nach oben

Journal of Transportation Security

Erschienen in:

01.12.2016

Flying challenges for the future: Aviation preparedness – in the face of cyber-terrorism

verfasst von: Sarah Jane Fox

Erschienen in: Journal of Transportation Security | Ausgabe 3-4/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Transport has always been, and will continue to be, a means to serve to eradicate world inequalities bringing relief and salvation across the globe and no transport mode more so perhaps than aviation. However, aviation has served as both the salvation and the aggressor, having also itself been the victim of terrorist attacks. Arguably (to date) in 2016, the world could consider itself fortunate not to have witnessed a devastating cyber-terrorist attack on an aircraft. Certainly concerns were raised after the disappearance of MH370 in terms of cockpit tampering; and yet, these reports only touched upon the surface of an effervescing iceberg – set to erupt into a tsunami of devastation. The question inevitably remains ‘when’ rather than ‘if’ this will occur. This research reviews the vulnerability of air travel and the preparedness of the industry in terms of coordination (prevention and protection) from the perspective of policy, legislation (regulation) and organisation.

Vorheriger Artikel Conceptualizing maritime security for energy transportation security

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Agenda 21 made specific reference to transport in several of the chapters, for example Chapter 9 on Atmosphere and Chapter 7 on Human Settlement. At the 2012 UN Conference on Sustainable Development (Rio + 20) the ‘Future We Want’ outcome document emphasised that transport and mobility had a crucial role to play in sustainable living.

The Telegraph. Jonathan Pearlman. ‘MH370: New evidence of cockpit tampering as investigation into missing plane continues.’ 29 June, 2014. Sydney, Australia.

Also see: (Fox 2015)

Hwa Chong Institution www2.hci.edu.sg [Accessed 8 April, 2016].

In this respect the Reign of Terror was instigated by Maxmillien Robespierra, who was one of twelve heads of government and used the justification of such as a necessity to transform the state from a monarchy to liberal democracy.

www.crimemuseum.org

un.org [Accessed 8 April, 2016]

United States Treaties and Other International Agreements, Vol. 22, part 2 (1971), p. 1644. See FN. 11.

Ibid., Vol. 24, part 1 (1973), p. 568. See FN. 11.

Resolution XXVII – 2114th plenary meeting, 18 December 1972.

United Nations Security Council, Resolution 579 (1985) Adopted by the Security Council at its 2637th Meeting, Para’s. 1 and 5; see also SC President Statement 8 October [online] http://www.worldlii.org/int/other/UNSCRsn/1985/ [accessed 26 December 2013, 27 April 2016].

9 December 1994.

As within the Annex at I.3.

Also see discussion within Fox (2015).

‘The Convention on Offences and Certain Other Acts Committed on Board Aircraft, signed at

Tokyo on 14 September 1963, the Convention for the Suppression of Unlawful Seizure of Aircraft, signed at The Hague on 16 December 1970, the Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation, concluded at Montreal on 23 September 1971, the Convention on the Prevention and Punishment of Crimes against Internationally Protected Persons, including

Diplomatic Agents, adopted in New York on 14 December 1973, the International Convention against the Taking of Hostages, adopted in New York on 17 December 1979, the Convention on the Physical Protection of Nuclear Material, adopted at Vienna on 3 March 1980, the Protocol for the Suppression of Unlawful Acts of Violence at Airports Serving International Civil Aviation, supplementary to the Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation, signed at Montreal on 24 February 1988, the Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation, done at Rome on 10 March 1988, the Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf, done at Rome on 10 March 1988, and the Convention on the Marking of Plastic Explosives for the Purpose of Detection, done at Montreal on 1 March 1991.’

United Nations Manual on the Prevention and Control of Computer-related Crime, International Review of Criminal Policy, Series M, Nos. 43–44 (United Nations publication, Sales No. E.94.IV.5.)

