Potential Aviation Cybersecurity Threats Research (Essay Sample)
discuss the potential aviation cybersecurity threats that experts in the industry have identified. Discuss the activities that Original Equipment Manufacturers, Air Traffic Control and airlines are engaging in to help develop policies that would try to catch up with advancing technologies. Discuss what regulatory and other agencies are doing to mitigate the risk linked to GPS and satellite-based navigation systems.
THE SAMPLE PAPER DISCUSSES ALL THESE
Cyber-security has become a major risk and is in fact one of the most pressing issues that affect business organizations today. Cyber-attackers today are more technologically-savvy, skilled and persistent than just a few years ago. Commercial aviation, like many other global business sectors, is very much aware that it has cyber-security challenge (Iasiello 23). This paper exhaustively discuses the potential aviation cybersecurity threats that experts in the industry have identified. The paper also discusses the activities that Original Equipment Manufacturers, Air Traffic Control and airlines are engaging in to help develop policies that would try to catch up with advancing technologies. Lastly, what regulatory and other agencies are doing to mitigate the risk linked to GPS and satellite-based navigation systems is discussed.
Potential aviation cybersecurity threats
There are a number of potential aviation cybersecurity threats that have been identified by experts. Modern airplanes are becoming more and more connected to the internet. This interconnectedness has the potential of providing illegal, unofficial remote access to airplane avionics systems (Croft 3). Cyber elements which are possibly susceptible to cyber-attacks are as follows: onboard computer and navigation systems; cargo handling and shipping; reservation systems; hazardous materials transportation; flight traffic management; access, passport, and departure control systems; and flight traffic management (Jaeger 47). It is worth mentioning that cyber-attackers are increasingly making use of cyber-attacks as their weapon of choice targeted towards the aviation sector.
There are quite a few types of cyber-security threats in the aviation sector ranging from malicious attacks that are intended to cause damage to aviation operations and threaten aviation safety, to errors that Information Technology personnel make leaving systems susceptible to exploitation. In 2005 for instance, a Polish airplane carrying over 200 travelers was grounded by a Distributed Denial of Service (DDoS) attack (Haass, Sampigethaya and Capezzuto 41). In DDoS attacks, the aim of cyber-attackers is to deluge critical computer systems with traffic that cause the server to overload and stop working. In addition, hackers can infiltrate an aircraft’s security software. Cyber-attackers can target satellite communications equipment on aircraft through in-flight entertainment systems and WiFi. Hackers could hack into a passenger aircraft and gain total control of the airplane’s on-board systems, with the exception of the airplane’s pilots. Furthermore, it is possible to use an Android Smartphone to hack a passenger airplane’s navigation system (Croft 2). This is very disturbing considering that by simply making use of a limited resource, hackers can take control of the whole control system within an aircraft, including cockpit systems and airplane navigation systems. These concerns are valid since the aviation sector is of great importance to the world’s economy and disruptions to this global transportation network could in fact cause ripples of social and economic turmoil worldwide (Haass, Sampigethaya and Capezzuto 43). For this reason, the critical infrastructure of the aviation industry has to be protected.
Activities to develop policies/procedures/regulation
The aforementioned potential cyber-security threats in the aviation industry has served to increase pressure on aviation managers, airports, airlines, air-traffic control (ATC), Original Equipment Manufacturers (OEM) and other stakeholders to bolster their cyber defenses. OEM, ATC and airlines are engaging in various activities to help develop regulations/procedures/policies that would attempt to catch up with the advancing technologies. For instance, the International Air Transport Association (IATA), which is an association representing over 140 airlines globally, is helping airlines to develop a robust cyber security strategy and is driving coordination of international efforts to tackle cyber threats to the aviation sector (Abeyratne 26). It has created an aviation cybersecurity toolkit for helping aviation organizations including airlines to manage risks with the use of a common set of tools. Similarly, the American Institute of Astronautics and Aeronautics (AIAA) has developed a framework for aviation cybersecurity (Abeyratne 26).
Moreover, an information system (IS) framework is being developed that is aimed at protecting airplane and ATC systems. Developing this IS policy framework includes the following steps: evaluating and understanding urgent risks and possible threats; carrying out research and development (R&D); offering incident response; outlining the design and operational principles; as well as determining common cyber standards for aviation systems (Jaeger 49). It is notable that an effective information systems policy framework helps to continually prevent, detect, and respond to cyber-security threats. Furthermore, a notable strategy to help protect aviation industry from cyber-attacks has been the development and utilization of software assurance techniques, which are methods for minimizing the possibility and impact of coding omissions and errors that might expose systems to hackers or bring about unintended faults. Original equipment manufacturers, aviation system manufacturers and large commercial airplane manufacturers often work together with software security firms to achieve high assurance levels for software embedded in avionics equipment (Iasiello 23). The other activity to develop procedures that would catch up with the advancing technologies entails hiring qualified and trained cyber-security personnel.
Mitigating risks associated with the new technologies
There are risks linked to Global Positioning System (GPS) and such satellite-based navigation systems, for instance GPS interference, GPS jamming and GPS spoofing. In GPS spoofing, a GPS signal that is sent to an aircraft is spoofed; that is, a false GPS signal is broadcasted to the plane (Haass, Sampigethaya and Capezzuto 42). To mitigate the risks that are associated with GPS and similar satellite-based navigation systems, regulatory and other agencies are taking measures to protect GPS and similar satellite-based navigation systems from GPS spoofing and GPS interference and jamming. These steps ensure that airlines, ATCs, and airports do the following: signal-distortion detection, cryptography, and direction-of-arrival sensing. Signal-distortion detection alerts users to any suspicious activities basing upon a short but visible blip that occurs whenever a GPS signal gets spoofed.
Cryptographic techniques, as Croft (4) stated allow users to authenticate signals on the fly. Civilian receivers, for instance, would utilize PRN codes which are partly or completely unpredictable, like the ones the United States military uses, so that spoofers cannot synthesize the PRN codes beforehand. However, to confirm every new signal, the civilian receivers would need to carry an encryption key like those that military receivers hold, and cyber-attackers would not be able to obtain such widely distributed keys (Iasiello 25). Lastly, direction-of-arrival sensing basically takes advantage of the fact that a GPS spoofer could only be in a single position at any particular time. It is notable that spoofers transmit a bogus GPS signal for every GPS satellite that the operator wants to imitate. The spoofers do this by producing the PRN codes for each satellite ...
- Compare And Contrast: If Else And Select Case In Visual BasicDescription: In visual basic the constructs, If Else statements and the Select Case statements are at the programmers disposal in helping to make a decision....2 pages/≈550 words| 5 Sources | MLA | IT & Computer Science | Essay |
- Explaining Or Describing Paper: Can Computers Think?Description: The ability to provide one's mind in explaining or describing something or someone, then it is reasonable to imagine that computers can think. ...1 page/≈275 words| 1 Source | MLA | IT & Computer Science | Essay |
- Two Scenarios Of False Information And Destroying Computer EvidencesDescription: The worst thing is that the SEC is claiming that the company did the backdating of the documents deliberately. Therefore, this is a serious offense....2 pages/≈550 words| 1 Source | MLA | IT & Computer Science | Essay |