Strengthening Aviation Cybersecurity with Security Operations Centres

International Conference on Cyber Warfare and Security Pub Date : 2024-03-21 DOI:10.34190/iccws.19.1.2180

Wesley Murisa, Marijke Coetzee

{"title":"Strengthening Aviation Cybersecurity with Security Operations Centres","authors":"Wesley Murisa, Marijke Coetzee","doi":"10.34190/iccws.19.1.2180","DOIUrl":null,"url":null,"abstract":"Even though cybersecurity is a top priority for the aviation industry, research indicates that there are still many challenges to address. Modern aviation systems encompass cloud computing, OT, IoT, mobile devices, and traditional IT infrastructure. The network complexity has expanded the attack surface, leading to an increase in security incidents. Due to this complexity, detecting security incidents on time is challenging. Research indicates that it may take up to 196 days to detect an incident and another 56 days to address it, highlighting the urgency of improving security response. In this regard, establishing Security Operations Centres (SOCs) in the aviation sector must be addressed. SOCs can be instrumental in reducing the time it takes to detect and respond to security incidents. They provide visibility into threats, aid investigations, and enhance forensic efforts, enabling proactive threat mitigation. Research has been carried out on SOC implementations for specific domains like IoT, mobile devices, and higher education, neglecting aviation systems. Aviation systems such as Air Traffic Management (ATM) face unique security vulnerabilities, including signal modification, jamming, flooding, data and command injection, GPS spoofing, and blocking attacks, primarily due to their reliance on wireless technology. Most of these wireless technologies do not use encryption or authentication because they were designed to maximise performance. Insufficient funding also negatively affects ATM systems, resulting in the wide use of legacy ATM systems and a shortage of skilled personnel. ATM systems are considered critical infrastructure frequently targeted by well-resourced threat actors, including terrorists and nation-state actors, necessitating higher protection levels. This paper motivates the development of a customised SOC implementation framework for ATM systems to enhance aviation security by increasing visibility into threats and facilitating timely remediation.","PeriodicalId":429427,"journal":{"name":"International Conference on Cyber Warfare and Security","volume":" 4","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-03-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference on Cyber Warfare and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.34190/iccws.19.1.2180","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Even though cybersecurity is a top priority for the aviation industry, research indicates that there are still many challenges to address. Modern aviation systems encompass cloud computing, OT, IoT, mobile devices, and traditional IT infrastructure. The network complexity has expanded the attack surface, leading to an increase in security incidents. Due to this complexity, detecting security incidents on time is challenging. Research indicates that it may take up to 196 days to detect an incident and another 56 days to address it, highlighting the urgency of improving security response. In this regard, establishing Security Operations Centres (SOCs) in the aviation sector must be addressed. SOCs can be instrumental in reducing the time it takes to detect and respond to security incidents. They provide visibility into threats, aid investigations, and enhance forensic efforts, enabling proactive threat mitigation. Research has been carried out on SOC implementations for specific domains like IoT, mobile devices, and higher education, neglecting aviation systems. Aviation systems such as Air Traffic Management (ATM) face unique security vulnerabilities, including signal modification, jamming, flooding, data and command injection, GPS spoofing, and blocking attacks, primarily due to their reliance on wireless technology. Most of these wireless technologies do not use encryption or authentication because they were designed to maximise performance. Insufficient funding also negatively affects ATM systems, resulting in the wide use of legacy ATM systems and a shortage of skilled personnel. ATM systems are considered critical infrastructure frequently targeted by well-resourced threat actors, including terrorists and nation-state actors, necessitating higher protection levels. This paper motivates the development of a customised SOC implementation framework for ATM systems to enhance aviation security by increasing visibility into threats and facilitating timely remediation.

查看原文本刊更多论文

利用安全运营中心加强航空网络安全

尽管网络安全是航空业的重中之重，但研究表明仍有许多挑战需要应对。现代航空系统包括云计算、OT、物联网、移动设备和传统 IT 基础设施。网络的复杂性扩大了攻击面，导致安全事件增加。由于这种复杂性，及时发现安全事件具有挑战性。研究表明，发现一起事件可能需要长达 196 天的时间，而处理这起事件又需要 56 天，这凸显了改进安全响应的紧迫性。为此，必须在航空部门建立安全运营中心（SOC）。安全运营中心有助于缩短发现和应对安全事件的时间。它们可以提供威胁的可视性、协助调查并加强取证工作，从而能够主动减轻威胁。针对物联网、移动设备和高等教育等特定领域的 SOC 实施进行了研究，但忽略了航空系统。航空系统（如空中交通管理 (ATM)）面临着独特的安全漏洞，包括信号修改、干扰、洪水、数据和命令注入、GPS 欺骗和阻塞攻击，这主要是由于它们依赖于无线技术。这些无线技术大多不使用加密或身份验证，因为它们的设计目的是最大限度地提高性能。资金不足也对 ATM 系统产生了负面影响，导致传统 ATM 系统的广泛使用和熟练人员的短缺。ATM 系统被视为关键基础设施，经常成为包括恐怖分子和民族国家行为者在内的资源充足的威胁行为者的目标，因此需要更高的保护级别。本文旨在为 ATM 系统开发一个定制的 SOC 实施框架，通过提高威胁的可见性和促进及时补救来加强航空安全。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Conference on Cyber Warfare and Security

自引率

0.00%

发文量