Also see: United Nations Resolution on Combating the Criminal Misuse of Information Technologies GA RES 55/63, UNGA 55th Session, 81st Plenary Meeting UN Doc. A/RES/55/63 (2001).

“The World in 2014: ICT facts and figures” (Geneva, 2014).

A/RES/60/288 – September 2006.

First quote in paper – see the lead-in, within the introduction. (COM 2011).

For further discussions concerning aviation terrorism, see Fox (2015).

Authors definition based upon UK Government document by the CESG The Information Security Arm of GCHQ ‘Common Cyber Attacks: Reducing The Impact.’

‘Hacking’ is applied to a technical effort to manipulate the normal behaviour of network connections and systems which are connected. Whilst it is often cited that malicious attacks on computer networks are officially known as cracking, as hacking is often applied to activities having good intentions.

‘Jacking’ refers to the emission of radio signals aiming at disturbing the transceivers operations, ‘Advances in Intelligent Systems and Computing International Joint Conference’, SOCO’13-CISIS’13- ICEUTE’13, Springer, 2014.

Whilst ‘spoofing’ refers to a faked/false sending address of a transmission to gain illegal unauthorized entry into a secure system, Cyber Security Glossary, http://niccs.us-cert.gov/

A widely held view by cybersecurity analysis – see the ‘bizplus’ report, 02 October. 2015.

Patrick Ky (Director of EASA speaking at the Association de Journalistes Profeeionnels de l’Aéronautique et de l’Espace (AJPAE) in 2015 making reference to an ICAO report the previous year (2014). See also < http://www.scmagazineuk.com/european-aviation-body-warns-of-cyber-attack-risk-against-aircraft/article/444487/>

Supra. FN. 19 & 20.

See the report by The International Federation of Air Line Pilots’ Associations (IFALPA), Cyber threats: who controls your aircraft? 5 June, 2013.

http://www.ifalpa.org/store/14POS03%20-%20Cyber%20threats.pdf [Accessed 30 April, 2015]

Security Experts Warn Airlines Face Threat of Cyber Attacks,’ Sydney Morning Herald, July 6, 2015.

Also see, Jeffrey Dastin, ‘United Airlines awarded hackers millions of frequent flier miles for uncovering gaps in the company’s cybersecurity.’ Reuters, Jul. 16, 2015.

‘China-Tied Hackers That Hit U.S. Said to Breach United Airlines’ Bloomsberg, July 29, 2015 http://www.bloomberg.com/news/articles/2015-07-29/china-tied-hackers-that-hit-u-s-said-to-breach-united-airlines [Accessed 11 April, 2016]

‘Hackers successfully ground 1400 passengers.’ CNN Politics, June, 22, 2015.

http://edition.cnn.com/2015/06/22/politics/lot-polish-airlines-hackers-ground-planes/ [Accessed 11 April, 2016].

Also see other headlines - ‘Polish Airline, Hit By Cyber Attack, Says All Carriers Are At Risk’, Reuters, June 22, 2015, Warsaw/Frankfurt

GAO, ‘FAA Needs to Address Weaknesses in Air Traffic Control Systems.’ Jan., 2015.

To contextualise the actual scope the FAA concludes that this relates to ‘more than 19,000 airports, nearly 600 air traffic control facilities, and approximately 65,000 other facilities, including radar, communications nodes, ground-based navigation aids, computer displays, and radios, intended to provide safe and efficient flight services for the public. Over 46,000 FAA personnel and approximately 608,000 pilots operate about 228,000 aircraft within the NAS, including up to 2850 flights at any given moment.’

Operational use is on a continuous basis, 24 hours a day, and every day of the year.

Pursuant to Title III of the E-government Act of 2002 (P.L. 107–347).

GAO, ‘FAA Needs to Address Weaknesses in Air Traffic Control Systems.’ Jan., 2015.

Ibid.

