Cybersecurity in the Transportation Industry (eBook)
272 Seiten
Wiley (Verlag)
978-1-394-20445-8 (ISBN)
This book offers crucial solutions and insights on how transportation companies can enhance their cybersecurity management and protect their corporate reputation and revenue from the increasing risk of cyberattacks.
The movement of people and goods from one location to another has always been essential to human development and survival. People are now exploring new methods of carrying goods. Transportation infrastructure is critical to the growth of a global community that is more united and connected. The presented cybersecurity framework is an example of a risk-based method for managing cybersecurity risk. An organisation can find opportunities to strengthen and explain its management of cybersecurity risk by using its existing procedures and leveraging the framework. The framework can provide a foundation for businesses that do not currently have a formal cybersecurity program.
However, there is a strong temptation to give in when a transportation company is facing a loss of millions of dollars and the disruption of the worldwide supply chain. Automobile production, sales, trucking, and shipping are high-value industries for transportation enterprises. Scammers know that these corporations stand to lose much more in terms of corporate revenue and reputation than even the highest ransom demands, making them appealing targets for their schemes.
This book will address the increasing risk of cyberattacks and offer solutions and insight on the safety and security of passengers, cargo, and transportation infrastructure to enhance the security concepts of communication systems and the dynamic vendor ecosystem.
Imdad Ali Shah is pursuing his PhD in cybersecurity with a focus in smart society 5.0 challenges and healthcare. He has published over 15 articles, as well as one book on cybersecurity. He is an active researcher involved in several projects related to cybersecurity and smart society 5.0.
Noor Zaman Jhanjhi, PhD is an associate professor and director at the Center for Smart Society 5.0 [CSS5] and the cluster head for cybersecurity at the School of Computer Science and Engineering, Faculty of Innovation and Technology, Taylor's University, Malaysia. He has numerous highly indexed publications and international patents and has edited and authored more than 29 books. He has completed more than 22 internationally funded research grants and has served as a keynote speaker for several international conferences, presented several webinars worldwide, and chaired international conference sessions.
This book offers crucial solutions and insights on how transportation companies can enhance their cybersecurity management and protect their corporate reputation and revenue from the increasing risk of cyberattacks. The movement of people and goods from one location to another has always been essential to human development and survival. People are now exploring new methods of carrying goods. Transportation infrastructure is critical to the growth of a global community that is more united and connected. The presented cybersecurity framework is an example of a risk-based method for managing cybersecurity risk. An organisation can find opportunities to strengthen and explain its management of cybersecurity risk by using its existing procedures and leveraging the framework. The framework can provide a foundation for businesses that do not currently have a formal cybersecurity program. However, there is a strong temptation to give in when a transportation company is facing a loss of millions of dollars and the disruption of the worldwide supply chain. Automobile production, sales, trucking, and shipping are high-value industries for transportation enterprises. Scammers know that these corporations stand to lose much more in terms of corporate revenue and reputation than even the highest ransom demands, making them appealing targets for their schemes. This book will address the increasing risk of cyberattacks and offer solutions and insight on the safety and security of passengers, cargo, and transportation infrastructure to enhance the security concepts of communication systems and the dynamic vendor ecosystem.
1
Cybersecurity Issues and Challenges in Civil Aviation Security
Imdad Ali Shah1*, N.Z. Jhanjhi1 and Sarfraz Brohi2
1School of Computing Science, Taylor’s University, Kuala Lumpur, Selangor, Malaysia
2University of the West of England (UWE), Bristol, United Kingdom
Abstract
It is crucial to remember that security protocols for civil aviation are constantly updated and assessed to reflect new threats and technological advancements. Even though these precautions greatly increase security, there is always a chance of hijacking. However, the objective is to reduce the risk of such situations occurring and to assure immediate response and resolution in the event that they do. Aviation security is an essential aspect of modern-day air travel. It involves a range of measures designed to protect passengers, crew, and aircraft from unlawful interference such as hijacking, terrorism, and sabotage. The software components of these systems are increasingly at risk due to their interconnectedness. These concerns are expected to increase as the aviation industry rolls out increasingly electronic-enabled planes and smart airports. Trends and lessons from a 20-year analysis of aviation cybersecurity risks and attack surfaces might guide future frameworks to defend a vital industry. Cybercriminals, especially nation-state actors and terrorists, are increasingly drawn to the aviation industry as it grows more digitised and dependent on wireless technology. Malicious actors can take advantage of vulnerabilities in designing and implementing the vast number of linked devices and subsystems. The aim of this chapter is to provide an overview of the aviation infrastructure’s weak spots in terms of the threat actors and attack methods that are most likely to be used during persistent attack operations. The sector will benefit from the analyses by better understanding its current and future cybersecurity measures. According to information currently available, state actors and persistent advanced threat groups working together to enhance local aviation capacities and track, permeate, and compromise the abilities of other sovereign countries pose the greatest risks to the aerospace industry. Malicious hacking is the most common attack on the aviation industry’s computer infrastructure. Air Traffic Management (ATM) uses Safety Management Systems (SMS) to implement safety policies, practices, and procedures in compliance with international standards. SMS effectiveness is crucial to ATM safety in a changing operating environment. The primary objective of this chapter is to peer-review civil aviation security issues and challenges. Our recommendations and ideas will help the civil aviation industry and new researchers.
