MODEL OF FUNCTIONAL HAZARD ASSESSMENT IN AIR TRAFFIC MANAGEMENT SYSTEM REGARDING INFORMATION SECURITY THREATS

Main Article Content

Vladyslav Chernysh
https://orcid.org/0000-0002-0443-1946

Abstract

The threat to information security for the air navigation service providers represents a potential violation of information security of the information infrastructure elements in the air traffic management system such as communications, navigation and surveillance equipment, and the information and telecommunication systems. Typically, a threat results from the presence of vulnerable components in the protection of information technology as part of air navigation service providers’ activity. Most of the approaches and techniques of international aviation organizations and best-practices of air navigation service providers are focused on developing risk methods and models regarding aviation safety. A well-known problem with aviation safety risk assessment is that it does not take into account the information and cyber security threats. The subject of the article is exploration of methods and models for risk assessment of air navigation service providers. The purpose is the development of model of functional hazard assessment and set of information security requirements for air navigation service providers. The proposed model of functional hazard assessment differs from the known by detailing of information security sphere. The software model of functional hazard assessment was developed via MATLAB Fuzzy Logic Toolbox. Practical significance is that the obtained results allow air navigation service providers to make better decisions regarding management systems maturity improvement.

Article Details

How to Cite
Chernysh, V. (2020). MODEL OF FUNCTIONAL HAZARD ASSESSMENT IN AIR TRAFFIC MANAGEMENT SYSTEM REGARDING INFORMATION SECURITY THREATS. Advanced Information Systems, 4(4), 120–127. https://doi.org/10.20998/2522-9052.2020.4.17
Section
Methods of information systems protection
Author Biography

Vladyslav Chernysh, Non-governmental organization “Civil Aviation of Ukraine”, Kyiv

Chairman of the Board

References

ICAO Safety Management Manual (2018), Doc.9859 Fourth Edition.

ICAO Air Traffic Management Security Manual (2013), Doc.9985 First edition.

Air Code of Ukraine (2011), 19.05.2011 No. 3393-VI.

Rules for Certification of Entities Providing Air Navigation Services (2007), Order of the Ministry of Transport and Communication of Ukraine No. 42 dated 22.01.2007 (registered, Ministry of Justice of Ukraine on 07.02.2007 No. 104/13371).

Regulation for Safety Oversight in Air Traffic Management System (2010), approved by the Order of Ministry of Transport and Communications of Ukraine No. 320 dated on 31.05.2010 (registered, Ministry of Justice of Ukraine on 30.06.2010 No. 446/17741).

ICAO Aviation Cybersecurity Strategy (2019), available at: https://www.icao.int/cybersecurity/Pages/Cybersecurity-Strategy.aspx.

CANSO Standard of Excellence in Cybersecurity (2020), available at: https://canso.fra1.digitaloceanspaces. com/ uploads/2020/09/CANSO-Standard-of-Excellence-in-Cybersecurity.pdf.

EUROCONTROL; Safety Assessment Methodology (2006), Version 2.1, November 2006.

ESARR4: Risk Assessment and Mitigation in ATM (2001), available at: https://www.eurocontrol.int/sites/default/files/2019-06/esarr4-e10.pdf.

Acceptable means of compliance with ESARR 4 (2009), available at: https://www.eurocontrol.int/sites/default/files/2019-06/eam4-amc-e4.0.pdf.

ED 125, Process for Specifying Risk Classification Scheme and Deriving Safety Objectives in ATM “in compliance” with ESARR 4.

Chernysh V. I. (2020) “Research of information space and information flows of air navigation service providers”, Telecommunication and information technology, vol. 2 (2020), pp. 51 – 59.

Chernysh V.I., Zamula A.A. (2012) “Analytic hierarchy process for information risks assessment”, Scientific and technical conference with international participation "Computer modeling in high technology (KMNT-2012)". Conference materials, pp. 145-149.

Chernysh V.I. (2012) “Methodology for assessing information risks using Analytic hierarchy process” Radio electronic and computer systems, Vol.1 (53), pp. 46 – 50.

Saaty, Thomas, Alexander, Joyce (1989), Conflict Resolution: The Analytic Hierarchy Process. New York, New York: Praeger.

Shtobva S. D. (2007), Design of fuzzy systems using MATLAB, Hot line – Telecom, 288 p.

Leonenkov A.V. (2005), Fuzzy modeling in MATLAB and fuzzyTECH, BHV-Petersburg, 736 p.

Jin Y., Seelen W., Sendhoff B. (1999), “On generating flexible, complete, consistent and compact (FC3) fuzzy rules from data using evolution strategies”, IEEE Transactions on Systems, Man, and Cybernetics, No. 29 (4). pp. 829-845.

Sommestad T., Ekstedt M., Johnson P.A. (2010), “Probabilistic relational model for security risk analysis”, Computer & Security, Vol. 29, No. 6. pp. 659-679.

Sug B., Han I. (2003), “The IS risk analysis based on business model”, Information and Management, Vol. 41, No. 2. pp. 149-158.