Cybersecurity in Aviation: the STPA-Sec Method Applied to the TCAS Security

Resumo

This work presents the cybersecurity theme in the aviation ecosystem and a case study for the application of the STPA-Sec method, in the TCAS (Traffic Collision Avoidance System). The aviation community is benefiting from new levels of digitization and connectivity, but the effectiveness gained by increased digitization has led to increased levels of system vulnerabilities. Therefore, the work is focused on the application of the STPA method, aiming to increase security from the point of view of planned attacks, that is, intentional attacks, sabotage, malicious aircraft interference and how these attacks relate to events unplanned or unintended ralated to the “ghost aircraft” vulnerability of the TCAS. The STPA applied to neutralize the TCAS ghost aircraft attacks pointed out that the air collision avoidance system is a critical system as it involves loss of life or human injury, loss of critical data, damage to the aircraft, inability to complete primary missions, loss of customer satisfaction and loss of airline reputation. In this sense, the work highlights the importance of the role of STPA-Sec method in improving aircraft security and motivates redesign and updates to TCAS.