The President’s Commission on Critical Infrastructure Protection, Critical Foundations: Protecting America’s Infrastructures

http://www.iwar.org.uk/cip/resources/pccip/report_index.html [Accessed 5 May, 2016]

Speech to the National Academy of Sciences. Keeping America Secure for the twenty-first Century. Proc Natl Acad Sci U S A. 1999 Mar 30; 96(7): 3486–3488. http://www.ncbi.nlm.nih.gov/pmc/articles/PMC34291/ [Accessed 15 May, 2016]

CPNI - ‘Cyber Security in Civil Aviation’ (Centre for the Protection of the Critical Infrastructure) August 2012.

In this regard, it should be noted that this paper concerns the legislative and regulatory framework.

The bombing of Pan American flight (Pan-Am) 103 over Lockerbie in 1988.

Ibid.

See the Sixty-eighth session, ‘Developments in the field of information and telecommunications in the context of international security.‘24 June, 2013. A Report from the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security.

The Group was established pursuant to paragraph 4 of General Assembly Resolution A/RES/66/24, Developments in the field of information and telecommunications in the context of international security.

Wolter, Detlev. “The UN Takes a Big Step Forward on Cybersecurity”, Arms Control Today, 43, September 2013, http://www.armscontrol.org/act/2013_09/The-UN-Takes-a-Big-Step-Forward-on-Cybersecurity [Accessed 30 April 2016]

Convention on Cybercrime ETS 185 – Convention on Cybercrime, 23.XI.2001 (Budapest).

For example A/RES/70/125 (17th Session) Resolution adopted by the General Assembly on 16 December 2015 in relation to the Outcome document of the high-level meeting of the General Assembly on the overall review of the implementation of the outcomes of the World Summit on the Information Society.

The legal analysis, Baldor, offered that cyber-terrorism is the ‘premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.’

Lolita Baldor, “Cyber Security Added to US-Australia Treaty,” Security on NBCNews.com 2011, http://www.msnbc.msn.com/id/44527648/ns/technology_and_science-security/t/cyber-security-added-us-australia- treaty/ [Accessed 12 April 2016].

Supra. FN. 37.

Harold Hongju Koh, Legal Advisor U.S. Department of State, speaking at a USCYBERCOM Inter-Agency Legal Conference, Ft. Meade, MD, 18, September 2012.

Like cyber-terrorism there remains no clear definition or understanding as to what constitutes cyberwar/cyberwarfare.

Catherine A. Theohary and John W. Rollins. ‘Cyberwarfare and Cyberterrorism: In Brief.

Congressional Research Service. 7–5700 www.crs.gov R43955. 27 March, 2015.

See amongst other sources: http://ec.europa.eu/transport/modes/air/safety/index_en.htm [Accessed 12 April, 2016]

The others being: air navigation capacity and efficiency, environmental protection and the economic development of air transport.

Convention on International Civil Aviation (1944) Doc. 7300. (Also known as the Chicago Convention)

Emphasis added.

See further discussions within, Fox (2014a).

Ibid.

Emphasis added. ‘Aviation unites on cyber threat.’ MONTRÉAL, 10 December 2014.

Ibid. http://www.icao.int/Newsroom/Pages/aviation-unites-on-cyber-threat.aspx [Accessed 30 April, 2016]

Emphasis added.

Supra. FN. 52 & 53.

Singapore, 9–10 July 2015.

Emphasis added. ‘Aviation unites on cyber threat.’ MONTRÉAL, 10 December 2014.

Convention on International Civil Aviation (1944) Doc. 7300.

Doc 8973 - restricted

Doc 9985 – restricted.

