Olivia Stella is a senior aviation cybersecurity analyst for American Airlines. In her current role, she focuses on aviation security and vulnerability management including pen testing and coordinated disclosure. She has over ten years of experience in software development and information security. Previously, she worked at an in-flight entertainment company in product security supporting incident response, risk & compliance, and as the bug bounty lead. She holds a bachelor’s degree in computer science, masters in software engineering, CISSP & CISM. When she’s not wearing her security hat, she loves to curl and is an avid toastmaster. (That’s right, ice curling.)
The aviation industry is synonymous with government regulation, but what does that mean in regards to cybersecurity? The industry is historically reluctant to provide information, leading to an assumption by those on the outside that security by obscurity is the standard. However there are several statutes in place if you know where to look. This presentation aims to decipher current aviation cybersecurity regulation by focusing on what would directly impact security researchers and how to better educate oneself on current & future regulation.