See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/342585180

Cybersecurity in Aviation : An Intrinsic Review

Conference Paper · September 2019

DOI: 10.1109/ICCUBEA47591.2019.9128483

CITATIONS READS

10 1,735

2 authors, including:

Prathamesh Churi
Narsee Monjee Institute of Management Studies
78 PUBLICATIONS 619 CITATIONS

SEE PROFILE

All content following this page was uploaded by Prathamesh Churi on 12 July 2020.

The user has requested enhancement of the downloaded file.

 Cybersecurity in Aviation : An Intrinsic Review
Prathamesh P. Churi
Navid Kagalwalla
Assistant Professor, Computer
B.Tech (Computer Engineering)
Engineering Department
Mukesh Patel School of Technology
Mukesh Patel School of Technology
Management and Engineering, NMIMS
Management and Engineering, NMIMS
University
University
Mumbai, India
Mumbai, India
navidkagalwalla27@gmail.com
prathamesh.churi@nmims.edu

Abstract—“The reality of today from a cyber-security point
of view – I think some of the top people predict that the next
big war is fought on cyber-security.” - Tim Cook
Cyber-security in aviation is the practice of protecting the
computer systems of airlines from threats and attacks which
could cause significant damage to both life and critical
resources. With the advent of new technologies such as IoT,
cloud computing and storage and machine learning, etc. which
are being used in aviation, the focus on securing the systems
from cyber-attacks pertaining to these technologies haven’t
been given much importance. The paper discusses the recent
need of cyber-security in aviation due to attacks which could
cripple the airline as well as cause significant loss of life. The
issues in securing the aviation sector from cyber-attacks stem
from a lack of resources, funds, skilled staff etc. Insider threat
and securing cutting edge operational technologies such as
SCADA, ICS also pose a problem. The paper explores the
challenges which plague the aviation sector in fighting cyber-
attacks successfully. Finally, this paper presents solutions on
how to tackle the issues present to make the aviation industry
safe from cyber-attacks
Keywords—Cyber-security, Aviation
I. INTRODUCTION
‘Cyber-security’ as defined by Cambridge’s dictionary is
“ways of protecting computer systems against threats such as
viruses”. With the advent of front-line and innovative
technology in aviation, all systems are now interconnected to
each other and the Internet is also only a click away, at any
time and at any place, even mid-air 35,000 feet above the
ground [1, 2]. While these cutting edge technologies are
great, the security problems they pose should be considered
and plans should be put in place to counter any threat [3].
Cyber-security in aviation is the way of protecting computer
systems against attacks in the aviation sector [4]. These
computer systems can be on ground such as back end servers
which contain valuable information or systems which
coordinate and facilitate flight operations to systems which
are mid-air during a flight such as inflight entertainment and
electronic flight bags. This paper discusses the need for
cyber-security in aviation and puts forth a solution which
could help prevent exploitation of any threats and
vulnerabilities.
A. Impact of IT systems in Aviation
The aviation industry is responding to the need for on-
aircraft technology with sophisticated, cutting edge wireless
network services. Internet is now easily available on
aircrafts [5, 6, 7]. Electronic Flight Bags (EFBs) and Inflight
Entertainment systems are now equipped to deliver rich
content such as sports, news etc. in near real time. With the
help of high speed connections to internetworked aircraft
systems, airlines have the ability to extend their reach of
operations and by making the aircraft work cohesively with
all the other aircrafts in the airline’s corporate network. Due
to the advent of IoT, cloud computing and storage and
machine learning it is now possible for airlines to automate
manual processes [8].
IoT, which is the process of connecting objects in the real
world to each other through the Internet. Air transport will
benefit a lot due to the development of IoT since it is
particularly a data-intensive business. Due to IoT, airlines
can now keep their planes in the air longer, with less time
spent on the ground for maintenance and safety which is
economical for airlines. Information on the status and
performance of individual parts of an aircraft, transmitted in
real time, can allow maintenance staff to see exactly how
well mechanical components are performing without having
to completely disassemble them [9]. Soon, with the help of
real time transmission of data, ground crews may have
access to a constant stream of performance and safety
information from an aircraft in flight. This reduces aircraft
downtime, improves performance and security and is more
economical for the airline. IoT will also help improve cargo
services and baggage handling. Lost luggage could become
a thing of the past with the help of location transmitters,
capable of broadcasting the exact location to the baggage
handling staff of an airline. Similarly, for cargo service
operations, tracking devices can be used to see where the
cargo is, even when the cargo plane is in flight. Cloud
computing is another breakthrough in technology which
impacts airlines. IT vendors can provide cloud setup
facilities remotely to an airline. Cloud based IT service
models are more flexible than platforms that are installed on
site and can scale as quickly as needed while allowing
airlines to reduce their use of resources when not needed.
The requirement for airline IT departments constantly
evaluating the state of their technology by regularly
upgrading themselves is also eliminated. Thus cloud
computing is a great fit for airlines.
II. NEED FOR CYBER-SECURITY IN AVIATION
With technology improving by leaps and bounds, aircraft
systems have started incorporating more technology to either
make work easier or to provide better service to passengers.
Various manual tasks are now being done using technology.
Various wireless interfaces such as IEE 802.11[10],
Bluetooth [11], cellular etc. are being implemented internal
and external to an aircraft. Systems such as Electronic Flight
Bags (EFB) are being used to improve efficiency of preflight
and post flight procedures and inflight decision making.
Inflight entertainment systems for passengers can now show
live video and audio and passenger communications such as
inflight cellular service and broadband are easily available.

