Affiliation:
1. Jotron AS Ringdalskogen 8 3270 Larvik Norway
2. University of South‐Eastern Norway Kongsberg Norway
Abstract
AbstractRising levels of risk as cyber‐attackers look to exploit system vulnerabilities threatens the Air Traffic Control industry. Attacks on Air Navigation Service Providers' communications systems may lead to airspace closure and even cause safety issues. This paper presents a novel Model‐Based Systems Engineering method that enables systems engineers, in collaboration with system security and software engineers, to perform threat‐modeling analysis of cyber‐physical systems early in the system development process and incorporate mitigation strategies into the system design. The proposed model‐based method covers few security concepts, including misuse cases, system assets, threats, risks, vulnerabilities, and security control identification. The study found that the proposed method is suitable for conducting security analysis for complex cyber‐physical systems early in the system development process.
Reference24 articles.
1. Misuse cases: use cases with hostile intent
2. Apvrille L. &Roudier Y.(2013). SysML-Sec: A SysML environment for the design and development of secure embedded systems. APCOSEC Asia-Pacific Council on Systems Engineering Sep.8–11 Yokohama Japan.
3. EUROCONTROL. (2021).EUROCONTROL EATM-CERT Services Aviation under attack: Faced with a rising tide of cybercrime is our industry resilient enough to cope? 5 July.
4. Geismann J. Gerking C. &Bodden E.(2018). Towards ensuring security by design in cyber-physical systems engineering processes.ACM International Conference Proceeding Series 123–127.https://doi.org/10.1145/3202710.3203159