University Research Project: Cyber Security and Air Traffic Control
VerifiedAdded on 2022/11/23
|23
|5370
|151
Project
AI Summary
This project presents a research proposal on cyber security in air traffic control (ATC) systems. It begins with an introduction highlighting the increasing reliance of ATC on networked systems and the associated cyber threats, such as computer viruses and data injection. The proposal includes a literature review covering general developments in the field, including cyber security laws and policies, smart airports, and the impact of Next-Gen air traffic systems. The study aims to identify vulnerabilities, assess risks, and propose effective control measures within the ATC domain. The methodology involves a problem statement, a conceptual framework, and data collection through questionnaires for ATC supervisors. The assignment concludes with a discussion on data analysis methods and a chapter scheme, detailing the structure and content of each chapter. The research seeks to contribute to the development of robust security governance and enhance operational practices in air traffic control, addressing the evolving challenges of cyber security in the aviation industry.
Running head: CYBER SECURITY AND AIR TRAFFIC CONTROL
Cyber Security and Air Traffic Control
Name of the Student
Name of the University
Author Note
Cyber Security and Air Traffic Control
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1CYBER SECURITY AND AIR TRAFFIC CONTROL
Table of Contents
1. Introduction..............................................................................................................................3
1.1. Literature Review..............................................................................................................4
1.1.1. General Development in the Field.................................................................................4
1.1.1.1. Cyber Security, Aviation and the Developing Law...................................................4
1.1.2. Noteworthy Contributions in the field as Expressed through Various Writings...........5
1.1.2.1. Cyber Security in Smart Airports..............................................................................5
1.1.2.2. Cyber Security, Aviation Sector and ICAO (2016)...................................................6
1.1.2.3. Impact of Next-Gen Air Traffic System on Aviation Security..................................7
1.1.2.4. Cyber Security Policies and Cyber Espionage in the US and UK.............................8
1.1.2.5. Cyber Security in Aviation Industry of Sub Saharan Africa.....................................8
1.1.2.6. Air Traffic Control Systems and Regulatory Frameworks........................................9
1.1.2.7. Cyber Security and the Threat to Safety Critical Systems........................................9
1.1.2.8. IOT Complexity and the Risk of Cyber Security......................................................9
1.1.2.9. Air and Space Law and Cyber Security...................................................................10
1.2. Gaps in the Literature Reviewed/Positioning of Present Research Study..........................10
2. Present Study..........................................................................................................................11
A. Problem Statement..........................................................................................................11
B. Conceptual Framework...................................................................................................11
C. Methodology.......................................................................................................................12
Table of Contents
1. Introduction..............................................................................................................................3
1.1. Literature Review..............................................................................................................4
1.1.1. General Development in the Field.................................................................................4
1.1.1.1. Cyber Security, Aviation and the Developing Law...................................................4
1.1.2. Noteworthy Contributions in the field as Expressed through Various Writings...........5
1.1.2.1. Cyber Security in Smart Airports..............................................................................5
1.1.2.2. Cyber Security, Aviation Sector and ICAO (2016)...................................................6
1.1.2.3. Impact of Next-Gen Air Traffic System on Aviation Security..................................7
1.1.2.4. Cyber Security Policies and Cyber Espionage in the US and UK.............................8
1.1.2.5. Cyber Security in Aviation Industry of Sub Saharan Africa.....................................8
1.1.2.6. Air Traffic Control Systems and Regulatory Frameworks........................................9
1.1.2.7. Cyber Security and the Threat to Safety Critical Systems........................................9
1.1.2.8. IOT Complexity and the Risk of Cyber Security......................................................9
1.1.2.9. Air and Space Law and Cyber Security...................................................................10
1.2. Gaps in the Literature Reviewed/Positioning of Present Research Study..........................10
2. Present Study..........................................................................................................................11
A. Problem Statement..........................................................................................................11
B. Conceptual Framework...................................................................................................11
C. Methodology.......................................................................................................................12
2CYBER SECURITY AND AIR TRAFFIC CONTROL
d. Sampling.............................................................................................................................14
e. Rationale for the Study.......................................................................................................14
f. Data Collection...................................................................................................................14
1. Primary Data Collection.....................................................................................................14
1. Secondary Data Collection.................................................................................................15
