Aviation cyber security: legal aspects of cyber threats

Abstract

The aim of this paper is show how existing legal frameworks applied to civil aviation might be relevant in the context of cyberspace. Security threats to civil aviation operations have become more sophisticated and challenging to deal with. One that is emerging, and arguably even more complicated and sophisticated to manage, is the cyber-attack. This article is interdisciplinary as it briefly defines cyber-attack and describes the nature of the threat it poses to aviation and society generally, but also focuses on the international legal instruments that are available to address cyberterrorism and reflects on the challenges faced by aviation through cyberspace. Conclusions offer some food for thought on the article’s conclusions and on possible developments in the relationship between civil aviation and cyber security.

This is a preview of subscription content, access via your institution.

Notes

  1. 1.

    Fox, S.J. Flying challenges for the future: Aviation preparedness – in the face of cyber-terrorism. J Transp Secur 9, Fox 2016, 206; R. Abeyratne, Cyber Terrorism and Aviation–National and International Response, 4 J. Transp. Sec., no. 4, Dec. Abeyratne, 2011, 337–340; M. Klenka, Aviation Safety: Legal Obligations of States and Practice, J Transp Secur (Klenka 2017) 10: 127, 127; P. Tyson, Cybersecurity Challenges in Aviation, 1–2, available at: https://www.advisenltd.com/wp-content/uploads/2016/06/ cybersecurity-challenges-in-aviation-ABC-paper-2016–06-07.pdf; EUROCONTROL. Aviation Intelligence Unit. Think Paper #3—August 2019. Cyber Security in aviation. Available at: https://www.eurocontrol.int/sites/default/files/2020-01/eurocontrol-think-paper-3-cybersecurity-aviation.pdf.

  2. 2.

    R. Abeyratne, Cyber Terrorism and Aviation–National and International Response, 4 J. Transp. Sec., no. 4, Dec. Abeyratne, 2011, 337, 340; see also Ruwantissa Abeyratne, The Beijing Convention on the Suppression of Unlawful Acts Relating to International Civil Aviation–An Interpretative Study, 113.

  3. 3.

    B. Lim, Aviation Security: Emerging Threats from Cyber Security in Aviation – Challenges and Mitigations, J. Aviation Mgmt. 83 (Lim 2014), 83, Available at: http://www.saa.com.sg/saaWeb2011/export/sites/saa/en/Publication/downloads/EmergingThreats_CyberSecurityinAviation_ChallengesandMitigations.pdf

  4. 4.

    M. Pierides, et al., Cybersecurity and the Aviation Sector: Recent Incidents Highlight Unique Risks, Pillsbury Law (August 24, Pierides et al. 2015), https://www.pillsburylaw.com/images/content/1/1/v2/1196/AlertAug2015GlobalSourcingCybersecurityandTheAviationSector.pdf.

  5. 5.

    D. Jeyakodi, Cyber Security in Civil Aviation, Aviation & Space J., no.4, Oct.–Dec. Jeyakodi 2015, 2.

  6. 6.

    NIST, Cybersecurity Framework, https://www.nist.gov/cyberframework

  7. 7.

    H. O. Simmons, Cybersecurity in Aviation: Constant Vigilance Required, 82 J. Air L. & Com. 771 (Simmons 2017), 802.

  8. 8.

    Fox, S.J. Flying challenges for the future: Aviation preparedness – in the face of cyber-terrorism. J Transp Secur 9, Fox 2016, 197–198.

  9. 9.

    W. L. Tafoya, Cyber Terror, FBI Law Enforcement Bulletin (November 1, Tafoya 2011), https://leb.fbi.gov/articles/featured-articles/cyber-terror

  10. 10.

    R. Abeyratne, Aviation Cyber Security: A Constructive Look at the Work of ICAO, 41 Air & Space Law 25, 26–29 (Abeyratne 2016).

  11. 11.

    U.S. Gov’t Accountability Office, GAO/AIMD-98–155, Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety (1998).

  12. 12.

    R. A. Clarke & Robert K. Knake, Cyber War: The Next Threat to National Security and What to Do About It, 11 (2010) (Clarke and Knake 2010). In: Oona A. Hathaway et al., The Law of Cyber-Attack, 100 Cal. L. Rev. 817, 823 (Hathaway et al. 2012).