Department of Defense – Defense Science Board (DBS), Task Force on Resilient Military Systems and the Advanced Cyber.’ January, 2013

EU data: Digital Single Market: Cybersecurity & Privacy – (last updated on 11/04/2016–17:01)

https://ec.europa.eu/digital-single-market/en/cybersecurity-privacy [Accessed 1 May, 2016]

AIAA Decision Paper, ‘A Framework for Aviation Cybersecurity.’ August 2013

High Level Conference ‘Protecting Civil Aviation Against Terrorists.’ Brussels, 27 September 2011

http://ec.europa.eu/transport/modes/air/events/doc/2011-09-27-avsec-conclusions.pdf [Accessed 1 May, 2016]

Ibid.

https://threatintelligencetimes.com/tag/dvla-hacked/ [Accessed 1 May, 2016]

http://business.financialpost.com/news/mining/goldcorp-inc-confirms-it-was-hacked-begins-investigation-to-determine-full-scope-of-breach [Accessed 1 May, 2016]

‘A report in the British newspaper The Guardian found the passports surprisingly easy to read and copy. Using a device purchased for £250, a Guardian reporter was able to view and copy information from several of the new passports’: see https://www.eff.org/deeplinks/2006/11/british-rfid-passports-easily-hacked referring to:

https://www.theguardian.com/technology/2006/nov/17/news.homeaffairs [Accessed 1 May, 2016]

http://www.bbc.co.uk/news/technology-33650491 [Accessed 1 May, 2016]

High Level Conference ‘Protecting Civil Aviation Against Terrorists.’ Brussels, 27 September 2011

http://ec.europa.eu/transport/modes/air/events/doc/2011-09-27-avsec-conclusions.pdf [Accessed 1 May, 2016].

European Aviation Crisis Coordination Cell (EACCC) was given a legal basis in Commission Regulation (EU) No 677/2011 of 7 July 2011 on the ATM network functions (under Chapter IV, Articles 18 and 19) which set the requirements for its establishment and the responsibilities of the Network Manager to support the EACCC.

Proposal for a Directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union. COM(2013) 48 final. Brussels, 7 February, 2013.

Agreement was reached on the Commission’s proposal on 7 December 2015 and the draft proposal for the NIS Directive was published 11 days later. On 14 January 2016, the EU’s Internal Market Committee voted to support the political agreement.

It should be noted that the EU is active within an EU-US Working Group on Cybersecurity and Cybercrime, as well as an active participant of the Organisation for Economic Co-operation and Development (OECD), the United Nations General Assembly (UNGA), the International Telecommunication Union (ITU), the Organisation for Security and Co-operation in Europe (OSCE), the World Summit on the Information Society (WSIS) and the Internet Governance Forum (IGF).

http://www.computerweekly.com/feature/What-the-EUs-cyber-security-bill-means-for-UK-industry [Accessed 1 May, 2016]

Following the second reading it was adopted by the European Parliament on 6 July 2016.

The Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions: Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace. JOIN(2013) 1 final. Brussels, 7 February, 2013.

This followed the attacks committed by a married couple with ties to fundamentalist jihadists in San Bernadino, California, in 2015.

EU Press Release, ‘Commission takes steps to strengthen EU cooperation in the fight against terrorism, organised crime and cybercrime.’ Strasbourg, 28 April 2015

Rene Marsh, ‘Airlines Get More Than 50 Online Threats Since January 17.’ CNN Politics.

http://www.cnn. com/2015/01/28/politics/airlines-online-threats-50/ [Accessed 1 May, 2016]

Chapter 4 of Annex 17 – (2011 and 2014 amendments).

United Nations Manual on the Prevention and Control of Computer-related Crime, International Review of Criminal Policy, Series M, Nos. 43–44 (United Nations publication, Sales No. E.94.IV.5.

United Nations Manual on the Prevention and Control of Computer Related Crime, International Review of Criminal Policy nos. 43 and 44 (1999).

Resolution 49/158 of 23 December 1994 on strengthening the United Nations crime prevention and criminal justice programme.

Also see: United Nations Resolution on Combating the Criminal Misuse of Information Technologies GA RES 55/63, UNGA 55th Session, 81st Plenary Meeting UN Doc. A/RES/55/63 (2001).

Supra. FN. 63.

