Simulation-supported aviation cyber-security risk analysis: a case study

Abstract

Air Traffic Management (ATM) is based on complex processes carried out by several ATM entities, e.g., air traffic control, air traffic flow management and aeronautical information services. The results of these processes rely on the information passed between entities. Respective developments like those outlined in ICAOs Global Air Navigation Plan increase even further the complexity of this federated “system of systems”. Notably the concept of system-wide information management provides efficiency gains for the collaboration of airspace users, airports and air traffic management providers. However, this complexity and dynamic changes provide the ground for “gaps and flanks” between the elements, i.e., in terms of affected individual technical systems and information flows. Recent reports show that such vulnerabilities are explored in aviation similarly to other so called critical infrastructures. And while it is obvious that the failure of ATM elements will impair or even stop air traffic the impact of cyber-attacks on information integrity is less obvious. Thus, a continuous threat and risk analysis is important. This motivated the Air Traffic Resilience (ARIEL) project team to select attacks on the integrity of flight data as a use case for the scenario-oriented and model-based approach for aviation cyber security risk assessment. As part of the overall threat and risk analysis approach of ARIEL, an estimation of the threat potential of a selected attack scenario is made with the aid of an air traffic simulator. Thus, this makes it possible to quantify the threat to the system. The work presented here focuses on the use of simulation methodologies for aviation cyber security risk assessment with different variants of a flight plan data manipulation scenario. How the air traffic simulator TrafficSim could be used to estimate threat potential is presented along a discussion that focusses on approaches for the identification of such abnormalities that need to be counteracted or to treated to minimize its impact.