IT Security Management of Aircraft in Operation: A Manufacturer's View

Paper #:
  • 2011-01-2717

Published:
  • 2011-10-18
Citation:
Ladstaetter, G., Reichert, N., and Obert, T., "IT Security Management of Aircraft in Operation: A Manufacturer's View," SAE Technical Paper 2011-01-2717, 2011, https://doi.org/10.4271/2011-01-2717.
Pages:
12
Abstract:
Over the last few years, IT systems have quickly found their way onboard aircrafts, driven by the continuous pursuit of improved safety and efficiency in aircraft operation, but also in an attempt to provide the ultimate in-flight experience for passengers. Along with IT systems and communication links came IT security as a new factor in the equation when evaluating and monitoring the operational risk that needs to be managed during the operation of the aircraft. This is mainly due to the fact that security deficiencies can cause services to be unavailable, or even worse, to be exploited by intentional attacks or inadvertent actions.Aircraft manufacturers needed to develop new processes and had to get organized accordingly in order to efficiently and effectively address these new risks. To achieve this, the operational constraints of the aircraft needed to be taken into consideration since classical incident response and patching principles do not apply to the administration of aircraft systems. The next step was then to identify the factors (i.e. security events) that could impact the accepted security risk level when the aircraft systems are in-service.Three processes were defined in order to perform a holistic security management: implementation vulnerability management, security audit management and security incident management. These three processes grouped under the term “operational security management” have the sole objective to continuously and timely inform the risk owner of the security level of the aircraft system and hence enable him to formally accept the risk or launch actions to reduce the risk in order to minimize the impact on aircraft in operation. For this purpose, a tool was developed to collect and manage the information related to the three processes in a timely manner while adhering to existing standards. The tool also provides traceability of the decisions taken to address identified risks.
Access
Now
SAE MOBILUS Subscriber? You may already have access.
Buy
Select
Price
List
Download
$28.00
Mail
$28.00
Members save up to 42% off list price.
Share
HTML for Linking to Page
Page URL

Related Items

Technical Paper / Journal Article
2005-05-16
Book
2010-06-01
Technical Paper / Journal Article
2011-05-17
Technical Paper / Journal Article
2011-05-17
Technical Paper / Journal Article
2013-10-07
Technical Paper / Journal Article
2014-04-01
Technical Paper / Journal Article
2011-05-17