The aviation sector is one of the fast growing sectors in the world due to the fast growth of air traffic density. Therefore, the management of air traffic receives significant important. Such a significant demand in air traffic density requires improvement in the capabilities of critical infrastructure in communication, navigation aids, aeronautical surveillance, and System-Wide Information Management (SWIM). Legacy communication, navigation, and surveillance systems cannot achieve the expected air traffic growth without updating those systems to use new technologies that can achieve increased capacity, accuracy, and reliability.
To do so, CNS systems have been moved from ground-based analog systems to space-based digital systems. On one hand, for air-ground communication between the pilot and ATC, analog very-high frequency (VHF) voice communication shifts to data link communication such as controller-pilot data link communication (CPDLC) and satellite communications (SATCOM).
On the other hand, for navigation, the radio-navigation aids shifts from ground-based navigation aids, such as ILS and VOR, to Global Navigation Satellite System (GNSS). Furthermore, instead of using the traditional primary and secondary surveillance radars, automatic dependent surveillance-broadcast (ADS-B) can be used, thereby incurring smaller expenses, and achieving improved accuracy.
Finally, the air traffic management (ATM) information architecture framework shifts from point-to-point data exchanges to global system-wide interoperability via system-wide information management (SWIM).
Threats by Space-based Attacks
Unfortunately, communication, navigation, and surveillance facilities that use space-based signals, are prone to cyber-attacks, such as eavesdropping, jamming, and spoofing. The probability of such cyber-attacks increased due to the accessibility of software-defined radios (SDRs) used to send wireless signals, the open design of most air navigation systems, and the lack of security algorithms in such systems.
Attacks on the System Wide Information Management (SWIM)
Potential cyber-attacks targeting SWIM, include unauthorized access, denial of service (DOS) attacks, man-in-the middle attacks, and IP-network attacks.
ICAO's Aviation Cybersecurity Strategy and the Emerging Urgency to Act
Owing to the importance of cybersecurity and the negative impact of cyber-attacks on the political and economic reputations of states and organizations, the International Civil Aviation Organization (ICAO) considered cybersecurity and cyber resilience as emerging and urgent issues in the civil aviation sector.
To help implement their vision for cybersecurity, ICAO adopted the aviation cybersecurity strategy in October 2019. One of the main components of ICAO strategy is to recognize a suitable methodology for cybersecurity risk assessment, such that identify the potential threats in civil aviation systems, assess the likelihood of these threats and their impacts on aviation safety and ecosystems, and also assess the risk levels.
Risk Assessment in Aviation
By having aviation cybersecurity risk assessment, it can be used to assess risk levels in a qualitative and quantitative manners, and therefore reduce them to acceptable levels through proposition of appropriate mitigation and control measures.
The following Figure shows the threat of highest risk level for various CNS systems in a five-point scale. As shown in this figure, the communication system with the threat of highest risk level is determined to be VHF voice communication, while that with the lowest risk level is CPDLC. In the navigation domain, the radio navigation aid with the threat of highest risk level is satellite-based navigation, while that with the lowest are the traditional ground-based navigation aids. For the surveillance, the surveillance system with the threat of highest risk level is ADS-B, while that with the lowest is SSR.
Our Research in Cybersecurity in Aviation published in the IEEE ACCESS journal
To have detailed information, read my full text article titled “Studying Cybersecurity in Civil Aviation, Including Developing and Applying Aviation Cybersecurity Risk Assessment”, published in the IEEE ACCESS journal, October 2021.
The article covers:
- Cybersecurity risk assessment methodology to identify the potential threats in civil aviation systems, assess the likelihood of the threats and their impacts, and also assess the risk levels.
- Operational concept and vulnerabilities of communication, navigation, surveillance, and SWIM, and subsequent identification of potential threats on this basis.
- Assessing the likelihood of individual threats and their impacts followed by assessment of the risk levels.
- Providing the general and specific mitigation measures for potential cyber-attacks in communication, navigation, surveillance, and SWIM.
Get the full article:
"Studying Cybersecurity in Civil Aviation, Including Developing and Applying Aviation Cybersecurity Risk Assessment"