978-1-7281-4042-1/19/$31.00 ©2019 IEEE

orized licensed use limited to: SVKM's NMIMS Mukesh Patel School of Technology Management & Engineering. Downloaded on July 12,2020 at 17:01:36 UTC from IEEE Xplore. Restrictions ap
 Internet access for email and web browsing are also now
available inflight. For example, there are approximately 1000
applications which are running when an Airbus A380 is in
the air [12]. While such technologies are designed to provide
quick and more efficient communications, these wireless
communication advances result in aircraft no longer
functioning as closed systems, thus increasing the likelihood
of cyber threats and risks. Thus an increase in use of
technology means more effort has to be focused on making it
secure. More resources and money have to be focused on
making sure no one can exploit these technologies. Since
these technologies are also being used mid-air, a
vulnerability if exposed midair can be disastrous. Also, a
cyber-attack on the network structure of the airline could
cripple the full airline causing huge damage. To prevent any
damage, Cyber-Security for an airline is a must. An airline
should form a complete and strong cyber security aviation
framework that is designed to protect both airborne and
ground-based assets from threats.
III. THREATS AND VULNERABILITIES PRESENT IN AVIATION
Protection of the core network in an airline is of utmost
importance. The major vulnerabilities present in airlines are
SSO authentication, network access control and distributed
denial of service (DDoS).
SSO (Single Sign-on) authentication is a centralized
session and user authentication service in which one set of
login credentials can be used to access multiple applications.
After getting authenticated on one designated platform, the
user can use a wide range of services without having to log
in and out each time. While this can be great for productivity,
IT monitoring and can reduce the risk of forgetting
passwords it poses a security issue. Full access to a users’
entitlements with one identity is a serious security issue.
With SSO, once an attacker is in, everything associated with
that single identity is accessible so there are no gates or
controls stopping total take over or compromise. In aviation
this proves to be a major vulnerability.
Network Access Control (NAC) is important for
controlling the security of devices that attach to a network. It
refers to the implementation of policies for controlling
devices and user access to networks. Due to the exponential
increase in IoT devices on the network, the integration of
network access control into firewalls and threat detection is
necessary. Personal phones, tablets and laptops of employees
which may be connected to the network of the airline pose a
significant threat since these don’t come pre-installed with
antivirus and may contain applications which can
compromise the security of the full network. Network access
control is advantageous since it allows access based on the
role of the employee. Thus any employee won’t have access
to key databases just because he/she is connected to the
airline network. Network access control can also reduce the
threat from advanced persistent threats (APTs). However,
implementing a NAC which is effective and works properly
is not easy and requires substantial money as well as constant
upgrading. Thus it is hard for airlines to implement NACs
since they have to not only look for access control for
employees but also for customers who may log in to the
network for booking a flight, asking for a refund etc.
A distributed denial of service (DDoS) attack targets
websites and online services. The aim is to overwhelm them
with more traffic than the server or network can
2019 5th International Conference on Computing Communication Control and Automation (ICCUBEA)
orized licensed use limited to: SVKM's NMIMS Mukesh Patel School of Technology Management & Engineering. Downloaded on July 12,2020 at 17:01:36 UTC from IEEE Xplore. Restrictions ap
accommodate. The goal is to render the website or service
inoperable. In aviation, it can also be used to ground a plane
or to render a mid-air plane inoperable. In 2015, the Polish
airline LOT experienced a denial of service attack against the
computer used to send flight instructions to planes that were
waiting to take off. At least 22 flights were delayed or
cancelled because the pilots sitting in the planes on the
tarmac could not receive their take-off instructions. A similar
DoS attack could be targeted at other airlines since most of
them use the same system to upload flight plans to planes.
Hackers could also upload fake and misleading flight plans
which could be disastrous. DDoS attacks can be carried out
in the cloud which could cause infrastructure congestion and
deplete system resources which could cripple the airline [13].
