Abstract
In conditions of strengthening the informational component of aviation activity, the task of ensuring aviation cybersecurity becomes extremely urgent. Currently, a regulatory framework is being developed that regulates activities in this area, both on the part of the International Civil Aviation Organization and at the Russian Federation level. In the complex of aviation cybersecurity threats, which include deliberate attacks, errors of third-party companies, system errors, natural phenomena, the human factor occupies an important place. In this work, this negative phenomenon is considered from the point of view of the aviation personnel vulnerability to social engineering attacks. Such type of attack by an attacker involves a set of applied psychological and analytical techniques that facilitate the receipt of confidential information or the violation of information security rules by legitimate company employees. The existing approach to building a profile of user vulnerabilities to social engineering attacks involves a series of psychological tests, the results of which are used to predict the user vulnerability through its psychological characteristics. In this work a slightly different task is posed, the main idea is to restore the vulnerability profile of aviation personnel from activity data in a social network. This is due to the fact that studying the user profile of a social network will more quickly solve the problem of choosing the most vulnerable employee for a particular type of social engineering attack and introduce preventive measures. The research was conducted on the basis of JSC «Surgut International Airport». 36 aviation security inspectors were selected as the respondents. Empirical data have been obtained including profiles of social network user profiles and a number of psychological tests. Using factor analysis the problem of reducing dimensionality and choosing the most informative indicators characterizing the activity of a social network user has been solved. A discriminant model that allows predicting the vulnerability profile of personnel according to the social network has been developed. Possible types of social engineering attacks on aviation personnel are presented.
Highlights
Впоследствии дополнительно была проведена группа психологических исследований, включая такие тесты, как многофакторный личностный опросник
In the complex of aviation cybersecurity threats, which include deliberate attacks, errors of third-party companies, system errors, natural phenomena, the human factor occupies an important place. This negative phenomenon is considered from the point of view of the aviation personnel vulnerability to social engineering attacks
Such type of attack by an attacker involves a set of applied psychological and analytical techniques that facilitate the receipt of confidential information or the violation of information security rules by legitimate company employees
Summary
В данной работе ставится несколько иная задача – восстановить профиль уязвимостей авиационного персонала по данным активности в социальной сети. Что изучение профиля пользователя социальной сети позволит более оперативно решить задачу выбора наиболее уязвимого сотрудника к конкретному типу социоинженерной атаки и внедрять профилактические мероприятия. В 2013 году исследователь безопасности Хьюго Тесо (Hugo Teso) на конференции по кибербезопасности продемонстрировал, что он может манипулировать ACARS, используя свой смартфон на платформе Android [3], тем самым подтверждая уязвимость бортовых сетей передачи данных в комплексе бортового оборудования. Изучение профиля пользователя социальной сети позволит злоумышленникам выбрать наиболее уязвимого сотрудника к конкретному типу социоинженерной атаки. Уязвимость авиационного персонала к социоинженерным атакам является важной составляющей человеческого фактора в области авиационной кибербезопасности и требует своего научного изучения
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