2. Questionnaire for ATC Supervisors...................................................................................15
3. Data Analysis and Discussion................................................................................................17
4. Chapter Scheme......................................................................................................................17
References......................................................................................................................................19
d. Sampling.............................................................................................................................14
e. Rationale for the Study.......................................................................................................14
f. Data Collection...................................................................................................................14
1. Primary Data Collection.....................................................................................................14
1. Secondary Data Collection.................................................................................................15
2. Questionnaire for ATC Supervisors...................................................................................15
3. Data Analysis and Discussion................................................................................................17
4. Chapter Scheme......................................................................................................................17
References......................................................................................................................................19
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3CYBER SECURITY AND AIR TRAFFIC CONTROL
1. Introduction
Cyber security has recently emerged as a vital issue in air traffic control systems, the
functionalities of which are seen to rely quite heavily on communications that transpire between
the networked agents situated in such systems (Heere 2016). Owing to the fact that current ATC
systems have avoided incorporating mechanisms that are designed specifically for the protection
of the cyber security of such systems, potential cyber-attacks along the lines of computer virus,
false data injection and GPS spoofing could pose a serious threat to safety of such air control
systems (Ellis and Mohan 2019). Systems for air traffic control are vulnerable to severe attacks
via the internet and intrusion-detection capabilities need to be well established for the detection
of potential cyber penetrations. Attackers are capable of taking full advantage of the software
vulnerabilities that are characteristic of commercial IP products for the purpose of exploiting
ATC systems, something that appears to be quite worrisome in a situation where nations of the
world are faced with an increasing number of threats from state or nation sponsored cyber-
attacks which, for the most part are executed with a remarkable degree of sophistication and
finesse (Kim 2015). Hackers can for instance compromise FAA computers, and use such
computers as channels for the acquisition of unauthorized access to information that is personally
identifiable on employees working in the aviation industry (Bourgois et al. 2018). Critical
network servers can also be seized control of by hackers, who in the process of doing so will
gain the power that is required for shutting the servers down. An occurrence such as this can
seriously end up disrupting the mission support network. More often than not, cyber-attacks are
capable of spreading from mission support networks to national air security networks owing to
the existence of system interconnections (Suciu et al. 2019). This assignment prepares a research
1. Introduction
Cyber security has recently emerged as a vital issue in air traffic control systems, the
functionalities of which are seen to rely quite heavily on communications that transpire between
the networked agents situated in such systems (Heere 2016). Owing to the fact that current ATC
systems have avoided incorporating mechanisms that are designed specifically for the protection
of the cyber security of such systems, potential cyber-attacks along the lines of computer virus,
false data injection and GPS spoofing could pose a serious threat to safety of such air control
systems (Ellis and Mohan 2019). Systems for air traffic control are vulnerable to severe attacks
via the internet and intrusion-detection capabilities need to be well established for the detection
of potential cyber penetrations. Attackers are capable of taking full advantage of the software
vulnerabilities that are characteristic of commercial IP products for the purpose of exploiting
ATC systems, something that appears to be quite worrisome in a situation where nations of the
world are faced with an increasing number of threats from state or nation sponsored cyber-
attacks which, for the most part are executed with a remarkable degree of sophistication and
finesse (Kim 2015). Hackers can for instance compromise FAA computers, and use such
computers as channels for the acquisition of unauthorized access to information that is personally
identifiable on employees working in the aviation industry (Bourgois et al. 2018). Critical
network servers can also be seized control of by hackers, who in the process of doing so will
gain the power that is required for shutting the servers down. An occurrence such as this can
seriously end up disrupting the mission support network. More often than not, cyber-attacks are
capable of spreading from mission support networks to national air security networks owing to
the existence of system interconnections (Suciu et al. 2019). This assignment prepares a research
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4CYBER SECURITY AND AIR TRAFFIC CONTROL
proposal on the subject of cyber security law and policy and the importance that such law and
policy has to play in the efficient and effective functioning of an air traffic control system. For
this purpose, the assignment states the aims and objectives of the research, mentions the specific
research questions that are to be addressed by the study, locates three research hypothesis,
engages in an in-depth review of relevant literature on the subject matter, outlines the methods to
be used for doing the research and concludes with a discussion on the data analysis methods and
modes of data interpretation to be deployed in the course of the study. A chapter scheme is also
provided at the end of the assignment that details what each chapter of the study shall
specifically focus on.