Leakage of confidential data and elevation of account
rights to privileged were also possible which could cause
havoc. IoT specific threats are also a possibility which if
exploited properly can even be used to bring an airplane
down. An insider within the aviation industry like airline
employees, current and former TSA employees, air traffic
controllers and others who understand the inner working of
how the aviation industry works are most likely to carry out
threats successfully since they know the protocols and easiest
targets to exploit. The vulnerabilities present can be used to
not only cripple the airline but to also bring down an aircraft,
thus causing massive casualties. Threats once exposed and
exploited also affects the reputation of the airline and leads
to huge losses in refunding disgruntled customers after the
airline gets crippled.
IV. CHALLENGES IN IMPLEMENTING CYBER-SECURITY IN
AVIATION
The major challenges that Cyber-Security in aviation faces
are a lack of resources, budget constraints and lack of know-
how in the field of Cyber-Security. The number of cyber
threats continues to grow exponentially every year, as do the
sophistication of those threats.
According to latest Airline IT Trends Survey from SITA in
2018, companies face significant headwind while
implementing Cyber-Security measures. A lack of resources
is a huge hurdle in implementing Cyber-Security in aviation
and it affects 78% of organizations. This is compounded by
the dearth of funds allotted to Cyber-Security budgets which
is a problem for 70% of organizations. The investments in
Cyber-Security by airlines and airports is increasing year on
year and expected to total 3.9 billion dollars [5]. Further,
another problem is that small regional airlines may not be
able to allocate enough to Cyber-Security in their budget as
international carriers do. This disparity in budget allocation
can also make smaller airlines susceptible to cyber-attacks.
The retention and recruitment of experts (47%) and the
facilities required for training staff (56%) is another issue
that executives face. To continually train staff to counter the
latest threats in Cyber-Security is not an easy task and
requires staff highly experienced in Cyber-Security as well
as resources to replicate the threat scenario. Skill and
expertise development will play an important role in the
protection of an airborne network environment from
cyberattacks [14].
Airlines needs to complement internal resources with
external skill. Securing operational technologies like
SCADA, ICS which are cutting edge is a problem for 38% of
 organizations. SCADA (Supervisory Control and Data
Acquisition) is technology which is proficient in secure
logging of data, access control and automation [15]. SCADA
is scalable, robust and reliable and should be used for critical
processes in aviation where security and performance are
paramount. The protection of data is considered essential and
is a problem for 49% of organizations. As new
functionalities and technologies are added to the aviation
industry, the number of attack vectors that need to be
analyzed increases. It is very hard to secure each and every
vector when the technological scenario is changing so fast.
Areas such as cloud, IoT which airlines widely use should
also be monitored and protected. Another challenge in
implementing Cyber-Security in aviation is the insider threat.
Insider threats refer to airline employees, employees who
work or used to work in the security department etc. who
know how the protocols and structure work and where the
weakness lies. To continually monitor the actions of
employees is a hard task.
V. PROPOSED SOLUTIONS TO IMPROVE CYBER-SECURITY IN
AVIATION
A formal risk assessment should be regularly conducted
by an airline. A strategy to make Aviation secure from cyber-
attacks involves a robust structure which includes
prevention, detection and reaction [16]. Each part plays a
crucial role in securing the aviation from cyber-attacks. An
important decision each airline must make is how much to
spend on the prevention, detection and reaction of cyber-
attacks. What may be financially viable for a regional aircraft
carrier having all aircrafts of the same type will be
insufficient for a global carrier flying to various destinations
around the world and having different types of aircrafts. To
develop a security framework which is effective a number of
steps should be followed:
• Assessing and understanding immediate dangers and
potential attacks
• Conducting research and development
• Providing incident response
• Defining design and operational principles
• Establishing common cyber standards for aviation
systems
The Cyber-Security budgets of airlines are growing and
spending is shifting towards detection and prevention
rapidly.