  13. 13.

    T. Gjelten, Extending the Law of War to Cyberspace, National Public Radio (Sept. 22, Gjelten 2010), https://www.npr.org/templates/story/story.php?storyId=130023318. In: O. A. Hathaway et al., The Law of Cyber-Attack, 100 Cal. L. Rev. 817, 823 (Hathaway et al. 2012).

  14. 14.

    M. C. Libicki, What Is Information Warfare? 77 (Libicki 1995). In: O. A. Hathaway et al., The Law of Cyber-Attack, 100 Cal. L. Rev. 817, 824 (Hathaway et al. 2012).

  15. 15.

    O. A. Hathaway et al., The Law of Cyber-Attack, 100 Cal. L. Rev. 817, 822–32 (Hathaway et al. 2012).

  16. 16.

    R. Abeyratne, Cyber Terrorism and Aviation–National and International Response, 4 J. Transp. Sec., no. 4, Dec. Abeyratne, 2011, 337–40.

  17. 17.

    Fox, S.J. Flying challenges for the future: Aviation preparedness – in the face of cyber-terrorism. J Transp Secur 9, Fox 2016, 197; Fox, S.J. CONTEST’ing Chicago origins and reflections: lest we forget!, Int. J. Private Law, Vol. 8, No. 1, Fox 2015, pp.73–98.

  18. 18.

    D. Jeyakodi, Cyber Security in Civil Aviation, Aviation & Space J., no.4, Oct.-Dec. Jeyakodi 2015, 3–6.

  19. 19.

    R. Abeyratne, Cyber Terrorism and Aviation–National and International Response, 4 J. Transp. Sec., no. 4, Dec. Abeyratne, 2011, 340–42.

  20. 20.

    E. Iasiello, Getting Ahead of the Threat: Aviation and Cyber Security, Aerospace America, July-Aug. Iasiello 2013, 22, 24–25.

  21. 21.

    T. Schóber et al., Present and Potential Security Threats Posed to Civil Aviation, 4 INCAS Bulletin, no. 2, Apr.–June Schóber et al., 2012, 169, 173–174.

  22. 22.

    A. Cohen, Cyberterrorism: Are We Legally Ready?, 9 J. Int’l Bus. & L., no. 1, 2010, 6.

  23. 23.

    A. Gendron & M. Rudner, Assessing Cyber Threats to Canadian Infrastructure, 23, https://www.canada.ca/en/security-intelligence-service/corporate/publications/assessing-cyber-threats-to-canadian-infrastructure.html

  24. 24.

    E. Iasiello, Getting Ahead of the Threat: Aviation and Cyber Security, Aerospace America, July-Aug. Iasiello 2013, 25; T. De Zan et al., The Defence of Civilian Air Traffic Systems from Cyber Threats, Instituto Affari Internazionali, Dec. De Zan et al., 2015, at 21–25; Fox, S.J. Flying challenges for the future: Aviation preparedness – in the face of cyber-terrorism. J Transp Secur 9, Fox 2016, 198.

  25. 25.

    J. A. Urban, Not Your Granddaddy's Aviation Industry: The Need to Implement Cybersecurity Standards and Best Practices Within the International Aviation Industry, 27 Alb. L. J. Sci. & Tech. 62 (Urban 2017).

  26. 26.

    E. Iasiello, Getting Ahead of the Threat: Aviation and Cyber Security, Aerospace America, July-Aug. Iasiello 2013, 25.

  27. 27.

    Industrial Control Systems Cyber Emergency Response Team. For the report see: ICS-CERT, ICS-CERT Monitor, Sep. 2014–Feb. 2015, https://ics-cert.us-cert.gov/monitors/ICS-MM201502.

  28. 28.

    T. De Zan et al., The Defence of Civilian Air Traffic Systems from Cyber Threats, Instituto Affari Internazionali, Dec. De Zan et al., 2015, 25–27.

  29. 29.

    T. De Zan et al., The Defence of Civilian Air Traffic Systems from Cyber Threats, Instituto Affari Internazionali, Dec. De Zan et al., 2015, 27–28.