1.1. Literature Review
1.1.1. General Development in the Field
1.1.1.1. Cyber Security, Aviation and the Developing Law
Wood and Capone (2017) have studied the relationship between cyber security and aviation
with special reference to the laws that are applicable in this respect. Wood and Capone (2017)
define cyber security as a measure that is undertaken for protection of information systems from
attacks that are unauthorized. It is the argument of Wood and Capone (2017) that advancements
in technology and the fact that the internet is becoming all pervasive in nature have contributed
to an increase in the concern for information security, stating specifically that there is no industry
in the globe that is immune from or devoid of such concerns. The authors make use of the term
cyber-attack to describe malicious activities that are directed at information systems or
computers stating that the combined costs associated with such attacks as well as the
corresponding defense measures happen to be quite significant. Wood and Capone (2017) argue
proposal on the subject of cyber security law and policy and the importance that such law and
policy has to play in the efficient and effective functioning of an air traffic control system. For
this purpose, the assignment states the aims and objectives of the research, mentions the specific
research questions that are to be addressed by the study, locates three research hypothesis,
engages in an in-depth review of relevant literature on the subject matter, outlines the methods to
be used for doing the research and concludes with a discussion on the data analysis methods and
modes of data interpretation to be deployed in the course of the study. A chapter scheme is also
provided at the end of the assignment that details what each chapter of the study shall
specifically focus on.
1.1. Literature Review
1.1.1. General Development in the Field
1.1.1.1. Cyber Security, Aviation and the Developing Law
Wood and Capone (2017) have studied the relationship between cyber security and aviation
with special reference to the laws that are applicable in this respect. Wood and Capone (2017)
define cyber security as a measure that is undertaken for protection of information systems from
attacks that are unauthorized. It is the argument of Wood and Capone (2017) that advancements
in technology and the fact that the internet is becoming all pervasive in nature have contributed
to an increase in the concern for information security, stating specifically that there is no industry
in the globe that is immune from or devoid of such concerns. The authors make use of the term
cyber-attack to describe malicious activities that are directed at information systems or
computers stating that the combined costs associated with such attacks as well as the
corresponding defense measures happen to be quite significant. Wood and Capone (2017) argue
5CYBER SECURITY AND AIR TRAFFIC CONTROL
that cyber security appears to be a greater concern for the aviation rather than any other industry
in the world largely due to the fact that this is an industry that depends greatly on internet
connectivity and computer technology. The research provides a brief overview of the problem of
cyber security in the aviation industry and discusses the developing law in this matter that
includes a discussion of both statutory and common law standards and regulatory activities.
1.1.2. Noteworthy Contributions in the field as Expressed through Various
Writings
1.1.2.1. Cyber Security in Smart Airports
Lykou et al. (2014) have undertaken research on cyber security in smart airports and have
discussed the controls and measures that are undertaken here for the purpose of threat mitigation
as well as cyber resilience. The authors state that airports are located at the forefront of all types
of technological innovation primarily due to the fact that air travel passengers are exponentially
increasing in number with every passing year. Consequently, airports are seen to enhance
infrastructure intelligence on a regular basis, and have been evolving slowly and steadily as
smart facilities for supporting growth, thereby providing customers with a truly enjoyable and
comfortable not to mention efficient travel experience. However, it pointed out by Lykou et al.
(2014), that there are new challenges that aviation must adapt to and deal with today, such as
integrating industrial internet of things in all airport facilities accompanied by the increasing use
of smart phone devices, tablets and computers on the part of employees and passengers. As a
result, it is argued by Lykou et al. (2014) that cyber security is gradually emerging as a key
enabler when it comes to ensuring passenger safety. Smart airports are making an effort to
provide customers with optimal services in a manner that is both sustainable as well as reliable,
and this is achieved by working around domains such as security, safety, efficiency and growth.
that cyber security appears to be a greater concern for the aviation rather than any other industry
in the world largely due to the fact that this is an industry that depends greatly on internet
connectivity and computer technology. The research provides a brief overview of the problem of
cyber security in the aviation industry and discusses the developing law in this matter that
includes a discussion of both statutory and common law standards and regulatory activities.
1.1.2. Noteworthy Contributions in the field as Expressed through Various
Writings
1.1.2.1. Cyber Security in Smart Airports
Lykou et al. (2014) have undertaken research on cyber security in smart airports and have
discussed the controls and measures that are undertaken here for the purpose of threat mitigation
as well as cyber resilience. The authors state that airports are located at the forefront of all types
of technological innovation primarily due to the fact that air travel passengers are exponentially
increasing in number with every passing year. Consequently, airports are seen to enhance
infrastructure intelligence on a regular basis, and have been evolving slowly and steadily as
smart facilities for supporting growth, thereby providing customers with a truly enjoyable and
comfortable not to mention efficient travel experience. However, it pointed out by Lykou et al.
(2014), that there are new challenges that aviation must adapt to and deal with today, such as
integrating industrial internet of things in all airport facilities accompanied by the increasing use
of smart phone devices, tablets and computers on the part of employees and passengers. As a
result, it is argued by Lykou et al. (2014) that cyber security is gradually emerging as a key
enabler when it comes to ensuring passenger safety. Smart airports are making an effort to
provide customers with optimal services in a manner that is both sustainable as well as reliable,
and this is achieved by working around domains such as security, safety, efficiency and growth.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6CYBER SECURITY AND AIR TRAFFIC CONTROL
The research undertaken by Lykou et al. (2014) discusses the implementation rate associated
with cyber security measures as undertaken in major commercial airports, risk scenario analysis
of malware attacks related to the internet of things along with actions to mitigate threats in this
respect and it also discusses the malicious threats that are seen to evolve owing to the smart
devices installed as well as the internet of things. The aim of the research undertaken by Lykou
et al. (2014) is to ensure development of robust security governance and enhancement of
operational practices in smart airports, and this is done by presenting a comprehensive and
systematic analysis of the types of malicious attacks that are seen to occur and which are likely
to occur in smart airports, facilitating airport communities to comprehend such risks and act
proactively by engaging in the implementation of resilience measures and best practices with
regard to cyber security.
1.1.2.2. Cyber Security, Aviation Sector and ICAO (2016)
Abeyratne (2016) has carried out research on cyber security in the aviation sector with
special reference to ICAO (2016). The research alludes to the use of a term, “cyberjacking”
which may be equated with the act of hijacking an airplane but in the domain of cyber security
and through the implementation of cyber technology. According to Abeyratne (2016),
cyberjacking can take from both outside a plane or from its inside. What acts as a catalyst in such
a situation, in the view of Abeyratne (2016), is the increasing use on the part of airline
passengers of internet connectivity that is used for playing games or watching videos and
listening to music on board the aircraft. This research also makes mention of internet signals that
are routed via existing communications architecture, a good example in this respect being
Automatic Dependent Surveillance-Broadcast or Aircraft Communications Addressing and
The research undertaken by Lykou et al. (2014) discusses the implementation rate associated
with cyber security measures as undertaken in major commercial airports, risk scenario analysis
of malware attacks related to the internet of things along with actions to mitigate threats in this
respect and it also discusses the malicious threats that are seen to evolve owing to the smart
devices installed as well as the internet of things. The aim of the research undertaken by Lykou
et al. (2014) is to ensure development of robust security governance and enhancement of
operational practices in smart airports, and this is done by presenting a comprehensive and
systematic analysis of the types of malicious attacks that are seen to occur and which are likely
to occur in smart airports, facilitating airport communities to comprehend such risks and act
proactively by engaging in the implementation of resilience measures and best practices with
regard to cyber security.
1.1.2.2. Cyber Security, Aviation Sector and ICAO (2016)
Abeyratne (2016) has carried out research on cyber security in the aviation sector with
special reference to ICAO (2016). The research alludes to the use of a term, “cyberjacking”
which may be equated with the act of hijacking an airplane but in the domain of cyber security
and through the implementation of cyber technology. According to Abeyratne (2016),
cyberjacking can take from both outside a plane or from its inside. What acts as a catalyst in such
a situation, in the view of Abeyratne (2016), is the increasing use on the part of airline
passengers of internet connectivity that is used for playing games or watching videos and
listening to music on board the aircraft. This research also makes mention of internet signals that
are routed via existing communications architecture, a good example in this respect being
Automatic Dependent Surveillance-Broadcast or Aircraft Communications Addressing and
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7CYBER SECURITY AND AIR TRAFFIC CONTROL
Reporting System. Both such systems are information communication systems as a result of
which both can be vulnerable to cyber-attacks. The research goes onto state that there have been
one or more than one attacks on computer systems of commercial airlines, after which the role
that is played by the International Civil Aviation Organization or ICAO, a body that plays a
leading role in preventing cyber terrorism from taking place, is elaborated upon, accompanied by
constructive recommendations on how cyber security can be suitably enhanced and improved.
1.1.2.3. Impact of Next-Gen Air Traffic System on Aviation Security
Weiland and Wei (2018) have evaluated the impact that the air traffic system of the Next
Generation has on aviation security. Next-Gen as this is commonly known provides an outlet to
the National Airspace System that operates digitally in the domain of cyber space. According to
Weiland and Wei (2018) improvements in air traffic brought about by the Next-Gen system in
addition to the risks associated with longstanding cyber-attacks in the information technology
industry is something that has emerged as quite a challenging matter for air traffic management
and the aviation community since cyber security challenges in this respect could impact greatly
the assurance of security and safety that the Next-Gen system is seen to provide with regard to
air transportation. Technological shifts that have taken place of NAS infrastructure, right from
the conventional radar based systems to the present day networking systems is what demands a
revision, re-definition and review of current regulations, standards and policies as well as norms
for the purpose of reflecting as well as mitigating new risks. By engaging in an analysis of
regulations, practices, standards, reports, and recommendations from industry and government,
Weiland and Wei (2018) analyze security impacts and influences on Next-Gen, in addition to the
risks that are associated with cyber security regulations and incidents in order to identify the
most efficient and effective control measures that can be deployed over information systems in
Reporting System. Both such systems are information communication systems as a result of
which both can be vulnerable to cyber-attacks. The research goes onto state that there have been
one or more than one attacks on computer systems of commercial airlines, after which the role
that is played by the International Civil Aviation Organization or ICAO, a body that plays a
leading role in preventing cyber terrorism from taking place, is elaborated upon, accompanied by
constructive recommendations on how cyber security can be suitably enhanced and improved.
1.1.2.3. Impact of Next-Gen Air Traffic System on Aviation Security
Weiland and Wei (2018) have evaluated the impact that the air traffic system of the Next
Generation has on aviation security. Next-Gen as this is commonly known provides an outlet to
the National Airspace System that operates digitally in the domain of cyber space. According to
Weiland and Wei (2018) improvements in air traffic brought about by the Next-Gen system in
addition to the risks associated with longstanding cyber-attacks in the information technology
industry is something that has emerged as quite a challenging matter for air traffic management
and the aviation community since cyber security challenges in this respect could impact greatly
the assurance of security and safety that the Next-Gen system is seen to provide with regard to
air transportation. Technological shifts that have taken place of NAS infrastructure, right from
the conventional radar based systems to the present day networking systems is what demands a
revision, re-definition and review of current regulations, standards and policies as well as norms
for the purpose of reflecting as well as mitigating new risks. By engaging in an analysis of
regulations, practices, standards, reports, and recommendations from industry and government,
Weiland and Wei (2018) analyze security impacts and influences on Next-Gen, in addition to the
risks that are associated with cyber security regulations and incidents in order to identify the
most efficient and effective control measures that can be deployed over information systems in
8CYBER SECURITY AND AIR TRAFFIC CONTROL
air traffic management, while providing direction to future research that can be undertaken in
this area.
1.1.2.4. Cyber Security Policies and Cyber Espionage in the US and UK
Stoddart et al. (2016) have studied cyber security policies as practiced in the United
Kingdom and in the United States of America. A comparison is made of cyber security
arrangements in both these countries by virtue of the fact that both countries happen to be liberal
democracies. The research outlines the supervisory control as well as data acquisition systems as
implemented in the US and the UK after which UK and US policies with respect to cyber
security have been analyzed in detail. A wider discussion of cyber-crime and the cyber espionage
system is entered into, with the argument being made by Stoddart et al. (2016) that national
approaches to breach of CNI and other aspects of cyber security have to be internationally
concerted while also acknowledging at the same given time that the concerns and needs of civil
society and private industry ought to be taken into consideration.
1.1.2.5. Cyber Security in Aviation Industry of Sub Saharan Africa
Lekota and Coetzee (2019) have analyzed cyber security in the context of the aviation
industry of Sub Saharan African countries. It is argued by Lekota and Coetzee (2019) that cyber-
attacks have taken place in the aviation community of Sub Saharan Africa several times in the
years between 2016 and 2018 such as cyber-attacks for financial gain, spying, terrorism and
attempts by hackers for the identification and exploitation of vulnerabilities. What makes
managing cyber-attacks a challenge for countries in Sub Saharan Africa, in the view of Lekota
and Coetzee (2019), is the fact that information security mechanisms and frameworks that are
required for coping with the significant rise in cyber-attacks are not in any given way,
standardized. Lekota and Coetzee (2019) make the argument that in order to be ahead of such
air traffic management, while providing direction to future research that can be undertaken in
this area.
1.1.2.4. Cyber Security Policies and Cyber Espionage in the US and UK
Stoddart et al. (2016) have studied cyber security policies as practiced in the United
Kingdom and in the United States of America. A comparison is made of cyber security
arrangements in both these countries by virtue of the fact that both countries happen to be liberal
democracies. The research outlines the supervisory control as well as data acquisition systems as
implemented in the US and the UK after which UK and US policies with respect to cyber
security have been analyzed in detail. A wider discussion of cyber-crime and the cyber espionage
system is entered into, with the argument being made by Stoddart et al. (2016) that national
approaches to breach of CNI and other aspects of cyber security have to be internationally
concerted while also acknowledging at the same given time that the concerns and needs of civil
society and private industry ought to be taken into consideration.
1.1.2.5. Cyber Security in Aviation Industry of Sub Saharan Africa
Lekota and Coetzee (2019) have analyzed cyber security in the context of the aviation
industry of Sub Saharan African countries. It is argued by Lekota and Coetzee (2019) that cyber-
attacks have taken place in the aviation community of Sub Saharan Africa several times in the
years between 2016 and 2018 such as cyber-attacks for financial gain, spying, terrorism and
attempts by hackers for the identification and exploitation of vulnerabilities. What makes
managing cyber-attacks a challenge for countries in Sub Saharan Africa, in the view of Lekota
and Coetzee (2019), is the fact that information security mechanisms and frameworks that are
required for coping with the significant rise in cyber-attacks are not in any given way,
standardized. Lekota and Coetzee (2019) make the argument that in order to be ahead of such
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9CYBER SECURITY AND AIR TRAFFIC CONTROL
evolving cyber-attacks both outside as well as within the organization, responsibility has to be
shared among aviation industry participants for securing aviation systems.
1.1.2.6. Air Traffic Control Systems and Regulatory Frameworks
Andreades et al. (2017) have studied air traffic control systems and legacy avionics. The
authors describe the Next-Gen air traffic system in detail and also draw up a list of potential
issues pertaining to cyber security as well as associated cyber security incidents and anecdotes.
Andreades et al. (2017) provide an overview of the regulatory framework as implemented in the
commercial or civil aviation industry with introduced cyber security solutions and measures
being well summarized by the authors.
1.1.2.7. Cyber Security and the Threat to Safety Critical Systems
Johnson (2016) has analyzed the growing threat that exists to cyber security pertaining to
safety critical systems. As argued by Johnson (2016) common vulnerabilities have been created
as a result of introducing commercial and off the shelf software products across maritime,
aviation, rail as well as power generation infrastructures. Johnson (2016) emphasized the
urgency of moving beyond various types of high level policies for addressing the many
engineering challenges that presently threaten cyber security as applicable with regard to safety
critical systems.
1.1.2.8. IOT Complexity and the Risk of Cyber Security
Horowitz (2018) has discussed the complexity brought about by the internet of things to
commerce, homes and cities stating that this complexity is increasing the risk of cyber security
evolving cyber-attacks both outside as well as within the organization, responsibility has to be
shared among aviation industry participants for securing aviation systems.
1.1.2.6. Air Traffic Control Systems and Regulatory Frameworks
Andreades et al. (2017) have studied air traffic control systems and legacy avionics. The
authors describe the Next-Gen air traffic system in detail and also draw up a list of potential
issues pertaining to cyber security as well as associated cyber security incidents and anecdotes.
Andreades et al. (2017) provide an overview of the regulatory framework as implemented in the
commercial or civil aviation industry with introduced cyber security solutions and measures
being well summarized by the authors.
1.1.2.7. Cyber Security and the Threat to Safety Critical Systems
Johnson (2016) has analyzed the growing threat that exists to cyber security pertaining to
safety critical systems. As argued by Johnson (2016) common vulnerabilities have been created
as a result of introducing commercial and off the shelf software products across maritime,
aviation, rail as well as power generation infrastructures. Johnson (2016) emphasized the
urgency of moving beyond various types of high level policies for addressing the many
engineering challenges that presently threaten cyber security as applicable with regard to safety
critical systems.
1.1.2.8. IOT Complexity and the Risk of Cyber Security
Horowitz (2018) has discussed the complexity brought about by the internet of things to
commerce, homes and cities stating that this complexity is increasing the risk of cyber security
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10CYBER SECURITY AND AIR TRAFFIC CONTROL
threats arguing that if such risks are to be reduced, resilient cyber-physical systems have to be
formed that are capable of responding to various types of cyber-attacks or disturbances.
1.1.2.9. Air and Space Law and Cyber Security
Kaiser and Mejia Kaiser (2015) have studied cyber security with reference to air and
space laws. It is argued by Kaiser and Mejia Kaiser (2015) that cyber security is a term that
encompasses technical measures that require a regulatory framework for adequate
implementation and that this is a regulation that needs to be incorporated into laws dealing with
air and the virtual space in timely fashion, at a time when technology is still in a stage of
progress. The research elaborates on regulatory frameworks and legal principles that deal with
cyber security in the context of air as well as space law.
1.2. Gaps in the Literature Reviewed/Positioning of Present Research
Study
While the literature that has been reviewed above points to cyber security policies and
control measures as deployed in various countries of the world with respect to the aviation
industry in general and the air traffic control system in particular, and talks about the
mitigation techniques that need to be deployed in order to suitably control and combat the threat
of cyber security in aviation, little mention is made of the type of laws and legal frameworks
that can be utilized for this purpose (Simmons 2017). New research must therefore be conducted
on the impact that laws pertaining to cyber security can have on aviation operations (Lykou et al.
2019). This is something that this research study at least proposes to do by analyzing the
positive, negative or neutral impact of cyber security laws on air traffic control system
threats arguing that if such risks are to be reduced, resilient cyber-physical systems have to be
formed that are capable of responding to various types of cyber-attacks or disturbances.
1.1.2.9. Air and Space Law and Cyber Security
Kaiser and Mejia Kaiser (2015) have studied cyber security with reference to air and
space laws. It is argued by Kaiser and Mejia Kaiser (2015) that cyber security is a term that
encompasses technical measures that require a regulatory framework for adequate
implementation and that this is a regulation that needs to be incorporated into laws dealing with
air and the virtual space in timely fashion, at a time when technology is still in a stage of
progress. The research elaborates on regulatory frameworks and legal principles that deal with
cyber security in the context of air as well as space law.
1.2. Gaps in the Literature Reviewed/Positioning of Present Research
Study
While the literature that has been reviewed above points to cyber security policies and
control measures as deployed in various countries of the world with respect to the aviation
industry in general and the air traffic control system in particular, and talks about the
mitigation techniques that need to be deployed in order to suitably control and combat the threat
of cyber security in aviation, little mention is made of the type of laws and legal frameworks
that can be utilized for this purpose (Simmons 2017). New research must therefore be conducted
on the impact that laws pertaining to cyber security can have on aviation operations (Lykou et al.
2019). This is something that this research study at least proposes to do by analyzing the
positive, negative or neutral impact of cyber security laws on air traffic control system
11CYBER SECURITY AND AIR TRAFFIC CONTROL
2. Present Study
A. Problem Statement
The threat that is posed by cyber-attacks on air traffic control is severe, with important data
and confidential information being heavily compromised in the process. The safety and security
of air travel customers stands to be at a huge risk if breaches in cyber security are allowed to
continue. A well-known example of the severity of cyber-attacks on air traffic control system is
the case of the 9/11 terrorist attack that was carried out on the Pentagon and the World Trade
Center in America by Osama Bin Laden and the Al Qaeeda. Cyber-attacks on the nation’s air
traffic control system resulted in terrorists being able to stealthily make their way onto four
aircrafts following which they incapacitated the pilots and then proceeded to fly these aircrafts
into the Pentagon and WTC, crashing down finally onto a field situated in Pennsylvania. Efforts
need to be made to see how legal frameworks and solutions maybe utilized in order to prevent
breach to the cyber security of air traffic control systems.
B. Conceptual Framework
Factors impacting drafting and implementation of cyber security law and policy in air
traffic control
The conceptual basis of this research will entail a study of the factors that impact the
drafting and implementation of cyber security law and policy in air traffic control such as
government policy, budget and state of the art infrastructure. Stringent policy and a substantive
budget as well as the availability of state of the art infrastructure facilitate the adequate drafting
and implementation of cyber security law and policy with regard to air traffic control.
2. Present Study
A. Problem Statement
The threat that is posed by cyber-attacks on air traffic control is severe, with important data
and confidential information being heavily compromised in the process. The safety and security
of air travel customers stands to be at a huge risk if breaches in cyber security are allowed to
continue. A well-known example of the severity of cyber-attacks on air traffic control system is
the case of the 9/11 terrorist attack that was carried out on the Pentagon and the World Trade
Center in America by Osama Bin Laden and the Al Qaeeda. Cyber-attacks on the nation’s air
traffic control system resulted in terrorists being able to stealthily make their way onto four
aircrafts following which they incapacitated the pilots and then proceeded to fly these aircrafts
into the Pentagon and WTC, crashing down finally onto a field situated in Pennsylvania. Efforts
need to be made to see how legal frameworks and solutions maybe utilized in order to prevent
breach to the cyber security of air traffic control systems.
B. Conceptual Framework
Factors impacting drafting and implementation of cyber security law and policy in air
traffic control
The conceptual basis of this research will entail a study of the factors that impact the
drafting and implementation of cyber security law and policy in air traffic control such as
government policy, budget and state of the art infrastructure. Stringent policy and a substantive
budget as well as the availability of state of the art infrastructure facilitate the adequate drafting
and implementation of cyber security law and policy with regard to air traffic control.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 23
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.