Assessing the impact of aviation security on cyber power

We analyse the impact of new wireless technology threat models on cyber power, using the aviation context as an example. The ongoing move from traditional air traffic control systems such as radar and voice towards enhanced surveillance and communications systems using modern data networks causes a marked shift in the security of the aviation environment. Implemented through the European SESAR and the US American NextGen programmes, several new air traffic control and communication protocols are currently being rolled out that have been in the works for decades. Unfortunately, during their development the shifting wireless technology threat models were not taken into account. As technology related to digital avionics is getting more widely accessible, traditional electronic warfare threat models are fast becoming obsolete. This paper defines a novel and realistic threat model based on the up-to-date capabilities of different types of threat agents and their impact on a digitalised aviation communication system. After analysing how the changing technological environment affects the security of aviation technologies, current and future, we discuss the reasons preventing the aviation industry from quickly improving the security of its wireless protocols. Among these reasons, we identify the existing tradition of the industry, the prevalence of legacy hard- and software, major cost pressures, slow development cycles, and a narrow focus on safety (as opposed to security). Finally, we analyse how this major technological shift informs the future of cyber power and conflict in the aviation environment by looking at tangible effects for state actors.

[1]  Andrei Costin,et al.  Ghost in the Air(Traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices , 2012 .

[2]  David L. Adamy Introduction to Electronic Warfare Modeling and Simulation , 2002 .

[3]  Rui Pinheiro,et al.  On Perception and Reality in Wireless Air Traffic Communication Security , 2016, IEEE Transactions on Intelligent Transportation Systems.

[4]  W. Li,et al.  Integrated aviation security for defense-in-depth of next generation air transportation system , 2011, 2011 IEEE International Conference on Technologies for Homeland Security (HST).

[5]  Ivan Martinovic,et al.  Experimental Analysis of Attacks on Next Generation Air Traffic Communication , 2013, ACNS.

[6]  G. Galati,et al.  Wide area surveillance using SSR mode S multilateration: advantages and limitations , 2005, European Radar Conference, 2005. EURAD 2005..

[7]  Robert F. Mills,et al.  Enhancing the security of aircraft surveillance in the next generation air traffic control system , 2013, Int. J. Crit. Infrastructure Prot..

[8]  Steve Henely Traffic Alert and Collision Avoidance System II (TCAS II) , 2014 .

[9]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[10]  B. Stephens,et al.  Security architecture for aeronautical networks , 2004, The 23rd Digital Avionics Systems Conference (IEEE Cat. No.04CH37576).

[11]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[12]  Markus Franke,et al.  COMPETITION BETWEEN NETWORK CARRIERS AND LOW-COST CARRIERS - RETREAT BATTLE OR BREAKTHROUGH TO A NEW LEVEL OF EFFICIENCY? , 2004 .

[13]  Ivan Martinovic,et al.  On the Security of the Automatic Dependent Surveillance-Broadcast Protocol , 2013, IEEE Communications Surveys & Tutorials.

[14]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[15]  T. McParland,et al.  Securing air-ground communications , 2001, 20th DASC. 20th Digital Avionics Systems Conference (Cat. No.01CH37219).

[16]  Ivan Martinovic,et al.  Realities and challenges of nextgen air traffic management: the case of ADS-B , 2014, IEEE Communications Magazine.