  30. 30.

    E. Iasiello, Getting Ahead of the Threat: Aviation and Cyber Security, Aerospace America, July-Aug. Iasiello 2013, 25; Int’l Civil Aviation Org., Coordinating Cybersecurity Work (Aug. 26, (2016).

  31. 31.

    T. Schóber et al., Present and Potential Security Threats Posed to Civil Aviation, 4 INCAS Bulletin, no. 2, Apr.–June Schóber et al. 2012, 173.

  32. 32.

    M. N. Schmidt. Tallinn Manual 2.0 on the International Law applicable to Cyber Operations. Schmidt 2017. Cambridge University Press, 259.

  33. 33.

    E. Iasiello, Getting Ahead of the Threat: Aviation and Cyber Security, Aerospace America, July-Aug. Iasiello 2013, 22–23.

  34. 34.

    M. Strohmeier et al., Assessing the Impact of Aviation Security on Cyber Power, 8 Int’l Conf. on Cyber Conflict, 223, 224–28, https://www.cs.ox.ac.uk/files/8266/cycon_strohmeier.pdf.

  35. 35.

    A. Stander & J. Ophoff, Cyber Security in Civil Aviation, 1 Imam J. Applied Scis., no. 1, 2016, 23–24; Fox, S.J. Flying challenges for the future: Aviation preparedness – in the face of cyber-terrorism. J Transp Secur 9Fox, 2016, 193.

  36. 36.

    Int’l Civil Aviation Org., Civil Aviation Cyber-Security: Possible Actions by Regulators and Stakeholders (Aug. 9, 2016); Int’l Civil Aviation Org., Coordinating Cybersecurity Work (Aug. 26, (2016)).

  37. 37.

    M. N. Schmidt. Tallinn Manual 2.0 on the International Law applicable to Cyber Operations. Schmidt 2017. Cambridge University Press, 259.

  38. 38.

    P. Dempsey, Aviation Security: The Role of Law in the War Against Terrorism, 651.

  39. 39.

    Chicago Convention, Art. 3(d).

  40. 40.

    This 1984 amendment to the Chicago Convention “reaffirm[s] the principle of non-use of weapons against civil aircraft in flight.” Protocol Relating to an Amendment to the Convention on International Civil Aviation, pmbl., May 10,1984,23 I.L.M. 705.

  41. 41.

    O. A. Hathaway et al., The Law of Cyber-Attack, 100 Cal. L. Rev. 868 – 869.

  42. 42.

    O. A. Hathaway et al., The Law of Cyber-Attack, 100 Cal. L. Rev. 870.

  43. 43.

    Available at: https://www.icao.int/Security/SFP/Pages/SecurityManual.aspx

  44. 44.

    D. Jeyakodi, Cyber Security in Civil Aviation, Aviation & Space J., no.4, Oct.–Dec.Jeyakodi 2015, 7 – 9.

  45. 45.

    A. Cohen, Cyberterrorism: Are We Legally Ready?, 9 J. Int’l Bus. & L., no. 1, 2010, 23 – 24.

  46. 46.

    https://www.icao.int/Newsroom/Pages/Beijing-Convention-to-enter-into-force-on-1-July-2018.aspx

  47. 47.

    R. Abeyratne, Cyber Terrorism and Aviation–National and International Response, 4 J. Transp. Sec., no. 4, Dec. Abeyratne, 2011, 342 – 343.

  48. 48.

    D. Jeyakodi, Cyber Security in Civil Aviation, Aviation & Space J., no. 4, Oct.–Dec. Jeyakodi 2015, 9 – 11.

  49. 49.

    CYBER RESILIENCE IN CIVIL AVIATION A39-WP/99 EX/45, TE/26 27/7/16. p. 1 – 3.

  50. 50.

    R. Abeyratne (2019) Legal Priorities in Air Transport, 192–193.

  51. 51.

    ICAO. Cybersecurity. Civil Aviation Cybersecurity. 2019. Available at: https://www.icao.int/cybersecurity/Pages/default.aspx.

  52. 52.

    Available at: https://www.icao.int/cybersecurity/Documents/A40-10.pdf

  53. 53.

