Cyber Security in Aviation, Maritime and Automotive

Abstract

Critical information infrastructures support vital services such as energy, transport, telecommunications, financial services, etc., that are so essential that their unavailability may adversely affect the well-being of a nation. Transport is a critical national infrastructure. Disruption to the transport network has significant impacts on everyday life of citizens, national defence, security, and the vital functions of the state. This critical infrastructure is managed and maintained by a complex set of actors, each of whom tackle cyber security differently. The cyber security risk landscape in transport is currently evolving towards the point that risks that were once considered unlikely began occurring with regularity. This ongoing trend can be attributed to higher maturity of attack tools and methods, increased exposure, and increased motivation of attackers. In the past, most of the attacks were conventional and the attackers individuals or small groups of hackers. Now these very-high-impact risks will also force us to become better at protecting our assets and devising creative solutions to mitigate risks. Safety and security are two sides of the same coin. The cyber security threat is increasingly becoming cyber-physical, as vehicles, aircrafts, vessels, infrastructure, and control systems become increasingly connected. Accordingly, physical safety—an established practice across transport sectors—and cyber security will become one and the same. This necessitates a significant shift in the manufacturing and operation culture of the transport. This article introduces cyber security threat and risk environment in aviation, maritime and automotive. In addition, the article presents examples cyber-attacks against those systems. The article also discusses the principles that should be implemented in cyber security in transport.