CYBERSECURITY AND SAFETY IN MODERN AVIATION SYSTEMS: RISK ANALYSIS AND PREVENTION APPROACHES
Keywords:
cybersecurity, aviation, digitalAbstract
The aviation industry in the digital age relies on real-time data networks, from satellite navigation systems to ground-based operational analytics platforms, which enhance operational efficiency and resilience. However, cyber vulnerabilities are rapidly expanding, rendering traditional defense measures inadequate. The digital aviation industry, relying on real-time data, is increasingly vulnerable to cyber threats. The key idea is to use the NIST CSF 2.0 as a "grand plan" for how organizations should identify critical assets, prevent, monitor, respond, and recover from cyber incidents.
This academic article synthesizes a comprehensive picture of cyber risks across the entire aviation supply chain, from aircraft, air traffic management systems, airports, and the software supply chain. It also aligns defense approaches from key international standards, drawing on the International Aviation Framework for Aviation, with existing international standards, including ICAO A41-19, NIST SP 800-82 Rev. 2, and EASA Easy Access Rules 2024. The article also discusses jurisdictional responsibilities, regulatory consistency, cross-border oversight, and talent shortages. The report is from the International Information System Security Certification Consortium, Inc., a nonprofit professional association specializing in cybersecurity founded in the United States in 1989. "Building a Safer Cyber World" ISC2 identified a global cybersecurity gap of over 5 million jobs. Finally, it proposed a short-, medium-, and long-term roadmap to enhance cyber resilience and emphasized policy principles for all parties as auditable requirements in Europe. The FAA ASISP helped promote security-by-design, following the Aircraft Systems Information Security (ASISP) guidelines, a cybersecurity framework for aircraft systems from the Federal Aviation Administration (FAA) of the United States. These guidelines promote the secure and confidential reporting and exchange of cyber threat information related to civil aviation systems.
References
CAE. (2025). CAE Aviation Talent Forecast (Online). Available: file:///C:/Users/user/Downloads/2025_CAE_Aviation_Talent_Forecast.pdf [2025, June 19].
EUROCONTROL. (2025). Cybersecurity – making aviation more resilient (Online). Available: https://www.eurocontrol.int/cybersecurity [2025, May 2].
European Commission. (2023). Commission Implementing Regulation (EU) 2023/203 of 27 October 2022 (Online). Available: https://eur-lex.europa.eu/legal-ontent/EN/TXT/PDF/?uri=CELEX:32023R0203 [2025, July 2].
Federal Aviation Administration. (2020, August 14). FAA cybersecurity strategy (PL 115-254 Section 509). (Online). Available: https://www.faa.gov/sites/faa.gov/files/FAA_Cybersecurity_Strategy_PL_115-254_Sec509.pdf [2025, May 20].
GCAA. (2024). The UAE Civil Aviation Cybersecurity Policy (Online). Available: https:// www.gcaa.gov.ae/en/epublication/Shared%20Documents/UAE%20CIVIL%20AVIATION%20CYBERSECURITY%20POLICY%20Issue%201.pdf?utm_source=chatgpt.com [2025, September 4].
Huntley, R. (2024, October 18). GNSS jamming and spoofing are a daily occurrence (Online). Available: https://www.eetimes.eu/gnss-jamming-and-spoofing-are-a-daily-occurrence/ [2025, May 29].
International Air Transport Association. (2024, February 15). Aviation value chain: An analysis of investor returns in 2022 within the aviation value chain (Online). Available: https://www.iata.org/en/iata-repository/publications/economic-reports/aviation-value-chain/ [2025, September 4].
International Air Transport Association. (2024). IATA Annual Safety Report – 2024 Executive Summary and Safety Overview (Online). Available: https://www.iata.org/contentassets/a8e49941e8824a058fee3f5ae0c005d9/safety-report-executive-summary-and-safety-overview-2024_final.pdf [2025, July 21].
International Civil Aviation Organization. (2025). Doc 10213-Unrestricted Global cyber risk considerations (1st ed advance unedited) (Online). Available: https://www.icao.int/aviationcybersecurity/Documents/Doc%2010213%20%28Unedited%29%20-%20Global%20Cyber%20Risk%20Considerations.EN.pdf [2025, April 28].
ISC2. (2024, October 31). 2024 ISC2 Cybersecurity Workforce Study (Online). Available: https://www.isc2.org/Insights/2024/10/ISC2-2024-Cybersecurity-Workforce-Study [2025, June 11].
Lind, N., Saxon, S., Vik, K., & Bouwer, J. (2024, November 1). Aviation value chain: Strong recovery brings profitability into view (Online). Available: https://www.mckinsey.com/industries/travel/our-insights/aviation-value-chain-strong-recovery-brings-profitability-into-view [2025, September 4].
Plucinska, J., Insinna, V., & Pearson, J. (2024, January 25). Aviation sector seeks urgent solutions for GPS interference (Online). Available: https://www.reuters.com/business/aerospace-defense/aviation-sector-seeks-urgent-solutions-gps-interference-2024-01-24/ [2025, June12].
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Sripatum University Chonburi Campus
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
บทความทุกบทความเป็นลิขสิทธิ์ของวารสารวิชาการศรีปทุม ชลบุรี
