields. Ali is a full-time consultant helping clients with product security testing, reverse engineering, penetration testing, exploit developing, red-teaming, secure coding, and more, giving him ample opportunity to use his skills in a diversity of ways. In addition, He is an instructor, author and board of review at Hakin9 company. Ali is a self-confessed bug hunter, publisher of many vulnerabilities and CVEs. Ali is a regular speaker and trainer at industry conferences.


  • Hacking Aerospace Cybersecurity Regulation (#av-aviation-text)
    August 9, 2020  9:00 am - 10:00 am PDT
    Read more...

    Hosted by:  Kaylin Trychon with Nicole Keeley (UK CAA), Harley Geiger (Rapid7), and Saulo Da Silva (ICAO)

    Abstract:  The aerospace industry is highly regulated with a great deal of focus on cybersecurity. Other sectors have seen how good faith hackers and researchers can help increase resilience and highlight vulnerability – how best to do that in a highly regulated, safety critical industry like aerospace? Aerospace regulators have a key role in understanding risk and putting in place the legal frameworks and creating rules, regulations and best practice around good faith research, join us on a panel with the research community and aerospace regulators to chat about what where we are and what we need to do.

    Bios:  

    Nicole Keeley - Head of Cyber Security Oversight, UK Civil Aviation Authority 
    Nicole leads the team responsible for regulatory cyber security oversight, for aviation in the UK. Her aim is to have a proportionate and effective approach that enables aviation to manage cyber security risks without compromising aviation safety, security or resilience (with a particular focus on critical national infrastructure). Having worked in a variety of industries in various GRC and technical information security roles, she loves the interconnected and diverse nature of aviation.

    Harley Geiger - Director of Public Policy, Rapid7
    Harley Geiger is Director of Public Policy at Rapid7, where he leads the company's policy engagement on cybersecurity, encryption, computer crime, exports, and digital trade issues. Prior to working at Rapid7, Geiger was Advocacy Director at the Center for Democracy & Technology (CDT), where he worked on issues related to government surveillance, privacy and computer crime. Prior to that, Geiger was Senior Legislative Counsel for U.S. Representative Zoe Lofgren of California, serving as lead staffer for technology policy. Geiger is an attorney and is CIPP/US certified.

    Saulo Da Silva - Chief Global Interoperable Systems Section, ICAO
    Saulo da Silva began his career in the Brazilian Air Force as an Air Traffic Controller in an Area Control Centre in 1985. After finishing his Electrical Engineering course and his Master in Air Transport Engineering and a post-graduation in Air Traffic Management he moved in 1995 to the Brazilian Air Navigation Service Provider where he became a procedure designer and an airspace manager. In his career he participated and provided service as Chairperson of several ICAO regional meetings in the Caribbean and South American Regions as well as represented Brazil in different ICAO Panel of experts.

    Saulo joined ICAO in 2007 as an Air Traffic Management Technical Officer and served as Secretary of the Air Traffic Management Requirements and Performance Panel, and the Separation and Airspace Safety Panel, where he led the efforts to develop new concepts and Standards and Recommended Practices related to Information Management, Flight and Flow Information in a collaborative environment and reduced separation minima. Currently Saulo is the Chief of the Globally Interoperable Systems Section in the ICAO Air Navigation Bureau and responsible for the development of the Global Air Navigation Plan, the development of system-wide information management (SWIM) and also responsible for the development of a trust framework to help the aviation system to face cyber threats and keep resilience considering the interconnected aviation ecosystem. Saulo is currently pursuing his PhD on cyber safety and resilience.


  • Trust and Truth in Space Situational Awareness (#av-space-text)
    August 9, 2020  10:00 am - 10:30 am PDT
    Read more...

    Presented by:  James Puvur

    Abstract:  Space Situational Awareness Data (SSA) is the lifeblood of responsible spaceflight. With tens of thousands of debris objects in orbit, knowing where and when collisions may occur is key to preventing lasting environmental harm. However, SSA data collection is inordinately complex, creating natural incentives for centralized information sharing. When actors lack the capability to independently monitor the state of orbit, they find themselves forced to trust third parties.