    R. Abeyratne (2020) Aviation in the Digital Age. Legal and Regulatory Aspects, 134–136.

  54. 54.

    R. Abeyratne (2020) Aviation in the Digital Age. Legal and Regulatory Aspects, 175.

  55. 55.

    Judge Stein Schjolberg. The Third Pillar for Cyberspace. An International Court or Tribunal for Cyberspace. Available at: http://www.cybercrimelaw.net/documents/Draft_Treaty_text_on_International_Criminal_Tribunal_for_Cyberspace.pdf

  56. 56.

    IATA. Aviation Cyber Security Toolkit. Available at: http://www.iata.org/publications/store/Pages/aviation-cyber-security-toolkit.aspx

  57. 57.

    D. Jeyakodi, Cyber Security in Civil Aviation, Aviation & Space J., no. 4, Oct.–Dec. Jeyakodi 2015, 11 – 14.

  58. 58.

    R. Ellis, V. Mohan (Ellis and Mohan 2019). Rewired Cybersecurity Governance. Wiley, 75.

  59. 59.

    Fox, S.J. Flying challenges for the future: Aviation preparedness – in the face of cyber-terrorism. J Transp Secur 9, Fox 2016, 214–215; Klenka, M. Major incidents that shaped aviation security. J Transp Secur 12, 39–56 (Klenka 2019).

  60. 60.

    E. Iasiello, Getting Ahead of the Threat: Aviation and Cyber Security, Aerospace America, July-Aug. Iasiello 2013, 25.

  61. 61.

    D. Jeyakodi, Cyber Security in Civil Aviation, Aviation & Space J., no. 4, Oct.–Dec. Jeyakodi 2015, 14 – 17.

References

  1. Abeyratne R (2011) Cyber Terrorism and Aviation--National and International Response, 4 J. Transp. Sec., no. 4

  2. Abeyratne R (2016) Aviation cyber security: a constructive look at the work of ICAO, 41 air and space law 25, 26–29

  3. Abeyratne R (2019) Legal Priorities in Air Transport. Springer Nature Switzerland AG

  4. Abeyratne R (2020) Aviation in the digital age. legal and regulatory aspects. Springer Nature Switzerland AG

  5. Abeyratne R (n.d.) The Beijing Convention on the Suppression of Unlawful Acts Relating to International Civil Aviation--An Interpretative Study

  6. Chicago Convention (n.d.)

  7. Clarke RA, Knake RK (2010) Cyber war: the next threat to National Security and What to Do About It, 11

  8. Cohen, Cyberterrorism (2010) Are we legally ready?, 9 J. Int’l Bus. & L., no. 1, 2010

  9. CYBER RESILIENCE IN CIVIL AVIATION A39-WP/99 EX/45 (n.d.) TE/26 27/7/16

  10. De Zan T et al 2015 The Defence of Civilian Air Traffic Systems from Cyber Threats, InstitutoAffari Internazionali

  11. Dempsey P (n.d.) Aviation security: the role of law in the war against terrorism

  12. Ellis R, Mohan V (2019) Rewired Cybersecurity Governance. Wiley

    Google Scholar 

  13. EUROCONTROL (2019) Aviation intelligence unit. Think Paper #3 - August 2019. Cyber Security in aviation. Available at: https://www.eurocontrol.int/sites/default/files/2020-01/eurocontrol-think-paper-3-cybersecurity-aviation.pdf2020-01/eurocontrol-think-paper-3-cybersecurity-aviation.pdf. Accessed 21 Mar 2021

  14. Fox SJ (2015) CONTEST’ing Chicago origins and reflections: lest we forget! Int J Private Law 8(1):73–98

    Article  Google Scholar 

  15. Fox SJ (2016) Flying challenges for the future: aviation preparedness – in the face of cyber-terrorism. J Transp Secur 9:191–218

    Article  Google Scholar 

  16. Gendron A, Rudner M (n.d.) Assessing cyber threats to Canadian infrastructure. Available at: https://www.canada.ca/content/dam/csis-scrs/documents/publications/CyberTrheats_AO_Booklet_ENG.pdf. Accessed 21 Mar 2021

