The Bessie Coleman Center (FOB 10A, 2^nd Floor)

Meet in-person with experts on the following cybersecurity topics, as well as the Air Traffic Organization (ATO) Cybersecurity Group (ACG) Leadership Team:

• Cyber Tools (ACG)
• Pen Test (ACG)
• Exercises (ACG)
• FAA’s Zero Trust Implementation for the Aviation Ecosystem
• NAS Cybersecurity Enterprise Engineering Facility (NCEF)
• Aviation Cyber Initiative (ACI)
• Cybersecurity Threat Model (CTM)
• NAS Cyber Operations (NCO)

Virtual Event Platform (via FAA Zoom session)

Meet virtually with experts on the following cybersecurity topics:

• Cyber Tools (ACG)
• Pen Test (ACG)
• Exercises (ACG)
• FAA’s Zero Trust Implementation for the Aviation Ecosystem
• NAS Cybersecurity Enterprise Engineering Facility (NCEF)
• Office of Information Security and Privacy (AIS)
• Inter-Agency Working Group (IAWG) Cyber Subgroup 
• Security and Hazardous Materials Safety (ASH)

FAA Pete Quesada Auditorium (FOB 10A, 3^rd Floor) and Virtual Event Platform

FAA Executives Welcome & Opening Remarks:

• David Wil Riggins, Acting Vice President (VP), Technical Operations (AJW), FAA
• Natesh Manikoth, Chief Data Officer (CDO), Office of Information and Technology (AIT), FAA
• Gina Fisk, Chief Information Security Officer (CISO), Director, Office of Information Security & Privacy (AIS), FAA
• Russell Crouthamel, Acting National Airspace System (NAS) Security and Enterprise Operations (NASEO) Director, Technical Operations (AJW-B), FAA
• Hector Morales, Acting Air Traffic Organization (ATO) Cybersecurity Group (ACG) Group Manager, Technical Operations (AJW-B4), FAA

Keynote Speaker

Deneen DeFiore McGarvey, who is Vice President (VP) and Chief Information Security Officer (CISO) at United Airlines.  Ms. DeFiore will provide her perspectives and insight from the industry viewpoint on cybersecurity and aviation.

Note: Each presentation will last approximately 25 minutes allowing guests to attend two of the three track sessions.

Track 1: Operational Technology

FAA Pete Quesada Auditorium (FOB 10A, 3^rd Floor) and Virtual Event Platform

Title: The Game of IT/OT Security: Unveiling New Critical Developments in Our Critical Infrastructure Threat Landscape

Session Overview: In this presentation we will share new highlights from research data collected from ten thousand organizations in fifty countries. The data has illuminated some interesting findings that will be shared about ICS network intrusions, and how zero trust architecture can be an effective tool to stop many of these threats.

Speaker: Adam Robbie, GICSP, GRID - Head of OT Threat Security Research, Palo Alto Networks 

Track 2: Cybersecurity Impact to Mission Resiliency

FOB 10A, 5^th Floor, 5AB and Virtual Event Platform

Title: Thoughts on OT from a weapons pentester: culture and candy shells

Session Overview:  Having spent decades as both an operator and tester of operational technology (OT) systems, the speaker offers his unique perspective on IT vs OT, historical trends, and common themes found through pentesting weapon systems. Through the use of examples the speaker hopes to draw attention to the need for OT to refocus on design, requirements, and attack surface minimization before deployment to realize a greater ROI regarding Cyber investment across the acquisition lifecycle.

Speaker: Jon “McFly” McEllroy, CDR USN (Retired), MTSI

Track 3: Supply Chain Risk Management

FOB 10A, 7^th Floor, 7B and Virtual Event Platform

Title: Supply Chain Security is Foundational for Critical Infrastructure Suppliers

Session Overview: Thousands of vulnerabilities are announced every month. A product’s open source or third-party commercial libraries have vulnerabilities, but is that the only concern? What should a vendor be doing to secure their supply chain? This session describes how a very large OEM has structured more than 13 supply chain security initiatives including R&D security, secure development, SBOMs, vulnerability management, and 3rd party risk management.

