Studying Cybersecurity in Civil Aviation, Including Developing and Applying Aviation Cybersecurity Risk Assessment

In addition to the importance of safety in civil aviation, the significance of cybersecurity in the aviation sector cannot be ignored, and this fact has often been highlighted owing to frequent cyber-attacks that denigrate victim(s) and also lead to political and economic controversies. Cybersecurity has recently received a major boost, with the shift of air navigation facilities from analog ground-based systems to digital space-based systems to accommodate the tremendous growth in air traffic density. Furthermore, most air navigation facilities have open designs that tend to overlook security concerns. In this regard, identifying a systematic methodology for aviation cybersecurity risk assessment is a key element in the identification of potential threats, and assessment of their likelihood and risk levels, whereby risks can be reduced to tolerable levels through appropriate mitigation measures. Existing review articles have not addressed cybersecurity in all the various aviation systems, and have not considered a systematic methodology for aviation cybersecurity risk assessment. This paper therefore presents a systematic qualitative and quantitative cybersecurity risk assessment methodology for legacy and next-generation critical infrastructure in aviation systems, such as air-ground communication, radio navigation aids, aeronautical surveillance, and system-wide information management (SWIM). Our analysis shows that the communication, navigation, and surveillance systems with the highest risk levels are very-high frequency voice communication, satellite-based navigation, and automatic dependent surveillance-broadcast, respectively, while those with the lowest risk levels are controller-pilot data link communication, ground-based radio navigation aids, and secondary surveillance radar, respectively. Furthermore, the risk level of potential cyber-attacks in SWIM is medium.