Risk Assessment Techniques for Civil Aviation Security

Following the 9/11 terrorists attacks a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimisation of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyse the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness

Why We Cannot (Yet) Ensure the Cybersecurity of Safety-Critical Systems

There is a growing threat to the cyber-security of safety-critical systems. The introduction of Commercial Off The Shelf (COTS) software, including Linux, specialist VOIP applications and Satellite Based Augmentation Systems across the aviation, maritime, rail and power-generation infrastructures has created common, vulnerabilities. In consequence, more people now possess the technical skills required to identify and exploit vulnerabilities in safety-critical systems. Arguably for the first time there is the potential for cross-modal attacks leading to future ‘cyber storms’. This situation is compounded by the failure of public-private partnerships to establish the cyber-security of safety critical applications. The fiscal crisis has prevented governments from attracting and retaining competent regulators at the intersection of safety and cyber-security. In particular, we argue that superficial similarities between safety and security have led to security policies that cannot be implemented in safety-critical systems. Existing office-based security standards, such as the ISO27k series, cannot easily be integrated with standards such as IEC61508 or ISO26262. Hybrid standards such as IEC 62443 lack credible validation. There is an urgent need to move beyond high-level policies and address the more detailed engineering challenges that threaten the cyber-security of safety-critical systems. In particular, we consider the ways in which cyber-security concerns undermine traditional forms of safety engineering, for example by invalidating conventional forms of risk assessment. We also summarise the ways in which safety concerns frustrate the deployment of conventional mechanisms for cyber-security, including intrusion detection systems

Safety arguments for next generation location aware computing

Concerns over the accuracy, availability, integrity and continuity of Global Navigation Satellite Systems (GNSS) have limited the integration of GPS and GLONASS for safety-critical applications. More recent augmentation systems, such as the European Geostationary Navigation Overlay Service (EGNOS) and the North American Wide Area Augmentation System (WAAS) have begun to address these concerns. Augmentation architectures build on the existing GPS/GLONASS infrastructures to support locationbased services in Safety of Life (SoL) applications. Much of the technical development has been directed by air traffic management requirements, in anticipation of the more extensive support to be offered by GPS III and Galileo. WAAS has already been approved to provide vertical guidance against ICAO safety performance criteria for aviation applications. During the next twelve months, we will see the full certification of EGNOS for SoL applications. This paper identifies strong similarities between the safety assessment techniques used in Europe and North America. Both have relied on hazard analysis techniques to derive estimates of the Probability of Hazardously Misleading Information (PHMI). Later sections identify significant differences between the approaches adopted in application development. Integrated fault trees have been developed by regulatory and commercial organisations to consider both infrastructure hazards and their impact on non-precision RNAV/VNAV approaches using WAAS. In contrast, EUROCONTROL and the European Space Agency have developed a more modular approach to safety-case development for EGNOS. It remains to be seen whether the European or North American strategy offers the greatest support as satellite based augmentation systems are used within a growing range of SoL applications from railway signalling through to Unmanned Airborne Systems. The key contribution of this paper is to focus attention on the safety arguments that might support this wider class of location based services

Selective Screening of Rail Passengers, MTI 06-07

The threat of another major terrorist attack in the United States remains high, with the greatest danger coming from local extremists inspired by events in the Middle East. Although the United States removed the Taliban government and destroyed al Qaeda’s training camps in Afghanistan, events in Europe and elsewhere have shown that the terrorist network leadership remains determined to carry out further attacks and is capable of doing so. Therefore, the United States must systematically conduct research on terrorist strikes against transportation targets to distill lessons learned and determine the best practices for deterrence, response, and recovery. Those best practices must be taught to transportation and security professionals to provide secure surface transportation for the nation. Studying recent incidents in Europe and Asia, along with other research, will help leaders in the United States learn valuable lessons—from preventing attacks, to response and recovery, to addressing the psychological impacts of attacks to business continuity. Timely distillations of the lessons learned and best practices developed in other countries, once distributed to law enforcement, first responders, and rail- and subway-operating transit agencies, could result in the saving of American lives. This monograph focuses on the terrorist risks confronting public transportation in the United States—especially urban mass transit—and explores how different forms of passenger screening, and in particular, selective screening, can best be implemented to reduce those risks

