Abstract
The integration of Information and Communication Technology (ICT) tools into mechanical devices in routine use within the aviation industry has heightened cyber-security concerns. The extent of the inherent vulnerabilities in the software tools that drive these systems escalates as the level of integration increases. Moreover, these concerns are becoming even more acute as the migration within the industry in the deployment of electronic-enabled aircraft and smart airports gathers pace. A review of cyber-security attacks and attack surfaces within the aviation sector over the last 20 years provides a mapping of the trends and insights that are of value in informing on future frameworks to protect the evolution of a key industry. The goal is to identify common threat actors, their motivations, attacks types and map the vulnerabilities within aviation infrastructures most commonly subject to persistent attack campaigns. The analyses will enable an improved understanding of both the current and potential future cyber-security protection provisions for the sector. Evidence is provided that the main threats to the industry arise from Advance Persistent Threat (APT) groups that operate, in collaboration with a particular state actor, to steal intellectual property and intelligence in order to advance their domestic aerospace capabilities as well as monitor, infiltrate and subvert other sovereign nations’ capabilities. A segment of the aviation industry commonly attacked is the Information Technology (IT) infrastructure, the most prominent type of attack being malicious hacking with intent to gain unauthorised access. The analysis of the range of attack surfaces and the existing threat dynamics has been used as a foundation to predict future cyber-attack trends. The insights arising from the review will support the future definition and implementation of proactive measures that protect critical infrastructures against cyber-incidents that damage the confidence of customers in a key service-oriented industry.
Highlights
Introduction distributed under the terms andThe ongoing trend in increasing the levels of the integration of Information and Communication Technology (ICT) tools into mechanical devices in routine use within the aviation industry has surfaced concerns regarding the resilience of current cyber-security protection frameworks
The review presented a mapping of the cyber-attack incidents within the civil aviation industry over the last 20 years, through a search of the published literature and documented cyber-attacks, as well as capturing the motives of the threat actors
Results show that the main cyber-threat to the industry stem from Advance Persistent Threat (APT) groups, in collaboration with state actors, the goal being to acquire intellectual property and intelligence in order to advance domestic aerospace capabilities as well as monitor, infiltrate and subvert other nations’ capabilities
Summary
The ongoing trend in increasing the levels of the integration of Information and Communication Technology (ICT) tools into mechanical devices in routine use within the aviation industry has surfaced concerns regarding the resilience of current cyber-security protection frameworks. Security compliance is featuring as another challenge in the evolution of the aviation industry through the adoption of smart airports and e-enabled aircraft infrastructures [1]. Bellekens et al [3] propose a deception solution for the early detection of breaches in critical infrastructures as current techniques are ineffective, with threats to the civil aviation industry continuing to proliferate with a focus on stealing information for both political and financial gains, with some malicious acts resulting in long-term business disruptions [4].
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