    In this talk, we consider how a sufficiently motivated attacker might modify SSA repositories to deliberately conceal or falsify collision projections to influence the behaviors of satellite owners. In addition to a high-level discussion of the relevant threat model, we will present simulated implementations of these attacks. We will also briefly consider various mitigation techniques which can be employed by both SSA operators and data recipients against such attacks.

    This talk will touch on basic principles of orbital dynamics and spaceflight operations but assumes no prior background in physics. It is intended to serve as starting point for those interested in how the physical dynamics of outer space can manifest as unique security challenges.

    Bio:  James Pavur is a Rhodes Scholar and DPhil Student at Oxford University where he researches satellite cyber-security within the Department of Computer Science’s System Security Lab. Prior to attending Oxford, he graduated from Georgetown University’s School of Foreign Service with a degree in Science, Technology, and International Affairs. His primary research areas relate to satellite broadband security and secure spaceflight operations. He has also dabbled in research into privacy and telecommunications policy and is an avid hackathon and CTF competitor.


  • 747 Walkthrough from a Hacker's Perspective (#av-aviation-text)
    August 9, 2020  10:30 am - 11:00 am PDT
    Read more...

    Presented by:  Ken Munro and Alex Lomas

    Abstract:  This will be a tour of an end of life 747 airframe, covering a 101 of the cockpit systems and avionics bays. We will also be explaining the various systems & threat surfaces.


    Bios: 

    Ken Munro is Partner and Founder of Pen Test Partners, a firm of ethical hackers. He and colleagues hold private pilot’s licenses and have been interested in aviation security for many years. They also publish and blog about their research into aviation cyber security, covering topics from airborne connectivity, the potential risks of publicly available avionics component information, and even the entire attack surface of the modern airport. Ken and Pen Test Partners have also been invited to speak at various aviation industry events, and on aviation at specialist security events such as DEF CON’s Aviation Village, the Global Connected Aircraft Summit, and the Aviation ISAC Summit among others.

    Alex Lomas is Pen Test Partner’s aerospace specialist. Alex undertakes penetration testing of traditional IT, such as networks, web applications, and APIs, as well as more aviation-specific areas including airport operational technology and avionics embedded systems such as inflight entertainment and e-enabled aircraft.


  • Critical Aerospace Cybersecurity: A Changing Paradigm and How You Can Help (#av-space-text)
    August 9, 2020  11:00 am - 12:00 pm PDT
    Read more...

    Presented by:  Nathalie Feyt, Lawrence Rowell and Yannick Le Ray

    Abstract:  Aerospace is changing – Its digital transformation must now be synonymous with being cyber secure. In-cabin systems are looking more like your everyday living room and the numerous potential entry points must be tested for security. During this session we will take you through the offensive testing that we put systems through to show you what is happening to improve the life cycle of aviation systems thanks to cybersecurity-by-design principles influenced by a hack/fix process.

    From design to operation, blue teams and red teams are working together for a first line of defense to help identify vulnerabilities and ensure more robust and resilient systems – systems which we all rely on, and must be certified by Airworthiness Authorities when safety is at stake.

    Join Nathalie Feyt, Lawrence Rowell and Yannick Le Ray as they lead a presentation on securing avionics, passenger systems, and air traffic management systems, and show how industry designs, attacks, learns and improves aerospace systems.

    Bios: 

    Nathalie Feyt - has worldwide responsibility of security activities for Thales Avionics, as Chief Product Security Officer. She leads the security solutions roadmap for the Thales aviation portfolio covering both airborne and ground operation systems to develop new generations of safe and secure avionics, enabling in-flight connectivity and digitalization of aviation operations. She also supports the governance of cybersecurity risks for products in operations. At a European policy level, she is the Chair of Cybersecurity for the ASD taskforce, and at the national level for France she is the Technical Expert Referee for Thales at Conseil de Cybersécurité du Transport Aérien.

