Introduction by Sofema Aviation Services (SAS) www.sassofia.com understanding the current threats to our aviation domains, particularly in the context of European Operations.
Introduction
An effective Cybersecurity process could be considered as a system of processes and protocols working across your business to protect both your information (Data) as well as your services from any potential cyber-driven breaches or disruptions.
The Cyber security exposure is compounded with the introduction of digital aircraft as well as widespread connectivity.
A typical Cyber Security Management Process Would offer:
- Application security
- Critical infrastructure security
- Cloud Security
- Data loss preventions
Aircraft Certification continues to be a challenge related to digital systems with future requirements driving additional “Special Conditions” to address the vulnerabilities.
Background Understanding Regarding Cyber Attacks
Cyber-attacks are not something new, in fact, you may even agree that during the last several years such attacks appear to be becoming more frequent with a varying degree of sophistication.
A common thread in all cases concerns the potential for a significant financial loss. (without considering the reputational damage or the potential for safety system exposure.)
A successful A cyber-attack could in the very worst-case result in the loss of life taking the potential exposure of the organizational to a whole new level.
Any system which is considered safety or mission-critical must receive be subject to appropriate certification against a known standard or criteria as well as be subject to rigorous cybersecurity controls.
Aviation Software Considerations
Modern Aircraft typically contain numerous avionic systems with software containing many 1000’s lines of code as a result software verification becomes an important element in delivering a safe system or product.
Aviation Cybersecurity – What are the Major Challenges:
- Air Traffic Control Systems
- Airports Systems & Infrastructure
- Aircraft Operators & Management Organisations
- Aircraft Maintainers
- Access, Departure, and Passport Control Systems
- Cargo handling and shipping
- Reservation Systems
- Hazardous Materials Transportation Management
- In-Flight Entertainment (IFE) and Connectivity Systems
- e-Enabled ground and onboard systems
Testing for Vulnerabilities
In order for an attack to succeed elements are required, the first being a vulnerability and the second being a pathway or mechanism through which the particular vulnerability may be exploited.
Important note – Because we have not identified a pathway does not mean that such a pathway does not exist!
Do you have a test team or process?
- Such a process will be supported by subject matter experts who carry out systematic testing of the system or process to discover any flaws.
An Inside Threat – Is it Real?
- Develop best practice policies and procedures.
- Ensure continuous review and improvement.
- Wherever possible controls should be put in place to ensure that only the people who require specific access are provided with the required credentials.
Next Steps
Follow this link to our Library to find & Download related documents for Free.
Sofema Aviation Services offers the following course delivered as classroom or webinar – EASA Compliant Organizational Cyber Security Responsibilities – 1 Day
Please see www.sassofia.com or email team@sassofia.com for additional details.
Tags:
aviation, Cyber Security, SAS blogs, Aviation Cyber Security, Cyber Security Management System, European Operations, Cyber Attacks, Cyber Security Management Process, Cyber security threats, Aviation Domains