International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

International cyber security strategy as a tool for comprehensive security assurance of civil aviation security: methodological considerations

  • Received : 2021.09.05
  • Published : 2021.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Civil aviation cybersecurity challenges are global in nature and must be addressed using global best practices and the combined efforts of all stakeholders. This requires the development of comprehensive international strategies and detailed plans for their implementation, with appropriate resources. It is important to build such strategies on a common methodology that can be applied to civil aviation and other interrelated critical infrastructure sectors. The goal of the study was to determine the methodological basis for developing an international civil aviation cybersecurity strategy, taking into account existing experience in strategic planning at the level of international specialized organizations. The research was conducted using general scientific and theoretical research methods: observation, description, formalization, analysis, synthesis, generalization, explanation As a result of the study, it was established the specifics of the approach to formulating strategic goals in civil aviation cybersecurity programs in the documents of intergovernmental and international non-governmental organizations in the aviation sphere, generally based on a comprehensive vision of cybersecurity management. A comparative analysis of strategic priorities, objectives, and planned activities for their implementation revealed common characteristics based on a single methodological sense of cybersecurity as a symbiosis of five components: human capacity, processes, technologies, communications, and its regulatory support. It was found that additional branching and detailing of priority areas in the strategic documents of international civil aviation organizations (by the example of Cybersecurity Strategy and Cybersecurity Action Plan) does not always contribute to compliance with a unified methodological framework. It is argued that to develop an international civil aviation cybersecurity strategy, it is advisable to use the methodological basis of the Cyber Security Index.

