The Global Navigation Satellite Systems (GNSS) is used for a large number of essential services worldwide, including the critical communications, navigation and surveillance functions required by commercial and military aircraft to conduct normal operations. A vast increase in GNSS jamming and spoofing attacks, concentrated in and around conflict zones, has forced a review of the UK aviation industry’s resilience to this threat due to the indirect flight safety impact on commercial air traffic operating in affected regions. Numerous cyber security frameworks exist that attempt to offer mitigating controls and promote resilience to prevailing cyber threats, but very few are specific or comprehensive enough to cover the unique nature and complexity of aircraft systems and services. International and domestic aviation bodies offer guidance and discourse about understanding the risk and the need to work collaboratively to combat its effect. A review of existing UK aviation cyber security policy has been conducted within this research, looking specifically at the UK Civil Aviation Authority’s (CAA) Cyber Security Oversight Strategy to identify its strength in threat identification, but also its weakness in mandating mitigating controls, or offering an adequately detailed self-assessment and audit process to bring GNSS system vulnerabilities into scope. The proposed revisions, validated against two separate spoofing case studies, include a requirement to specifically assess GNSS resilience, the incorporation of jamming and spoofing response into pilot simulator training, the improvement of threat intelligence and production of operational notifications, the appraisal of conventional analogue technologies for system redundancy and the enforcement of an audit against the National Cyber Security Centre’s Cyber Assessment Framework (CAF), repeated every 2 years. An aviation CAF overlay, offering specific guidance on successful completion, should also be produced.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

How Can Existing Cyber Frameworks Be Better Implemented to Ensure Operational Resilience Within the UK Aviation Industry in the Event of a Cyber-Attack Against Its Mission Critical, Satellite-Based Services?

  • Rob Patton,
  • Hamid Jahankhani

摘要

The Global Navigation Satellite Systems (GNSS) is used for a large number of essential services worldwide, including the critical communications, navigation and surveillance functions required by commercial and military aircraft to conduct normal operations. A vast increase in GNSS jamming and spoofing attacks, concentrated in and around conflict zones, has forced a review of the UK aviation industry’s resilience to this threat due to the indirect flight safety impact on commercial air traffic operating in affected regions. Numerous cyber security frameworks exist that attempt to offer mitigating controls and promote resilience to prevailing cyber threats, but very few are specific or comprehensive enough to cover the unique nature and complexity of aircraft systems and services. International and domestic aviation bodies offer guidance and discourse about understanding the risk and the need to work collaboratively to combat its effect. A review of existing UK aviation cyber security policy has been conducted within this research, looking specifically at the UK Civil Aviation Authority’s (CAA) Cyber Security Oversight Strategy to identify its strength in threat identification, but also its weakness in mandating mitigating controls, or offering an adequately detailed self-assessment and audit process to bring GNSS system vulnerabilities into scope. The proposed revisions, validated against two separate spoofing case studies, include a requirement to specifically assess GNSS resilience, the incorporation of jamming and spoofing response into pilot simulator training, the improvement of threat intelligence and production of operational notifications, the appraisal of conventional analogue technologies for system redundancy and the enforcement of an audit against the National Cyber Security Centre’s Cyber Assessment Framework (CAF), repeated every 2 years. An aviation CAF overlay, offering specific guidance on successful completion, should also be produced.