The aviation sector is one of the fast growing sectors in the world due to the fast growth of air traffic density. Therefore, the management of air traffic receives significant important. Such a significant demand in air traffic density requires improvement in the capabilities of critical infrastructure in communication, navigation aids, aeronautical surveillance, and System-Wide Information Management (SWIM). Legacy communication, navigation, and surveillance systems cannot achieve the expected air traffic growth without updating those systems to use new technologies that can achieve increased capacity, accuracy, and reliability.
To do so, CNS systems have been moved from ground-based analog systems to space-based digital systems. On one hand, for air-ground communication between the pilot and ATC, analog very-high frequency (VHF) voice communication shifts to data link communication such as controller-pilot data link communication (CPDLC) and satellite communications (SATCOM).
On the other hand, for navigation, the radio-navigation aids shifts from ground-based navigation aids, such as ILS and VOR, to Global Navigation Satellite System (GNSS). Furthermore, instead of using the traditional primary and secondary surveillance radars, automatic dependent surveillance-broadcast (ADS-B) can be used, thereby incurring smaller expenses, and achieving improved accuracy.
Finally, the air traffic management (ATM) information architecture framework shifts from point-to-point data exchanges to global system-wide interoperability via system-wide information management (SWIM).
Unfortunately, communication, navigation, and surveillance facilities that use space-based signals, are prone to cyber-attacks, such as eavesdropping, jamming, and spoofing. The probability of such cyber-attacks increased due to the accessibility of software-defined radios (SDRs) used to send wireless signals, the open design of most air navigation systems, and the lack of security algorithms in such systems.
Potential cyber-attacks targeting SWIM, include unauthorized access, denial of service (DOS) attacks, man-in-the middle attacks, and IP-network attacks.
Owing to the importance of cybersecurity and the negative impact of cyber-attacks on the political and economic reputations of states and organizations, the International Civil Aviation Organization (ICAO) considered cybersecurity and cyber resilience as emerging and urgent issues in the civil aviation sector.
To help implement their vision for cybersecurity, ICAO adopted the aviation cybersecurity strategy in October 2019. One of the main components of ICAO strategy is to recognize a suitable methodology for cybersecurity risk assessment, such that identify the potential threats in civil aviation systems, assess the likelihood of these threats and their impacts on aviation safety and ecosystems, and also assess the risk levels.
By having aviation cybersecurity risk assessment, it can be used to assess risk levels in a qualitative and quantitative manners, and therefore reduce them to acceptable levels through proposition of appropriate mitigation and control measures.
The following Figure shows the threat of highest risk level for various CNS systems in a five-point scale. As shown in this figure, the communication system with the threat of highest risk level is determined to be VHF voice communication, while that with the lowest risk level is CPDLC. In the navigation domain, the radio navigation aid with the threat of highest risk level is satellite-based navigation, while that with the lowest are the traditional ground-based navigation aids. For the surveillance, the surveillance system with the threat of highest risk level is ADS-B, while that with the lowest is SSR.
To have detailed information, read my full text article titled “Studying Cybersecurity in Civil Aviation, Including Developing and Applying Aviation Cybersecurity Risk Assessment”, published in the IEEE ACCESS journal, October 2021.
The article covers:
Get the full article: