A Model-Based Approach for Aviation Cyber Security Risk Assessment

Abstract

The air transport infrastructure is an attractive target for cyber attacks due to its importance and prominence. The current system is already vulnerable and the advent of more automation and pervasion of standard IT in the future leads to ever more complex and interconnected systems with an increasing attack surface. To cope with this situation, we need suitable methods and tools to achieve understanding of the consequences in potential cyber threat situations. We propose a model-based approach for aviation cyber security risk assessment in support of holistic understanding of threats and risk in complex interconnected systems. We introduce our modeling approach and show how computer-based reasoning can be used for threat and risk analysis based on these models. This paper presents the promising results of initial research. Substantial effort is still needed to mature the approach. We expect major challenges to be of an organizational rather than technical nature.