    Yannick Le Ray is an engineering graduate from Ecole Polytechnique of Montreal. He joined Thales in 2003 where he held a number of positions in bid and product management for air defence command & control systems as well as communication intelligence. Since 2018, Yannick has the worldwide responsibility of cybersecurity for the Thales aeronautics vertical including Air Traffic Management, Avionics & Airports.

    Lawrence Rowell is the Product Security Officer for Thales Inflyt Experience. His responsibilities include cybersecurity governance, strategy and risk management for all business line products. He supports the continuous integration of cybersecurity in the product lifecycle from development to ongoing operations.  He leads the cybersecurity product roadmap that includes new cybersecurity features and offerings. Lawrence also has 15 years of experience with cybersecurity in the finance industry,  leading the cybersecurity program for a fortune 500 financial company. He graduated with an MS in Telecommunications Management from Oklahoma State University.


  • Cybersecurity Lessons Learned from Human Spaceflight (#av-space-text)
    August 9, 2020  12:00 pm - 1:00 pm PDT
    Read more...

    Presented by:  Pam Melroy

    Abstract:  Space is incredibly important in our daily lives – providing the GPS navigation on our phone and in our financial system, national security communications throughout the world, and remote sensing of weather conditions and other indicators of the health of the Earth. We’ve had a very complacent attitude about our satellites because physical access has been impossible. Now we know our key infrastructure is at threat on the ground, and it is in space as well from both physical and cyber threats. There are many important lessons to be learned about the software approach to human space flight and its high standards for software error rate and redundancy, tiered levels of access, distributed architecture, command protocols, and there are mistakes to learn from as well. The space industry is changing very rapidly. With commercial space stations, lunar exploration, and nation states competing for achievements – and resources – in space, we must understand the implications and prepare for the challenges ahead.

    Bios:  

    Pam Melroy - is a retired US Air Force test pilot and former NASA astronaut and Space Shuttle commander. After NASA she worked at Lockheed Martin on the Orion lunar exploration vehicle program, the Federal Aviation Administration’s Office of Commercial Space Transportation, and at DARPA. She is now an independent consultant and advisor.


  • Dissecting Wireless Privacy in Aviation (#av-aviation-text)
    August 9, 2020  1:00 pm - 1:30 pm PDT
    Read more...

    Presented by:  Martin Strohmeier

    Abstract:  A multitude of wireless technologies are used within air traffic communication. From a conceptual perspective, all of them are insecure as confidentiality was never part of their design and they could not keep up with the change in threat models. This talk analyzes the current state of wireless privacy in aviation, covering air traffic control and datalink communication. We show how combining publicly available data sources enables global tracking of every aircraft for anyone interested. In particular, we present various case studies to demonstrate how anyone can undermine the privacy of military, governmental and corporate operators. Finally, we look at some industry responses and illustrate the futility of the current attempts to maintain privacy for aircraft owners in a world of ubiquitous sensor surveillance.

    Bio:  Martin Strohmeier is a Junior Research Fellow of Kellogg College, University of Oxford and a Senior Scientist at the Swiss Cyber Defence Campus.The main focus of his work has been the design, implementation, and analysis of security protocols for cyber-physical systems, specifically those used in critical infrastructures such as aviation (civil and military). Using these domains as a driver for the real-world applicability of his research, his work has been published in many diverse venues, spanning wireless communications, cryptography, systems security, sensor networking, privacy, and aviation.

    After his DPhil, he has been extending his interests towards areas of open-source intelligence, privacy issues in aviation and satellite environments, and most recently adversarial machine learning. Martin is also a co-founder of the aviation research network OpenSky where he is responsible for communication and research activities.


  • Breakdown of the FAA's Privacy ICAO Address Program (#av-aviation-text)
    August 9, 2020  1:30 pm - 2:00 pm PDT
    Read more...