A. Prevention Techniques
Prevention forms the first line of defense in securing an
airline from cyberattacks. Implementing proactive,
reasonable and robust prevention measures is essential in
keeping an airline safe from cyberattacks. To implement
adequate prevention measures, a department dedicated to it
should be formed in each airline. Prevention from
cyberattacks not only involves this department, but includes
many other people from various other departments and
across hierarchies working in unison. Feedback and
communication plays a vital role in prevention. Information
of a vulnerability collected from any department which could
be exploited by a hacker should be brought to the notice of
the cyber-attack prevention department of the airline. The
2019 5th International Conference on Computing Communication Control and Automation (ICCUBEA)
orized licensed use limited to: SVKM's NMIMS Mukesh Patel School of Technology Management & Engineering. Downloaded on July 12,2020 at 17:01:36 UTC from IEEE Xplore. Restrictions ap
prevention department should be quick in fixing the
vulnerabilities. According to SITAs 2018 survey for latest
Airline IT Trends only 40% of airlines maintain an inventory
of critical business operations which indicates that there is a
missing link between business processes and IT systems.
Elements which play an important role in Prevention
Techniques Description
Building a culture of In cyber, failure of one department can affect
security the full airline. The department which seems
least susceptible to a cyber-attack and which
may not contain any critical information may
be used to cripple other departments and
subsequently bring the full airline to a halt.
Various departments in an airline may include
the back office IT, management, operations,
consumer facing systems, third party suppliers
that provide catering, hardware etc. Each of
these departments should incorporate Cyber-
Security awareness training programs.
According to SITA’s 2018 survey of latest
Airline IT Trends it was found that 76% of
respondents which included many CEOs,
CISOs, CIOs considered that employee
awareness and training are considered the most
important component in the defense against
cyber-attack.
Critical role of Board of An important role is played by the Board of
Directors Directors overseeing the operations of the
airline. To implement robust prevention
strategies, a devoted Chief Information
Security Officer (CISO) should be hired. They
play various roles they play in safeguarding
from cyberattacks are:
• Procurement – looking for counterfeit
and defected items from third party
vendors and suppliers.
• Maintenance – making sure systems are
up to date and working fine with the most
current level of security measures in
place.
• Operations – making sure that every
operation is being performed seamlessly
and no security aspect is being
overlooked.
• Management – each and every credible
information regarding a vulnerability is
taken seriously and vulnerabilities once
found are managed and patched properly.
• Information Technology – modernizing
the infrastructure and keeping a good IT
team in place to tackle any cyber-attack.
Proactive Approach Protecting an airline from cyber-attacks means
prioritizing which assets are most vulnerable
and at the same time which assets are most
valuable. Since it is too expensive to protect
each and every asset from cyber-attacks
efficiently, assets should be prioritized. Threats
should be categorized and identified at the
earliest. Zero day attacks can cripple an airline
and since such an attack is never seen before,
only if certain robust security measures are set
can normal state of operation be recovered fast.
Perpetrators, including nation states, organized
crime and individuals should be monitored for
illicit activities in the field of cyber-attacks.
Airlines can’t do this on their own and should
enlist the help of all existing tools possible,
both public and private. Many aircraft carriers
use cloud storage and big data to store their
confidential data. To prevent any intrusions
which could leak private data, periodic
penetration tests and mock cyber-attack drills
should be implemented. The IATA
(International Air Transport Association) has
 called for a partnership between industry,
governments and regulators to enhance
aviation security. IATA has a three pillar
strategy to help understand, define and assess
the threats and risk of cyber-attacks. These
pillars include risk management, advocacy and
reporting and communication [16]. In the US,
the Department of Homeland Security
established the Critical Infrastructure
Partnership Advisory Council (CIPAC) for
aviation as a public-private partnership to
counter the cyber risks affecting the industry.
Real time feed from threat intelligence
agencies can further be used by airlines to
