33,145 research outputs found
Risk Assessment Techniques for Civil Aviation Security
Following the 9/11 terrorists attacks a strong economical effort was made to improve and adapt aviation security, both in infrastructures as in airplanes. National and international guidelines were promptly developed with the objective of creating a security management system able to supervise the identification of risks and the definition and optimisation of control measures. Risk assessment techniques are thus crucial in the above process, since an incorrect risk identification and quantification can strongly affect both the security level as the investments needed to reach it. The paper proposes a set of methodologies to qualitatively and quantitatively assess the risk in the security of civil aviation and the risk assessment process based on the threats, criticality and vulnerabilities concepts, highlighting their correlation in determining the level of risk. RAMS techniques are applied to the airport security system in order to analyse the protection equipment for critical facilities located in air-side, allowing also the estimation of the importance of the security improving measures vs. their effectiveness
Why We Cannot (Yet) Ensure the Cybersecurity of Safety-Critical Systems
There is a growing threat to the cyber-security of safety-critical systems.
The introduction of Commercial Off The Shelf (COTS) software, including
Linux, specialist VOIP applications and Satellite Based Augmentation Systems
across the aviation, maritime, rail and power-generation infrastructures has created
common, vulnerabilities. In consequence, more people now possess the technical
skills required to identify and exploit vulnerabilities in safety-critical systems.
Arguably for the first time there is the potential for cross-modal attacks
leading to future ‘cyber storms’. This situation is compounded by the failure of
public-private partnerships to establish the cyber-security of safety critical applications.
The fiscal crisis has prevented governments from attracting and retaining
competent regulators at the intersection of safety and cyber-security. In particular,
we argue that superficial similarities between safety and security have led
to security policies that cannot be implemented in safety-critical systems. Existing
office-based security standards, such as the ISO27k series, cannot easily be integrated
with standards such as IEC61508 or ISO26262. Hybrid standards such as
IEC 62443 lack credible validation. There is an urgent need to move beyond
high-level policies and address the more detailed engineering challenges that
threaten the cyber-security of safety-critical systems. In particular, we consider
the ways in which cyber-security concerns undermine traditional forms of safety
engineering, for example by invalidating conventional forms of risk assessment.
We also summarise the ways in which safety concerns frustrate the deployment of
conventional mechanisms for cyber-security, including intrusion detection systems
Safety arguments for next generation location aware computing
Concerns over the accuracy, availability, integrity and
continuity of Global Navigation Satellite Systems (GNSS)
have limited the integration of GPS and GLONASS for
safety-critical applications. More recent augmentation
systems, such as the European Geostationary Navigation
Overlay Service (EGNOS) and the North American Wide
Area Augmentation System (WAAS) have begun to address
these concerns. Augmentation architectures build on the
existing GPS/GLONASS infrastructures to support locationbased services in Safety of Life (SoL) applications. Much of the technical development has been directed by air traffic management requirements, in anticipation of the more extensive support to be offered by GPS III and Galileo. WAAS has already been approved to provide vertical guidance against ICAO safety performance criteria for aviation applications. During the next twelve months, we will see the full certification of EGNOS for SoL applications.
This paper identifies strong similarities between the safety
assessment techniques used in Europe and North America.