Keywords: Cybersecurity risk, aviation, security issues and challenges and management systems
1.1 Introduction
Protecting airports, airspace, aircraft, passengers, crew, and the public, checked and carry-on luggage, freight, mail, and food service supplies from criminal activities like hijacking, sabotage, and terrorism is what aviation security is all about.
Concerns about the durability of existing cybersecurity protection frameworks have arisen considering the continued trend toward greater Information and Communications Technology (ICT) tools and mechanical instruments that are often employed in the field of aviation. With the introduction of “smart airports” and “e-enabled aircraft infrastructures,” the aviation industry faces new challenges, one of which is meeting the sector’s requirements for cybersecurity compliance [1–3]. When it comes to connecting different countries, the aviation industry is in a prime position. Since even seemingly minor mistakes can have catastrophic results, such as the loss of life or the exposure of sensitive information belonging to stakeholders, employees, and customers, or the theft of credentials, intellectual property, or intelligence, it is crucial that the infrastructures supporting its operational integrity be robust [4–6]. Significant threat actors are working with state actors to steal aerospace secrets and improve their own domestic aerospace capabilities while also monitoring, infiltrating, and subverting the capabilities of other countries. The operational security of a vital sector of the economy must be safeguarded from cybercriminals, making it an urgent priority to develop and deploy effective cyber defences. Figure 1.1 presents the cyberattack types.
The fact that there are so many airports in the United States (5,080 public and 14,556 private as of 2019) may have something to do with the high number of occurrences. Britain tops the list of countries attacked by a wide margin, with the rest of Europe coming in second at a rate of 44%. Airports in Africa have never been the target of a cyberattack, and Asia ranks third with 8%. The frequency with which airports were closed and the length of time aeroplanes were grounded because of cyber incidents varies [7–9]. We compile information from the literature on the various types of cyber-attacks, the actors behind them, and their motivations. Figure 1.2 presents the cyberattacks in aviation.
Figure 1.1 Cyberattacks by type.
The third section analyses the recorded cyberattacks over the past two decades, while the fourth identifies potential entry points for cybercriminals in airports and aviation systems. Cybersecurity threats in the civil aviation sector are discussed. Although traditional risks may appear differently during and after the Covid-19 pandemic, incident management, teamwork, and security assurance remain critically important throughout [10–12]. Furthermore, the sector must consistently adapt to the evolving regulations and challenges imposed by the global security environment to expand and evolve its operations. While bolstered security is always an advantage, it can also boost operational efficiencies inside a company, strengthen relationships between airports, airlines, and aviation authorities, and increase consumer happiness.
Figure 1.2 Cyberattacks on aviation.
The chapter focuses on the following points:
- Peer-reviews cybersecurity measures in civil aviation
- Technologies in the civil aviation sector
- Security issues and challenges in the civil aviation sector
- Cyberattacks and hijacking incidents in the aviation industry
- Cyber issues and challenges.
1.2 Literature Review
There are several threats to civil aviation that must be addressed with consistent resources. To overcome these obstacles and guarantee the safety of air travel for passengers and crew, a cooperative strategy including governments, airlines, airports, and security agencies is essential. Cybersecurity is a major concern in the aviation industry because of the widespread adoption of digital technologies. Aircraft and their data are vulnerable to cyber risks such as hacking, malware, and phishing [13–15]. The aviation industry, including airports and airlines, is susceptible to insider threats from anyone having access to restricted areas, such as employees. Airline security relies heavily on the screening of passengers. Procedures for screening passengers and their belongings must be thorough enough to identify forbidden objects, including firearms, explosives, and other harmful materials. Passenger screening has certain benefits, but it also has drawbacks, such as lengthy lines, delays, and privacy issues [16–19]. Aviation security must continually adapt to new and emerging threats [20], including drones, which could be used for terrorist attacks or other malicious purposes, and new types of explosives or weapons that are difficult to detect. Civil aviation security is a global issue that requires international coordination and cooperation. The lack of consistency in security measures across different countries and regions can create vulnerabilities and increase the risk of incidents. Figure 1.3 presents the cyberattack types.
Figure 1.3 Cyberattack types.
North America is home to the most cyberattacks in the aviation industry, with 11 of the 26 occurrences occurring in the United States of America (USA) and only one in Canada. There were 5,080 public and 14,556 private airports in the United States in 2019, according to [21–23]. Therefore, the high number of occurrences may be related to this high concentration of airports. Britain tops the list of countries attacked by a wide margin, with the rest of Europe coming in second at a rate of 44%. Airports in Africa have never been the target of a cyberattack, and Asia ranks third with 8%. The frequency with which airports closed and the length of time airplanes were grounded because of cyber incidents varies. Figure 1.4 shows the Taxonomy of Civil Aviation Security.
The likelihood of cyber mishaps has increased due to the growing dependence on data integrity and privacy for the efficient operation of daily commercial operations. A significant pillar of the development of [24–26] next-generation systems, increased automation opens more entry points for malicious actors. According to Cyber Risk International [27–30], the proliferation of cybersecurity threats is due to a confluence of factors, including digital...
| Erscheint lt. Verlag | 2.7.2024 |
|---|---|
| Sprache | englisch |
| Themenwelt | Mathematik / Informatik ► Informatik ► Theorie / Studium |
| ISBN-10 | 1-394-20445-0 / 1394204450 |
| ISBN-13 | 978-1-394-20445-8 / 9781394204458 |
| Haben Sie eine Frage zum Produkt? |
EPUB (Adobe DRM)Größe: 7,2 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