enhance security.
Establish International International standards for Cyber-Security
Standards design and testing for airlines have been not
established. Since almost every aspect of
aviation now relies on computers, leaving it
potentially vulnerable to cyber-attacks, IATA
should take the lead and direct industry,
governments, regulators and manufacturers to
share best mitigation and safety practices.
Further, the CISOs of all airlines should have
informal alliances where they discuss possible
threats and ways to mitigate them. Better
sharing of airline cyber threats should be
facilitated between governments and airlines
worldwide and an association dedicated to this
should be established.
Supply Chain Risks Airlines should make sure that their partners
such as EFB (Electronic Flight Bags) and IFEC
(Inflight Entertainment and Wi-Fi
connectivity) providers perform regular
security audits and implement security
measures. Since smaller companies invest less
in security and implement weaker security
measures, airlines should make sure that
vendor contracts include regular security
assessments. The entire supply chain should be
regularly assessed for vulnerabilities.
Airlines should also make use of technologies and
programs which help maintain security against cyberattacks.
• Threat Intelligence
Airlines need to gather threat intelligence from both
internal and external sources. The .information got should be
verified and then fed into a 24 × 7 × 365 security operation
center (SOC) which prioritizes and tackles the threats.
Intelligence should be gathered from external sources like
governments and other airlines as well as internal sources
such as log information. Employee data should also be
verified. The security operation center (SOC) should be
headed by a committed group who are ready to tackle cyber
threats at any time of the day. The Aviation Information
Sharing and Analysis Center (A-ISAC) is an organization
which helps prepare for and tackle sector-specific threats,
vulnerabilities and eventualities.
• Identity and Access Management
Identity and Access Management is an important part of
security. It helps prevent cyberattacks since it makes sure
that only employees with a certain level of privilege can
access confidential information which if exposed could
cripple operations of the airline. Employee records and data
should be verified and updated regularly. To provide secure
access management, a multifactor authentication should be
used which involves authentication based something you
2019 5th International Conference on Computing Communication Control and Automation (ICCUBEA)
orized licensed use limited to: SVKM's NMIMS Mukesh Patel School of Technology Management & Engineering. Downloaded on July 12,2020 at 17:01:36 UTC from IEEE Xplore. Restrictions ap
have (token), something you know (password) and
something you are (biometrics).
• Data Encryption
Airlines should encrypt all data to prevent exploitation of
it by hackers. Data related to customers, employees and
aircrafts should be encrypted and stored on secure servers.
Encryption used should be of the highest security to make
exploitation of it harder.
• Design Security
Security measures should be implemented when building
and designing the application and not as an afterthought.
Adding security measures after the application is built is
more expensive and doesn’t address all the security concerns
properly. Airlines should build their applications after
consulting Cyber-Security specialists and should go through
exhaustive rounds of testing to prevent exploitation.
• Security Awareness
All airline personnel, not just the information and
security department should be aware of their role in
identifying and preventing cyberattacks. Employees should
be made to undergo basic cyberattack training. This training
is crucial since it could help to distinguish between a real
email and a phishing attack. The actions of just one unwitting
employee can lead to substantial loss of data for the full
airline. The weakest link in the fight against cyberattacks are
employees. To counter this, airlines should promote
awareness and training to help reduce attacks by way of
employee culpability.
B. Detection Techniques:
To detect security breaches, the techniques must keep up
with the constantly evolving set of threats. Detection systems
must always be a step ahead of the threat to be able to detect
it. Detection systems should have a holistic view of the full
system to be able to detect all sorts of cyberattacks. The
problem arises in the funding received for detection.
Prevention receives more funding as compared to detection
since prevention involves a known set of factors which are
tangible and provide easy to understand results. Encryption,
multifactor authentication are easier to understand and thus
