Information System Security Protection Levels—Enabler for aSecure Millennium National Air-Space System

摘要

Critical infrastructures, such as the National Airspace System (NAS), offer a challenging set ofrninformation security and systems engineering problems. In 1997, the President’s Commission onrnCritical Infrastructure Protection made protecting critical infrastructures in cyberspace a part ofrnthe national agendarnagendai. Post 9/11, the flying public expects the Federal Aviation Administrationrn(FAA) to apply the right level of focus to ensure safe air travel. Besides understanding thernchanging threat environment and managing wide-ranging vulnerabilities, progress depends onrnimproving systems engineering approaches that unify cyber security in mammoth infrastructuresrnsuch as the NAS. An important ingredient to the FAA's success lies not only in the technology,rnbut also in the agility of corporate infrastructures that protect the NAS. Corporate securityrnapplies to the people and the processes that work behind the scenes to integrate appropriaterntechnology and processes to obtain adequate and timely levels of security. As well, corporaternsecurity seeks sufficient funding to support the overarching goals for FAA "Information SystemrnSecurity (ISS) Protection Levels," described here. The ISS Levels offer a strategy for achievingrnagile and survivable cyber protection for complex systems of systems.