    Presented by:  Gui Michel

    Abstract:  The FAA launched the Privacy ICAO Address (PIA) program in January 2020 to address privacy concerns in General Aviation in the United States. This talk will present an analysis on the privacy performance of this program in its current state and our predictions for the future. We will demonstrate that it is possible to identify aircraft despite being enrolled in the program, using ADS-B data from crowdsourced networks. The privacy loss of participating aircraft over time is quantified through a purpose-built privacy simulator, showing that tracking is possible, even with a much greater participation in the program in the future. To address these issues, we will present two solutions that could significantly improve the privacy of the PIA program going forward.

    Bio:  Gui is a Master student in the joint degree in Cybersecurity at EPFL and ETH Zürich. His research interests lie in distributed systems, computer security and privacy.


  • Hack-a-Sat Closing Segment (#av-hack-a-sat-text)
    August 9, 2020  2:00 pm - 3:00 pm PDT
    Read more...

    Abstract: This segment will officially end the Hack-A-Sat competition.  Tune in for awards and celebrations!


  • Cybersecurity Meets Aviation Regulation (#av-aviation-text)
    August 9, 2020  3:00 pm - 4:00 pm PDT
    Read more...

    Presented by:  Aaron Cornelius and Tim Brom

    Abstract:  Software development for aviation is highly regulated, and process driven. The current processes, as defined in DO-178C and related standards, originate from a history of designing and testing mechanical components. In the past you designed a part and once installed it only had to be monitored for physical condition. It was assumed that maintenance procedures would be able to identify which components are in flight condition and which are not. But now that there are USB ports and iPads in the cockpit, do these previous assumptions remain valid? How can we ensure that flight systems are not compromised after being installed? What can be done to help ensure aviation systems are secure?

    There are 4 primary areas of concern on a modern aircraft:
    - Maintenance interfaces - What is necessary to ensure that software communicating with the aircraft is correct and operates in a secure manner?
    - Passenger interfaces - What is necessary to ensure that systems passengers interact with cannot interfere with the aircraft operation?
    - Crew accessible interfaces - What is necessary to ensure that the crew cannot accidentally connect a malicious device to flight systems?
    - Pre-flight software validation - Is there a procedure that could be used to ensure that the software running on aircraft systems is 100% correct and unmodified?

    Bios:  

    Aaron Cornelius - is a Senior Security Researcher at GRIMM specializing in the security of automotive, aerospace, critical infrastructure and industrial control systems. Aaron has over 15 years developing embedded and safety critical systems for telecom, aviation, medical, and industrial applications.

    Tim Brom - is the Managing, Senior Security Researcher for Embedded Systems at GRIMM specializing in automotive security research. Tim has over ten years experience as a software developer and security researcher with a focus on automotive, aerospace, critical infrastructure and industrial control systems. Additionally, Tim has contributed extensively to the development of CanCat, GRIMM’s open source CAN bus reverse-engineering tool, and CANT, a tool for interacting with CAN bus at the electrical layer. Tim was the lead engineer in the development of GRIMM’s car-hacking workbenches. Tim has also had publications about car-hacking tools and techniques, including on the Macchina M2.


  • What I Learned Trying to Hack a 737 (#av-aviation-text)
    August 9, 2020  4:00 pm - 5:00 pm PDT
    Read more...

    Presented by: Karl Koscher

    Abstract:  As part of work looking at avionics security, we reverse-engineered two Communication Management Units used on 737s, and they are engineered unlike any other embedded system I’ve seen. CMUs must be certified to a high Design Assurance Level, but airlines typically want to add custom airline operations applications. This talk explores how these seemingly incompatible requirements are met in two very different ways, and takes a deep dive into how the CMUs work.

    Bio: Karl Koscher is a research scientist working at the University of Washington Security and Privacy Research Lab where he specializes in wireless and embedded systems security. He led the first team to demonstrate a complete remote compromise of a car over cellular, Bluetooth, and other channels.