get funding easily. Detection on the other hand contains
unknown perpetrators, threats and vectors which are always
changing. Since the number of cyberattacks possible are so
vast that making a cutting edge detection system would be
too expensive. The airline should regularly undergo cyber
threat and vulnerability assessments.
To ensure that the loss is minimum, airlines should
implement detection systems that act instantaneously, swiftly
and decisively. This also prevents the intruder from
temporarily pausing the attack and the hide elsewhere in the
enterprises networks. The various steps involved by which
airlines can implement a leading detection system is:
• Advanced technology and tools
Investments should be made in state of the art tools
which can detect a range of attacks. The airline can then use
these tools as the need be. Since most airlines use a cloud
based data storage system, intrusions detection systems
should be implemented to secure clouds.
• Integrate Protocols
 Protocols should be clearly defined beforehand. The
powers and actions of each employee should be specified
before an attack is detected. The way to deal with false
positives should also be clearly established.
• Build scalable and adaptable defense tools
The defense tools used should be ahead of the threats
which may occur. For this to happen, the tools used should
not be static and should be constantly upgraded to meet the
growing types of threats. The tools used should be able to
monitor the system which may grow with time.
• External Support and Collaboration
Airlines should tie up with external sources to help
combat cyberattacks. Threat intelligence should be shared
among airlines and between the airline and external partners
who help detect any breach in the system. Airlines can also
subscribe to certain tools which help detect any exploitation
before substantial damage occurs. Developers should provide
robust security as a part of their normal product line and
should be consistent with their protection and reliability
measures [17].
Airlines must have a plan in place if a cyberattack does in
fact get pass the prevention and detection systems put in
place. The reaction plan must be robust with decisive
protocols put in place so that no time is wasted in combating
the cyberattack. Airlines must have a list of its critical assets
which it must secure at a time of an attack. Customers,
employees and stake holders should be immediately notified
of a hit in services. Forensic data and any Trojan left behind
by an attacker should be found at the earliest by the Cyber-
Security department. Help should be enlisted from external
sources and intelligence agencies. The government and other
airlines should be informed of the cyberattack and on ways
to prevent it after the vulnerability has been found.
VI. CYBER-SECURITY FRAMEWORK FOR AN AIRLINE
In addition to the prevention, detection and reaction steps
an airline must have a threat database which determines the
severity of the attack. Appropriate action can be taken on
learning if the attack can affect airline systems. If the attack
is not part of the database, it should go under extensive risk
analysis and evaluation to check what could be the damage
caused. Further, the threat database should now be updated to
identify attacks which are of this type. A security update and
an incident response team can also be formed to patch this
vulnerability and make the system more robust. An
information security framework based on defense in depth,
active management and configuration control should be
implemented to make the framework holistic [18]. Defense
in depth emphasizes the need of an airline having a
multilayered approach to ensure that prevention, detection
and reaction cannot be compromised with a single threat
approach or disruption event [19]. Active management is the
continuous awareness of the network configuration. Both
scheduled and unscheduled events must be tracked.
Configuration control involves documenting all the changes
made to the information system. It involves keeping logs of
events in a well-documented manner. Configuration control
provides an organization with digital forensic readiness in
the event of a cyberattack.
2019 5th International Conference on Computing Communication Control and Automation (ICCUBEA)
orized licensed use limited to: SVKM's NMIMS Mukesh Patel School of Technology Management & Engineering. Downloaded on July 12,2020 at 17:01:36 UTC from IEEE Xplore. Restrictions ap
VII. CONCLUSION
Cyber-Security in aviation is a desideratum to help keep
the aviation sector free from incidents which can cause
severe loss to both life and resources. Technological
advancements in the IT Sector which impact aviation are
being developed at breakthrough speed. However, the
security and protection of these advents haven’t been focused
