The Missing Link: Aircraft Cybersecurity at the Operational Level 11-03-01-0003

Aircraft cybersecurity efforts have tended to focus at the strategic or tactical levels without a clear connection between the two. There are many excellent engineering tools already in widespread use, but many organizations have not yet integrated and linked them into an overarching “campaign plan” that connects those tactical actions such as process hazard analysis, threat modeling, and probabilistic methods to the desired strategic outcome of secure and resilient systems. This article presents the combined systems security engineering process (CSSEP) as a way to fill that gap.

Systems theory provides the theoretical foundation on which CSSEP is built. CSSEP is structured as a control loop in which the engineering team is the controller of the design process. The engineering team needs to have an explicit process model on how systems should be secured, and a control algorithm that determines what control actions should be selected. CSSEP’s process model postulates that security is best achieved by a balance of cybersecurity, cyber resiliency, defensibility, and recoverability and that control is best established by developing security constraints versus attempting to find every vulnerability. CSSEP then transmits those security constraints as requirements into the design process. The design process used in CSSEP is the prioritized integrated cyber assessment methodology (PICAM). PICAM includes four phases that are looped including mission analysis, cooperative testing, adversarial assessment, and secure design. Feedback is then presented back to the engineering team using the probabilistic mission risk analysis (PMRA) supported by test data to close the control loop.

CSSEP identifies the major functions needed to do effective aircraft cybersecurity and provides a flexible framework as the “missing link” to connect the strategic and tactical levels of aircraft cybersecurity.