Speaker: Cassie Crossley, VP, Supply Chain Security, Schneider Electric

The Bessie Coleman Center remains open. Meet in person with experts on the following cybersecurity topics, as well as the ATO Cybersecurity Group (ACG) Leadership Team:

• Cyber Tools (ACG)
• Pen Test (ACG)
• Exercises (ACG)
• FAA’s Zero Trust Implementation for the Aviation Ecosystem
• NAS Cybersecurity Enterprise Engineering Facility (NCEF)
• Aviation Cyber Initiative (ACI)
• Cybersecurity Threat Model (CTM)
• NAS Cyber Operations (NCO)

Virtual Event Platform (via FAA Zoom session) remains open.  Meet virtually with experts on the following cybersecurity topics:

• Cyber Tools (ACG)
• Pen Test (ACG)
• Exercises (ACG)
• FAA’s Zero Trust Implementation for the Aviation Ecosystem
• NAS Cybersecurity Enterprise Engineering Facility (NCEF)
• Office of Information Security and Privacy (AIS)
• Inter-Agency Working Group (IAWG) Cyber Subgroup 
• Security and Hazardous Materials Safety (ASH)

Note: Each presentation will last approximately 25 minutes allowing guests to attend two of the three track sessions.

Track 1: Operational Technology

FAA Pete Quesada Auditorium (FOB 10A, 3^rd Floor) and Virtual Event Platform

Title: Unifying drone airspace with commercial airspace to achieve safer skies for everyone.

Session Overview: This presentation includes a discussion on how the demands of network speed and security ultimately dictate the implementation of Unmanned Aircraft System Traffic Management (UTM).  The inherent gaps in the current FAA network with respect to the incorporation of edge devices (drones) will be highlighted.  The presentation will summarize with strategies based on historical success with large network implementation and data integrity within edge device reporting and monitoring.

Speaker: Sergio Mazul, Solutions Architect, Red Hat

Track 2: Cybersecurity Impact to Mission Resiliency

FOB 10A, 5^th Floor, 5AB and Virtual Event Platform

Title: How Cybersecurity Techniques from Weapon Systems and Other Industries Can Help Protect the Aviation Industry

Session Overview: The ability to have worked in the IT sector, weapon systems cybersecurity, and studying cyber physical systems in other industries has led to the awareness of a needed collaborative effort in understanding the limitations, commonalities, and differences in cybersecurity techniques among multiple industries. The information on cybersecurity techniques from one industry’s cyber physical systems (OT) can cross-pollinate to be implemented across industries, including the aviation industry.

Speaker: Brian “SchleiF” Schleifer, MBA PM, CISM, Sec+, Net +, Southeast Regional System Security Engineer and Cyber Lead, Modern Technology Solutions Inc., (MTSI)

Track 3: Supply Chain Risk Management

FOB 10A, 7^th Floor, 7B and Virtual Event Platform

Title:  Securing the Software Supply Chain

Session Overview:  Executive Order 14028 states “security of software used by the Federal Government is vital to the Federal Government’s ability to perform its critical functions.”  Presentation will discuss the requirements, recommended approaches for successful implementation, challenges and lessons learned.

Speaker: Kanitra D. Tyler, Enterprise ICT/C-SCRM Service Element Lead

FAA Pete Quesada Auditorium (FOB 10A, 3^rd Floor)

Join our Air Traffic Organization’s Cybersecurity Steering Board (ATO-CSB) for an invigorating panel discussion on how this executive board facilitates the theme of “The Intersection of Aviation and Cybersecurity” and their understanding of cybersecurity implications to operations, programmatic milestones and funding ensures that cybersecurity is appropriately addressed throughout the lifecycle.

Please Note: The Bessie Coleman Center and Virtual Booth spaces will remain open until 3:00 pm ET.