on which make them easy targets for attackers. The paper
discusses the need for Cyber-Security in aviation as well as
the threats and vulnerabilities which the aviation sector faces.
The threats and vulnerabilities faced are insider threats,
DDoS, network access control, single sign on authentication
etc. It explores the various challenges faced in implementing
Cyber-Security in aviation such as lack of resources, funds,
skilled staff and specialized training. The paper weighs up on
solutions which include prevention techniques such as
building a culture of Cyber-Security, role of board of
directors, proactive approach etc. and the various programs
and technologies such as threat intelligence, data encryption,
identity and access management, design security. The
detection techniques which include use of advanced
technology and tools, integrating protocols to include Cyber-
Security, etc. Finally, the reaction to a cyberattack which
includes having a robust contingency plan in place to curb
any loss. The future scope of the paper will be the
formulation and implementation of a successful model which
takes into consideration all points in the prevention, detection
and reaction plan to help make the aviation sector secure
from cyberattacks.
REFERENCES
[1] Peng, Y., Jiang, C., Xie, F., Dai, Z., Xiong, Q., & Gao, Y. (2012),
Industrial control system Cyber-Security research. Journal of
Tsinghua University Science and Technology, 52(10), 1396-1408.
[2] De Gramatica, M., Massacci, F., Shim, W., Tedeschi, A., & Williams,
J. (2015), IT interdependence and the economic fairness of Cyber-
Security regulations for civil aviation. IEEE Security &
Privacy, 13(5), 52-61.
[3] Nobles, C. (2019). Cyber threats in civil aviation. In Emergency and
Disaster Management: Concepts, Methodologies, Tools, and
Applications (pp. 119-141). IGI Global.
[4] Johnson, D. P. (2013). Civil Aviation and Cyber-Security.
[5] Shahbazian, E., & Rogova, G. (2016, November). Critical Aviation
Information Systems Cyber-Security. In Meeting Security Challenges
Through Data Analytics and Decision Support (Vol. 47, p. 308). IOS
Press.
[6] Mills, S., & Goldsmith, R. (2014). Cyber-Security challenges for
program managers. DEFENSE ACQUISITION UNIV FT BELVOIR
VA.
[7] McCarthy, C., & Harnett, K. (2014). National institute of standards
and technology (nist) Cyber-Security risk management framework
applied to modern vehicles (No. DOT HS 812 073). United States.
National Highway Traffic Safety
[8] Dawson, M., Eltayeb, M., & Omar, M. (Eds.). (2016). Security
solutions for hyperconnectivity and the Internet of things. IGI Global.
[9] Wolf, M., & Serpanos, D. (2017). Safety and security of cyber-
physical and internet of things systems [point of view]. Proceedings
of the IEEE, 105(6), 983-984.
[10] Crow, B. P., Widjaja, I., Kim, J. G., & Sakai, P. T. (1997). IEEE
802.11 wireless local area networks. IEEE Communications
magazine, 35(9), 116-126.
[11] IEEE Standards Association. (2005). IEEE 802.15: Wireless Personal
Area Networks (PANs).
[12] Szyliowicz, J. S. (2004). Aviation security: promise or
reality?. Studies in conflict & terrorism, 27(1), 47-63.
[13] Shahbazian, E., & Rogova, G. (Eds.). (2016). Meeting Security
Challenges Through Data Analytics and Decision Support (Vol. 47).
IOS Press.
 [14] De Cerchio, R., & Riley, C. (2011, October). Aircraft systems cyber
security. In 2011 IEEE/AIAA 30th Digital Avionics Systems
Conference (pp. 1C3-1). IEEE.
[15] Daneels, A., Salter, W., & CERN, G. (1999). Switzerland,“What is
SCADA?”. In International Conference on Accelerator and Large
Experimental Physics Control Systems, Trieste, Italy (Vol. 12, pp.
418-436).
[16] Mishra, D., & Mishra, A. (2010). Improving baggage tracking,
security and customer services with RFID in the airline industry. Acta
Polytechnica Hungarica, 7(2), 139-154.
[17] Neumann, P. G. (1997, January). Computer security in aviation:
Vulnerabilities, threats, and risks. In International Conference on
Aviation Safety in the 21st Century. White House Commission on
Safety and Security and George Washington University.
[18] Robert Rencher, Senior Systems Engineer, Associate Technical
Fellow; Stephen Whitlock, Chief Information Security Strategist,
Technical Fellow; and Faye Francy, BCA Enterprise Cyber Security
One Team Leader, Securing Airline Information on the Ground and in
the Air.
[19] Sampigethaya, K., & Poovendran, R. (2013). Aviation cyber–physical
systems: Foundations for future aircraft and air transport. Proceedings
of the IEEE, 101(8), 1834-1855.

2019 5th International Conference on Computing Communication Control and Automation (ICCUBEA)

orized licensed use

View limited to: SVKM's NMIMS Mukesh Patel School of Technology Management & Engineering. Downloaded on July 12,2020 at 17:01:36 UTC from IEEE Xplore. Restrictions ap
publication stats