Both have relied on hazard analysis techniques to derive
estimates of the Probability of Hazardously Misleading
Information (PHMI). Later sections identify significant
differences between the approaches adopted in application
development. Integrated fault trees have been developed by
regulatory and commercial organisations to consider both
infrastructure hazards and their impact on non-precision
RNAV/VNAV approaches using WAAS. In contrast,
EUROCONTROL and the European Space Agency have
developed a more modular approach to safety-case
development for EGNOS. It remains to be seen whether the
European or North American strategy offers the greatest
support as satellite based augmentation systems are used
within a growing range of SoL applications from railway
signalling through to Unmanned Airborne Systems. The key
contribution of this paper is to focus attention on the safety
arguments that might support this wider class of location
based services
Selective Screening of Rail Passengers, MTI 06-07
The threat of another major terrorist attack in the United States remains high, with the greatest danger coming from local extremists inspired by events in the Middle East. Although the United States removed the Taliban government and destroyed al Qaeda’s training camps in Afghanistan, events in Europe and elsewhere have shown that the terrorist network leadership remains determined to carry out further attacks and is capable of doing so. Therefore, the United States must systematically conduct research on terrorist strikes against transportation targets to distill lessons learned and determine the best practices for deterrence, response, and recovery. Those best practices must be taught to transportation and security professionals to provide secure surface transportation for the nation. Studying recent incidents in Europe and Asia, along with other research, will help leaders in the United States learn valuable lessons—from preventing attacks, to response and recovery, to addressing the psychological impacts of attacks to business continuity. Timely distillations of the lessons learned and best practices developed in other countries, once distributed to law enforcement, first responders, and rail- and subway-operating transit agencies, could result in the saving of American lives. This monograph focuses on the terrorist risks confronting public transportation in the United States—especially urban mass transit—and explores how different forms of passenger screening, and in particular, selective screening, can best be implemented to reduce those risks
Managing Environmental, Health, and Safety Risks: A Comparative Assessment of the Minerals Management Service and Other Agencies
This study compares and contrasts regulatory and related practices—in particular, regulatory decisionmaking, risk assessment and planning processes, inspection and compliance, and organization structure, budgets, and training—of the Minerals Management Service (MMS, now the Bureau of Ocean Energy Management, Regulation, and Enforcement, or BOEMRE) with those of the Federal Aviation Administration (FAA) and the Environmental Protection Agency (EPA). Comparing MMS practices with those of other federal agencies that also manage low-probability but high-consequence environmental risks provides a basis for identifying opportunities for enhancing regulatory capacity and safety performance in managing deepwater energy exploration and production. Our research finds important differences in processes for setting standards; peer review contribution to the rulemaking process; establishment of tolerable risk thresholds; and training of key staff. The paper concludes with several recommendations for how various EPA and FAA practices might be modified and used at BOEMRE to strengthen its regulatory and risk management processes.Minerals Management Service, Federal Aviation Administration, Environmental Protection Agency, risk management
The future of UAS: standards, regulations, and operational experiences [workshop report]
This paper presents the outcomes of "The Future of UAS: Standards, Regulations and Operational Experiences" workshop, held on the 7th and 8th of December, 2006 in Brisbane, Queensland, Australia. The goal of the workshop was to identify recent international activities in the Unmanned Airborne Systems (UAS) airspace integration problem. The workshop attracted a broad cross-section of the UAS community, including: airspace and safety regulators, developers, operators and researchers. The three themes of discussion were: progress in the development of standards and regulations, lessons learnt from recent operations, and advances in new technologies. This paper summarises the activities of the workshop and explores the important outcomes and trends as perceived by the authors
Cost-benefit analysis of Australian Federal Police counter-terrorism operations at Australian airports
The terrorist attacks of 11 September 2001 highlighted the vulnerabilities of airports and aircraft. Further attacks in 2002, 2007 and 2009, have led to major government reforms in passenger processing and airport access. The security of Australian airports has also followed this trend, with an increased police presence. However, limited consideration has been given to the costs of these measures, compared to benefit. This Working Paper identifies the factors to be considered in such cost-benefit analyses and the authors outline their preliminary findings. The scope for further research is highlighted, particularly in relation to risk analysis and cost
Architecture and Information Requirements to Assess and Predict Flight Safety Risks During Highly Autonomous Urban Flight Operations
As aviation adopts new and increasingly complex operational paradigms, vehicle types, and technologies to broaden airspace capability and efficiency, maintaining a safe system will require recognition and timely mitigation of new safety issues as they emerge and before significant consequences occur. A shift toward a more predictive risk mitigation capability becomes critical to meet this challenge. In-time safety assurance comprises monitoring, assessment, and mitigation functions that proactively reduce risk in complex operational environments where the interplay of hazards may not be known (and therefore not accounted for) during design. These functions can also help to understand and predict emergent effects caused by the increased use of automation or autonomous functions that may exhibit unexpected non-deterministic behaviors. The envisioned monitoring and assessment functions can look for precursors, anomalies, and trends (PATs) by applying model-based and data-driven methods. Outputs would then drive downstream mitigation(s) if needed to reduce risk. These mitigations may be accomplished using traditional design revision processes or via operational (and sometimes automated) mechanisms. The latter refers to the in-time aspect of the system concept. This report comprises architecture and information requirements and considerations toward enabling such a capability within the domain of low altitude highly autonomous urban flight operations. This domain may span, for example, public-use surveillance missions flown by small unmanned aircraft (e.g., infrastructure inspection, facility management, emergency response, law enforcement, and/or security) to transportation missions flown by larger aircraft that may carry passengers or deliver products. Caveat: Any stated requirements in this report should be considered initial requirements that are intended to drive research and development (R&D). These initial requirements are likely to evolve based on R&D findings, refinement of operational concepts, industry advances, and new industry or regulatory policies or standards related to safety assurance
- …