AIAA Decision Paper, ‘A Framework for Aviation Cybersecurity.’ August 2013

See the discussions within: Fox (2015).

ICAO Doc. 9960, Signed at Beijing on 10 September 2010 [accessed 15 April 2016].

Ibid - See the discussions within: Fox (2015).

ICAO Doc. 9960, Signed at Beijing on 10 September 2010 [accessed 15 April 2016].

Ibid.

IATA: Total passengers set to double to 7 billion by 2034. Press Release No.: 55. 26 November 2015

Ibid.

Cisco, ‘The Zettabyte Era—Trends and Analysis’. [Online]. Available: http://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual- networking-index-vni/VNI_Hyperconnectivity_WP.html. [Accessed 24 April 2014].

ABC News (Melissa Clarke) ‘Globally, terrorism is on the rise - but little of it occurs in Western countries.‘17 Nov 2015. http://www.abc.net.au/news/2015-11-17/global-terrorism-index-increase/6947200 [Accessed 20 May, 2016].

Guardian Newspaper report by Ewan MacAskill. 18 November, 2014. http://www.theguardian.com/uk-news/2014/nov/18/fivefold-increase-terrorism-fatalities-global-index [accessed 20 May, 2016].

Abeyratne RIR (2011) ‘The Beijing Convention of 2010 on the suppression of unlawful acts relating to international civil aviation – an interpretative study’. Journal of Transportation Security 4(2):131–143CrossRef

Martin Avery (2010) ‘Muskoka Terror G8: Activist and Terrorist From Huntsville to Algonquin Park’ Lulu.com.

Blackbourn, J., Davis, F.F. and Taylor, N.C. (2012) ‘Academic consensus and legislative definitions of terrorism: applying Schmid and Jongman’, Statute Law Rev., 19 November, doi:10.1093/slr/hms041 [online] http://slr.oxfordjournals.org (accessed 13 April 2016)

COM (2011) 144 (final) ‘Roadmap to a Single European Transport Area – Towards a competitive and resource efficient transport system.’ Brussels, 28.3.2011.

Fox S (2014a) ‘The evolution of aviation in times of war and peace: blood, tears, and salvation’. International Journal on World Peace 31(4):49–79

Fox SJ (2014b) To practice justice and right’ international aviation liability: have lessons been learnt? International Journal of Public Law and Policy 4(4):162–182

Fox SJ (2015) CONTEST’ing Chicago origins and reflections: lest we forget! Int. J. Private Law 8(1):73–98CrossRef

Fox S (2016) Single European Skies: Functional Airspace Blocks – Delays and Responses. Air & Space Law 41(3):201–228

Peter G Neumann (1997) Computer security in aviation: Vulnerabilities, Threats, and Risks international conference on aviation safety and security in the twenty-first Century, 13–15 January 1997; White House Commission on safety and security, and George Washington University

Saul B (2005) Definition of ‘terrorism’ in the UN Security Council: 1985–2004. Chinese Journal of International Law 4(1):141–166CrossRef

Weinberg L, Pedahzur A, Hirsch-Hoefler S (2004) The challenges of conceptualizing terrorism. Terrorism and Political Violence 16(4):777–794. doi:10.1080/095465590899768 (accessed 1 April 2016)CrossRef

Titel: Flying challenges for the future: Aviation preparedness – in the face of cyber-terrorism
verfasst von: Sarah Jane Fox
Publikationsdatum: 01.12.2016
Verlag: Springer US
Erschienen in: Journal of Transportation Security / Ausgabe 3-4/2016
Print ISSN: 1938-7741
Elektronische ISSN: 1938-775X
DOI: https://doi.org/10.1007/s12198-016-0174-1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 3-4/2016

Road safety challenges in Pakistan: an overview

Conceptualizing maritime security for energy transportation security

Socioeconomic development and the risk of maritime piracy

Using sensor network for passengers prescreening in air transport

Premium Partner