This cybersecurity training focuses on educating aircraft maintenance personnel on best practices for protecting systems from malware and unauthorized access.
| Question | Answer |
|---|---|
| True or False: An “attack surface” consists of specific access points where malware can be introduced or an adversary can gain access. | True |
| A separation between the maintenance computer, weapon system, and outside world is know as a/an _______________. | Air Gap |
| A portable maintenance aid (PMA) is an example of a/an ____ computer. | B. Direct-attached |
| Match the following media/equipment to the correct procedure to which it applies: cellphone/mp3 player notification of virus disc from manufacture | cellphone/mp3 player = B. refrain from connecting to a PMA notification of virus = C. report incident immediately disc from manufacture = A. scan before use |
| True or False: Nuisance malware is intentional and targeted specifically towards an Air Force system by an adversary. | False |
| Identify an example of an attack surface on a computer: | D. All the Above |
| True or False: Defense in Depth refers to the practice of using several defensive layers of protective measures to safeguard our weapon systems. | True |
| Equipment risks include: | E. All the Above |
| True or False: An adversary intentionally targets Nuisance malware specifically towards an Air Force system. | True or False: Read-only is the safest media to control data transfer risk? |
| True or False: It is ok to assume that external systems are clean because someone else should have already ran the scan? | False |
As maintenance of aircraft involves connectivity and data transfer between various computing systems, attack surfaces are created where adversaries could potentially introduce threats. The goals of this training are to:
- Increase awareness of cyber risks associated with maintenance aids and procedures
- Understand key concepts like air gaps, defense in depth, and attack surfaces
- Learn to identify points of weakness and vulnerability in maintenance systems
- Adopt practices to minimize risks, detect threats early, and respond appropriately
- Appreciate the crucial role personnel play in cybersecurity when maintaining aircraft
By educating all personnel on cyber risks and defense, we can greatly improve the cyber resiliency of our aircraft maintenance operations.
Glossary
Attack Surface – All the different points where an adversary can enter data or insert malicious code into a system. This includes physical ports, media connections, user input areas, etc.
Air Gap – An isolation technique that ensures a secure computer is not connected directly to any other networks or systems. This prevents unauthorized data transfer.
Portable Maintenance Aid (PMA) – A computing device that connects periodically to aircraft systems or other maintenance systems to diagnose issues, download data, assist troubleshooting, etc.
Defense in Depth – A cybersecurity strategy with multiple layers of defensive measures and protections to provide overall strength and redundancy against threats.
Malware – Short for “malicious software.” This includes viruses, worms, spyware and other unwanted programs designed to infiltrate computer systems and networks and cause damage.
Nuisance Malware – Malware designed not specifically to cause harm but to inconvenience users, interrupt computing, or ads unwanted pop-ups.
Media – Storage devices like discs, USB drives, memory cards etc. used to transfer data between computing systems. Care must be taken so they are not infected.
