A Model-Based Approach for Aviation Cyber Security Risk Assessment

Kiesling, Tobias; Krempel, Matias; Niederl, Josef; Ziegler, Jürgen

doi:10.1109/ares.2016.63

Cited by 10 publications

(5 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Adhikari and Davis [76] discussed the applicability of blockchain with aviation cybersecurity framework and authors argued that blockchain can provide the needed digital data security for aviation operations. Kiesling et al [50] gave a modelbased approach for aviation cybersecurity risk assessment.…”

Section: Aviation Security Framework and Solutionsmentioning

confidence: 99%

Cyber security challenges in aviation communication, navigation, and surveillance

Dave

Choudhary

Sihag

et al. 2022

Computers & Security

View full text Add to dashboard Cite

Section: Aviation Security Framework and Solutionsmentioning

confidence: 99%

Cyber security challenges in aviation communication, navigation, and surveillance

Dave

Choudhary

Sihag

et al. 2022

Computers & Security

View full text Add to dashboard Cite

“…Kure and Islam [20] introduced a risk assessment approach for critical infrastructure based on Cyber Threat Intelligence (CTI) leveraging the concepts of ISO 27005 and NIST SP 800-30. [22] and [18] used a similar approach to identify security metrics describing threats and their countermeasures. Haji et al [12] proposed a risk management module that uses threat modelling to identify threats using NIST SP 800-30 and OWASP threat scenarios.…”

Section: Related Workmentioning

confidence: 99%

MITRE ATT&CK-driven Cyber Risk Assessment

Ahmed

Panda

Xenakis

et al. 2022

Proceedings of the 17th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Assessing the risk posed by Advanced Cyber Threats (APTs) is challenging without understanding the methods and tactics adversaries use to attack an organisation. The MITRE ATT&CK provides information on the motivation, capabilities, interests and tactics, techniques and procedures (TTPs) used by threat actors. In this paper, we leverage these characteristics of threat actors to support informed cyber risk characterisation and assessment. In particular, we utilise the MITRE repository of known adversarial TTPs along with attack graphs to determine the attack probability as well as the likelihood of success of an attack. We further identify attack paths with the highest likelihood of success considering the techniques and procedures of a threat actor. The assessment is supported by a case study of a health care organisation to identify the level of risk against two adversary groups-Lazarus and menuPass.

show abstract

“…However, there are no publicly available numbers of incidents in the Air Traffic Network (ATN) per operational hour, thus we required another method. Regarding qualitative measurement methods, there are many examples in literature [28,29] on how to do it .We decided to mix approaches, develop a new and more fine-grained rating system and apply that onto our threat catalogue. For that purpose we defined seven factors all connected to either motivation or technical difficulty and rate them from zero to five (Table 3), average the score and receive a likelihood rating for a certain attack.…”

Section: Likelihoodmentioning

confidence: 99%

Paving the way for an IT security architecture for LDACS: A datalink security threat- and risk analysis

Mäurer¹

2018

2018 Integrated Communications, Navigation, Surveillance Conference (ICNS)

View full text Add to dashboard Cite

With air transportation growing and current civil aeronautical communication systems reaching their capacity limit in high density areas, the need for new aeronautical communication technologies becomes apparent. This implies the transition from analogue voice to digital data communication. A promising candidate for terrestrial air-ground communication is the L-band Digital Aeronautical Communications System (LDACS). LDACS is currently in the process of being standardized in ICAO. Being integrated in the aeronautical telecommunication network and providing a digital communication link for safety critical applications, each and every installation of LDACS requires protection against cyber-attacks. A rigorous threat and risk analysis is the fundamental basis to derive an IT security architecture for LDACS. The objective of this paper is to identify safety relevant air traffic management services, perform a threat and risk analysis, and define attacker types. Having created a threat catalog, we introduce a threat rating system allowing us to set our findings in a qualitative context and pave the way for a future LDACS IT security architecture.

show abstract

A Model-Based Approach for Aviation Cyber Security Risk Assessment

Cited by 10 publications

References 6 publications

Cyber security challenges in aviation communication, navigation, and surveillance

Cyber security challenges in aviation communication, navigation, and surveillance

MITRE ATT&CK-driven Cyber Risk Assessment

Paving the way for an IT security architecture for LDACS: A datalink security threat- and risk analysis

Contact Info

Product

Resources

About