Keywords

References

  1. A/RES/54/49. UNGA Resolution Developments in the field of information and telecommunications in the context of international security (1999). Available at: https://undocs.org/A/RES/54/49.
  2. Nashynets-Naumova, A. (2013). Pravovoye regulirovaniye informatsiynoi bezpeki v tsivil'niy aviatsii: mezhdunarodno-pravoviy aspekt. Visnik NTTU KPI. Politologiya. Sotsiologiya. Pravo. Reviews, 3 (19), 155-160. Available at: http://nbuv.gov.ua/UJRN/VKPI_soc_2013_3_28.
  3. Goncharova, N.A. (2018). Regulirovaniye kiberbezopasnosti grazhdanskoy aviatsii: vnedreniye modernizatsii NEXTGEN v Rossii i USA. Zhurnal ≪Biznes. Obshchestvo. Vlast'≫. July 2018. No 2 (28). P. 175-205. Available at: https://www.hse.ru/data/2018/08/18//.pdf
  4. Klenka, M. (2021) Aviation cyber security: legal aspects of cyber threats. J Transp Secur. https://doi.org/10.1007/s12198-021-00232-8
  5. Abeyratne, R. (2011) Cyber terrorism and aviation-national and international responses. J Transp Secur 4, 337-349. https://doi.org/10.1007/s12198-011-0074-3
  6. S. J. da Silva and J. M. R. Silva. (2021). Cyber Risks In The Aviation Ecosystem: An Approach Through A Trust Framework. Integrated Communications Navigation and Surveillance Conference (ICNS), 2021, pp. 1-12, doi: 10.1109/ICNS52807.2021.9441596.
  7. EUROCONTROL (2019). Aviation Intelligence Unit. Think Paper #3-August 2019. Cyber Security in aviation. Available at: https://www.eurocontrol.int/sites/default/files/2020-01/eurocontrol-think-paper-3-cybersecurity-aviation.pdf.
  8. Abeyratne, R. (2011) Cyber terrorism and aviation-national and international responses. J Transp Secur 4, 337-349. https://doi.org/10.1007/s12198-011-0074-3
  9. F. Alrefaei, A. Alzahrani, H. Song, M. Zohdy and S. Alrefaei (2021). Cyber Physical Systems, a New Challenge and Security Issue for the Aviation. 2021 IEEE International IOT, Electronics and Mechatronics Conference (IEMTRONICS). pp. 1-5, doi: 10.1109/IEMTRONICS52119.2021.9422483.
  10. Nickolaos Koroniotis, Nour Moustafa, Francesco Schiliro, Praveen Gauravaram, Helge Janicke (2020). A Holistic Review of Cybersecurity and Reliability Perspectives in Smart Airports. Access IEEE. vol. 8. pp. 209802-209834. doi: 10.1109/ACCESS.2020.3036728.
  11. J. Pollack and P. Ranganathan (2018). Aviation Navigation Systems Security: ADS-B GPS IFF. Proceedings of the International Conference on Security and Management (SAM). pp. 129-135.
  12. Lykou G., Iakovakis G., Gritzalis D. (2019) Aviation Cybersecurity and Cyber-Resilience: Assessing Risk in Air Traffic Management. In: Gritzalis D., Theocharidou M., Stergiopoulos G. (eds) Critical Infrastructure Security and Resilience. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-00024-0_13
  13. Goncharova, N.A. (2018). Regulirovaniye kiberbezopasnosti grazhdanskoy aviatsii: vnedreniye modernizatsii NEXTGEN v Rossii i USA. Zhurnal ≪Biznes. Obshchestvo. Vlast'≫. July 2018. No2 (28). P. 175-205. Available at: https://www.hse.ru/data/2018/08/18//.pdf
  14. R. Abeyratne (2016). Aviation Cyber Security: A Constructive Look at the Work of ICAO. 41 Air & Space Law 25, 26-29. Available at: https://www.kluwerlawonline.com/abstract.php?area=Journals&id=AILA2016003
  15. D. Jeyakodi (2015), Cyber Security in Civil Aviation, Aviation & Space J., no. 4, Oct.-Dec. Jeyakodi 2015, 11 - 17.
  16. B. Lim (2014), Aviation Security: Emerging Threats from Cyber Security in Aviation - Challenges and Mitigations, J. Aviation MGMT. 83. Available at: http://www.saa.com.sg/saaWeb2011/export/sites/saa/en/Publication/downloads/EmergingThreats_CyberSecurityinAviation_ChallengesandMitigations.pdf
  17. M. Pierides, et al. (2015), Cybersecurity and the Aviation Sector: Recent Incidents Highlight Unique Risks, Pillsbury Law, Available at: https://www.pillsburylaw.com/images/content/1/1/v2/1196/AlertAug2015GlobalSourcingCybersecurityandTheAviationSector.pdf.
  18. Lekota, Faith; Coetzee, Marijke. (2021). Aviation Sector Computer Security Incident Response Teams: Guidelines and Best Practice. European Conference on Cyber Warfare and Security. Reading, (Jun 2021). DOI:10.34190/EWS.21.028
  19. Petrova, R.Ye. (2020) Pravovyye aspekty bezopasnosti poletov v usloviyakh kiberugroz: na primere grazhdanskoy aviatsii. Monitoring pravoprimeneniya. No 1 (34). p. 56 - 60. DOI: 10.21681/2226-0692-2020-1-56-60
  20. ICAO (2019). Aviation Cybersecurity Strategy. Available at: https://www.icao.int/cybersecurity/Documents/AVIATION%20CYBERSECURITY%20STRATEGY.EN.pdf.
  21. ICAO (2020). Cybersecurity Action Plan (CyAP). Available at https://www.icao.int/cybersecurity/Pages/Cybersecurity-Action-Plan.aspx.
  22. ITU. Global Cybersecurity Index. Available at: https://www.itu.int/en/ITU-D/Cybersecurity/Pages/globalcybersecurity-index.aspx
  23. Resolution 2309 (2016). Adopted by the UN Security Council at its 7775th meeting, on 22 September 2016. Available at: https://undocs.org/en/S/RES/2309(2016)
  24. S/PV.8057 (2017). Threats to international peace and security caused by terrorist acts, Aviation security. UN Security Council, 8057th meeting 27 September 2017, New York. Available at: https://undocs.org/en/S/PV.8057
  25. Bernard Lim (2016). Civil Aviation Cybersecurity: Possible Actions by Regulators and Stakeholders. Available at: https://www.ecac-ceac.org/images/news/ecac-news/ECAC-News_56_Aviation_in_Asia-Pacific.pdf
  26. ICAO (2016). A39-WP/236. Coordinating Cybersecurity Work. Available at: https://www.icao.int/Meetings/a39/Documents/WP/wp_236_rev1_en.pdf
  27. ICAO (2016). A39-WP/99. Cyber Resilience in Civil Aviation. Available at: https://www.icao.int/Meetings/a39/Documents/WP/wp_099_en.pdf
  28. ICAO (2016). A 39/19. Addressing Cybersecurity in Civil Aviation. Assembly - 39th session. Montreal, 27September-6 October 2016. p. 99-101. Available at: https://www.icao.int/Meetings/a39/Documents/Resolutions/a39_res_prov_en.pdf
  29. ICAO (2016). A39-WP/175. Civil Aviation Cybersecurity: Possible Actions by Regulators and Stakeholders. Assembly - 39th session. Montreal, 27 September-6 October 2016. Available at: https://www.icao.int/Meetings/a39/Documents/WP/wp_175_en.pdf
  30. ICAO (2018). AN-Conf/13-WP/270. System-of-Systems Notion of Cybersecurity in Aviation. Montreal, 9-19 October 2018. Available at: https://www.icao.int/Meetings/anconf13/Documents/WP/wp_270_en.pdf
  31. ICAO (2019) A-40-WP/427 Proposal for ICAO Governance of Cybersecurity and Resilience. Assembly - 40th Session. Available at: https://www.icao.int/Meetings/a40/Documents/WP/wp_427_en.pdf
  32. ICAO (2019). A40-10. Addressing Cybersecurity in Civil Aviation. Assembly - 40th session. Available at: https://www.icao.int/Meetings/a40/Documents/Resolutions/a40_res_prov_en.pdf
  33. ICAO (2019). A40-11. Consolidated statement on continuing ICAO policies related to aviation security. Assembly - 40th session. Available at:https://www.icao.int/Meetings/a40/Documents/Resolutions/a40_res_prov_en.pdf