  17. Gjelten T (2010) Extending the Law of War to Cyberspace, National Public Radio

  18. Hathaway OA et al (2012) The Law of Cyber-Attack, 100 Cal. L. Rev

  19. Iasiello (2013) Getting ahead of the threat: aviation and cyber security aerospace America

  20. IATA (n.d.) Aviation cyber security toolkit. Available at: http://www.iata.org/publications/store/Pages/aviation-cyber-security-toolkit.aspx. Accessed 21 Mar 2021

  21. ICAO (2019) Cybersecurity. Civil aviation cybersecurity. Available at: https://www.icao.int/cybersecurity/Pages/default.aspx. Accessed 21 Mar 2021

  22. Industrial Control Systems Cyber Emergency Response Team (n.d.) For the report see: ICS-CERT, ICS-CERT Monitor, Sep. 2014–Feb. 2015. Available at: https://us-cert.cisa.gov/ics/monitors/ICS-MM201502. Accessed 21 Mar 2021

  23. Int’l Civil Aviation Org., Civil Aviation Cyber-Security (2016) Possible actions by regulators and stakeholders

  24. Int’l Civil Aviation Org., Coordinating Cybersecurity Work (2016)

  25. Jeyakodi (2015) Cyber Security in Civil Aviation, Aviation & Space J., no.4

  26. Judge Stein Schjolberg (n.d.) The third pillar for cyberspace. An International Court or Tribunal for Cyberspace. Available at: https://www.cybercrimelaw.net/documents/140626_Draft_Treaty_text.pdf. Accessed 21 Mar 2021

  27. Klenka M (2017) Aviation Safety: Legal Obligations of States and Practice. J Transp Secur 10:127

    Article  Google Scholar 

  28. Klenka M (2019) Major incidents that shaped aviation security. J Transp Secur 12:39–56

    Article  Google Scholar 

  29. Libicki MC (1995) What is information warfare? 77

  30. Lim (2014) Aviation Security: Emerging Threats from Cyber Security in Aviation – Challenges and Mitigations, J. Aviation Mgmt. 83

  31. Pierides M et al (2015) Cybersecurity and the Aviation Sector: Recent Incidents Highlight Unique Risks, Pillsbury Law

  32. Schmidt MN (2017) Tallinn Manual 2.0 on the International Law applicable to Cyber Operations. Cambridge University Press

  33. Schóber T et al (201) Present and potential security threats posed to civil aviation, 4 INCAS Bulletin, no. 2

  34. Simmons HO (2017) Cybersecurity in Aviation: Constant Vigilance Required, 82 J. Air L. & Com. 771

  35. Stander and Ophoff J (2016) Cyber Security in Civil Aviation, 1 Imam J. Applied Scis., no. 1

  36. Strohmeier M et al (n.d.) Assessing the impact of aviation security on cyber power, 8 Int’l Conf. on Cyber Conflict. Available at: https://www.cs.ox.ac.uk/files/8266/cycon_strohmeier.pdf. Accessed 21 Mar 2021

  37. Tafoya WL (2011) Cyber Terror, FBI Law Enforcement Bulletin

  38. Tyson P (2016) Cybersecurity challenges in aviation. Available at: https://www.advisenltd.com/wp-content/uploads/2016/06/cybersecuritychallenges-in-aviation-ABC-paper-2016-06-07.pdf. Accessed 21 Mar 2021

  39. U.S. Gov’t Accountability Office, GAO/AIMD-98–155 (1998) Air traffic control: weak computer security practices jeopardize flight safety

  40. Urban JA (2017) Not Your Granddaddy's Aviation Industry: The Need to Implement Cybersecurity Standards and Best Practices Within the International Aviation Industry, 27 Alb. L. J. Sci. & Tech. 62

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Michal Klenka.

Ethics declarations

Disclaimer

The views and opinions expressed in this article are those of the author and cannot be considered as the official policy, position, or opinions of the Supreme Court of the Slovak Republic.

Additional information

Publisher's note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Klenka, M. Aviation cyber security: legal aspects of cyber threats. J Transp Secur (2021). https://doi.org/10.1007/s12198-021-00232-8

Download citation

Keywords

  • Cyber threats
  • Aviation security
  • Legal framework
  • Civil aviation

JEL Classification

  • K33
  • K38