Managing Environmental, Health, and Safety Risks: A Comparative Assessment of the Minerals Management Service and Other Agencies

This study compares and contrasts regulatory and related practices—in particular, regulatory decisionmaking, risk assessment and planning processes, inspection and compliance, and organization structure, budgets, and training—of the Minerals Management Service (MMS, now the Bureau of Ocean Energy Management, Regulation, and Enforcement, or BOEMRE) with those of the Federal Aviation Administration (FAA) and the Environmental Protection Agency (EPA). Comparing MMS practices with those of other federal agencies that also manage low-probability but high-consequence environmental risks provides a basis for identifying opportunities for enhancing regulatory capacity and safety performance in managing deepwater energy exploration and production. Our research finds important differences in processes for setting standards; peer review contribution to the rulemaking process; establishment of tolerable risk thresholds; and training of key staff. The paper concludes with several recommendations for how various EPA and FAA practices might be modified and used at BOEMRE to strengthen its regulatory and risk management processes.Minerals Management Service, Federal Aviation Administration, Environmental Protection Agency, risk management

The future of UAS: standards, regulations, and operational experiences [workshop report]

This paper presents the outcomes of "The Future of UAS: Standards, Regulations and Operational Experiences" workshop, held on the 7th and 8th of December, 2006 in Brisbane, Queensland, Australia. The goal of the workshop was to identify recent international activities in the Unmanned Airborne Systems (UAS) airspace integration problem. The workshop attracted a broad cross-section of the UAS community, including: airspace and safety regulators, developers, operators and researchers. The three themes of discussion were: progress in the development of standards and regulations, lessons learnt from recent operations, and advances in new technologies. This paper summarises the activities of the workshop and explores the important outcomes and trends as perceived by the authors

Cost-benefit analysis of Australian Federal Police counter-terrorism operations at Australian airports

The terrorist attacks of 11 September 2001 highlighted the vulnerabilities of airports and aircraft. Further attacks in 2002, 2007 and 2009, have led to major government reforms in passenger processing and airport access. The security of Australian airports has also followed this trend, with an increased police presence. However, limited consideration has been given to the costs of these measures, compared to benefit. This Working Paper identifies the factors to be considered in such cost-benefit analyses and the authors outline their preliminary findings. The scope for further research is highlighted, particularly in relation to risk analysis and cost

Architecture and Information Requirements to Assess and Predict Flight Safety Risks During Highly Autonomous Urban Flight Operations

As aviation adopts new and increasingly complex operational paradigms, vehicle types, and technologies to broaden airspace capability and efficiency, maintaining a safe system will require recognition and timely mitigation of new safety issues as they emerge and before significant consequences occur. A shift toward a more predictive risk mitigation capability becomes critical to meet this challenge. In-time safety assurance comprises monitoring, assessment, and mitigation functions that proactively reduce risk in complex operational environments where the interplay of hazards may not be known (and therefore not accounted for) during design. These functions can also help to understand and predict emergent effects caused by the increased use of automation or autonomous functions that may exhibit unexpected non-deterministic behaviors. The envisioned monitoring and assessment functions can look for precursors, anomalies, and trends (PATs) by applying model-based and data-driven methods. Outputs would then drive downstream mitigation(s) if needed to reduce risk. These mitigations may be accomplished using traditional design revision processes or via operational (and sometimes automated) mechanisms. The latter refers to the in-time aspect of the system concept. This report comprises architecture and information requirements and considerations toward enabling such a capability within the domain of low altitude highly autonomous urban flight operations. This domain may span, for example, public-use surveillance missions flown by small unmanned aircraft (e.g., infrastructure inspection, facility management, emergency response, law enforcement, and/or security) to transportation missions flown by larger aircraft that may carry passengers or deliver products. Caveat: Any stated requirements in this report should be considered initial requirements that are intended to drive research and development (R&D). These initial requirements are likely to evolve based on R&D findings, refinement of operational concepts, industry advances, and new industry or regulatory policies or standards related to safety assurance