Aviation Cybersecurity and Cyber-Resilience: Assessing Risk in Air Traffic Management

  • Georgia LykouEmail author
  • George Iakovakis
  • Dimitris Gritzalis
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


Civil aviation is the safest transport mode in the world and probably also the most interconnected system of information and communication technology. Cyber-attacks are increasing in quantity and persistence, so the consequences of a successful malicious cyber-attack on civil aviation operations could be severe nowadays. New technologies, extension of connectivity and their integration in the aviation industry, especially in the field of Air Traffic Management (ATM), increase the risk to these critical assets. This chapter examines cyber security challenges and interoperability in ATM systems. We propose an extended threat model for analyzing possible targets and risks involved. We also introduce and analyze cyber resilience aspects in the aviation context and the need for holistic strategy of defense, prevention and response. Under the resilience umbrella, all actors should work on collaborative, risk-based framework to address security threats and increase the aviation systems resilience against future attacks.


Aviation cybersecurity Aviation cyber-resilience ATM cyber threats Air navigation services cybersecurity 


  1. 1.
    Lim B (2014) Aviation security – emerging threats from cyber security in aviation – challenges and mitigations. J Aviat ManagGoogle Scholar
  2. 2.
    Industry High-Level Group (IHLG) (2017) Aviation benefits 2017 reportGoogle Scholar
  3. 3.
    De Zan T, d’Amore F, Di Camillo F (2015) The Defence of civilian air traffic systems from cyber threatsGoogle Scholar
  4. 4.
    Kreuzer M, Kiesling T (2017) Recommendations to strengthen the cyber resilience of the air traffic system, ARIEL, Air Traffic ResilienceGoogle Scholar
  5. 5.
    Lykou G, Anagnostopoulou A, Gritzalis D (2018) Implementing cyber-security measures in airports to improve cyber-resilience, WIIoTS in the 2nd global IoT summitGoogle Scholar
  6. 6.
    Strohmeier M et al (2014) Realities and challenges of nextgen air traffic management: the case of ADS-B. IEEE Communations Magazine 52(5):111–118CrossRefGoogle Scholar
  7. 7.
    Strohmeier M et al (2016) Assessing the impact of aviation security on cyber power. In the 8th international conference on cyber conflict cyber powerGoogle Scholar
  8. 8.
    Strohmeier M et al (2016) On perception and reality inWireless air traffic communications securityGoogle Scholar
  9. 9.
    Costin A, Francillon A (2012) Ghost is in the air(traffic): on insecurity of ADS-B protocol and practical attacks on ADS-B devices. In black hat USAGoogle Scholar
  10. 10.
    The European Commission (2011) Commission regulation laying down common airspace usage requirements and operating procedures for airborne collision avoidance, no. 1332. European UnionGoogle Scholar
  11. 11.
    International Civil Aviation Organisation (2013) Initial capability for ground surveillance. In global air navigation plan 2013–20282Google Scholar
  12. 12.
    International Civil Aviation Organization (ICAO) (2017) Aviation security manual, 10th edition,
  13. 13.
    CANSO (2014) Cyber security and risk assessment. Civil Air Navigation Services OrganizationGoogle Scholar
  14. 14.
    Kumar S, Xu B (2017) Vulnerability assessment for security in aviation cyber-physical systems. IEEE 4th international conference on cyber security and cloud computingGoogle Scholar
  15. 15.
    Sampigethaya K, Poovendran R, Bushnell L (2008) Secure operation, control and maintenance of future E-enabled airplanes, Network Security Lab (NSL), EE Department, University of Washington, SeattleCrossRefGoogle Scholar
  16. 16.
    Lim B (2014) Aviation security – emerging threats from cyber security in aviation – challenges and mitigations, J Aviat ManagGoogle Scholar
  17. 17.
    Stander A, Ophoff J (2016) Cyber security in civil aviationGoogle Scholar
  18. 18.
    Jeyakodi D (2015) Cyber security in civil aviationGoogle Scholar
  19. 19.
    Stouffer K, Falco J, Scarfone K (2007) Guide to industrial control systems (ICS) security. Recommed. NIST., no. SP 800–82, pp 1–157Google Scholar
  20. 20.
    Theocharidou M et al (2016) D1.3-final lexicon of definitions related to critical infrastructure resilience, IMPROVER, European Union’s horizon 2020 researchGoogle Scholar
  21. 21.
    Lange D et al (2017) Framework for implementation of resilience concepts to critical infrastructure, IMPROVER, European Union’s horizon 2020 researchGoogle Scholar
  22. 22.
    EUROCONTROL (2012) Manual for national ATM security oversight, Eurocontrol PublicationsGoogle Scholar
  23. 23.
  24. 24.
    Delgado L, Cook A, Tanner G, Cristóbal S (2016) Quantifying resilience in ATM, in the proc. of 6th SESAR innovation days, Technical University of Delft, The NetherlandsGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Georgia Lykou
    • 1
    Email author
  • George Iakovakis
    • 1
  • Dimitris Gritzalis
    • 2
  1. 1.Information Security & Critical Infrastructure Protection (INFOSEC) Laboratory Department of InformaticsAthens University of Economics & Business (AUEB)AthensGreece
  2. 2.Department of InformaticsAthens University of Economics and BusinessAthensGreece

Personalised recommendations