Cyber-Security Challenges in Aviation Industry: A Review of Current and Future Trends

The integration of Information and Communication Technology (ICT) tools into mechanical devices in routine use within the aviation industry has heightened cyber-security concerns. The extent of the inherent vulnerabilities in the software tools that drive these systems escalates as the level of integration increases. Moreover, these concerns are becoming even more acute as the migration within the industry in the deployment of electronic-enabled aircraft and smart airports gathers pace. A review of cyber-security attacks and attack surfaces within the aviation sector over the last 20 years provides a mapping of the trends and insights that are of value in informing on future frameworks to protect the evolution of a key industry. The goal is to identify common threat actors, their motivations, attacks types and map the vulnerabilities within aviation infrastructures most commonly subject to persistent attack campaigns. The analyses will enable an improved understanding of both the current and potential future cyber-security protection provisions for the sector. Evidence is provided that the main threats to the industry arise from Advance Persistent Threat (APT) groups that operate, in collaboration with a particular state actor, to steal intellectual property and intelligence in order to advance their domestic aerospace capabilities as well as monitor, infiltrate and subvert other sovereign nations’ capabilities. A segment of the aviation industry commonly attacked is the Information Technology (IT) infrastructure, the most prominent type of attack being malicious hacking with intent to gain unauthorised access. The analysis of the range of attack surfaces and the existing threat dynamics has been used as a foundation to predict future cyber-attack trends. The insights arising from the review will support the future definition and implementation of proactive measures that protect critical infrastructures against cyber-incidents that damage the confidence of customers in a key service-oriented industry

Detection of JavaScript Injection Eavesdropping on WebRTC communications

WebRTC is a Google-developed project that allows users to communicate directly. It is an open-source tool supported by all major browsers. Since it does not require additional installation steps and provides ultra-low latency streaming, smart city and social network applications such as WhatsApp, Facebook Messenger, and Snapchat use it as the underlying technology on the client-side both on desktop browsers and mobile apps. While the open-source tool is deemed to be secure and despite years of research and security testing, there are still vulnerabilities in the real-time communication application programming interface (API). We show in this paper how eavesdropping can be enabled by exploiting weaknesses and loopholes found in official WebRTC specifications. We demonstrate through real-world implementation how an eavesdropper can intercept WebRTC video calls by installing a malicious code onto the WebRTC webserver. Furthermore, we identify and discuss several, easy to perform, ways to detect wiretapping. Our evaluation shows that several indicators within webrtc-internals API traces can be used to detect anomalous activities, without the need for network monitoring tools

A review of cyber-ranges and test-beds:current and future trends

Cyber situational awareness has been proven to be of value in forming a comprehensive understanding of threats and vulnerabilities within organisations, as the degree of exposure is governed by the prevailing levels of cyber-hygiene and established processes. A more accurate assessment of the security provision informs on the most vulnerable environments that necessitate more diligent management. The rapid proliferation in the automation of cyber-attacks is reducing the gap between information and operational technologies and the need to review the current levels of robustness against new sophisticated cyber-attacks, trends, technologies and mitigation countermeasures has become pressing. A deeper characterisation is also the basis with which to predict future vulnerabilities in turn guiding the most appropriate deployment technologies. Thus, refreshing established practices and the scope of the training to support the decision making of users and operators. The foundation of the training provision is the use of Cyber-Ranges (CRs) and Test-Beds (TBs), platforms/tools that help inculcate a deeper understanding of the evolution of an attack and the methodology to deploy the most impactful countermeasures to arrest breaches. In this paper, an evaluation of documented CR and TB platforms is evaluated. CRs and TBs are segmented by type, technology, threat scenarios, applications and the scope of attainable training. To enrich the analysis of documented CR and TB research and cap the study, a taxonomy is developed to provide a broader comprehension of the future of CRs and TBs. The taxonomy elaborates on the CRs/TBs dimensions, as well as, highlighting a diminishing differentiation between application areas

Tracklet and Signature Representation for Multi-shot Person Re-Identification.

International audienceVideo surveillance has become more and more important in many domains for their security andsafety. Person Re-Identification (Re-ID) is one of the most interesting subjects in this area. The Re-ID systemis divided into two main stages: i) extracting feature representations to construct a person’s appearance sig-nature and ii) establishing the correspondence/matching by learning similarity metrics or ranking functions.However, appearance based person Re-ID is a challenging task due to similarity of human’s appearance andvisual ambiguities across different cameras. This paper provides a representation of the appearance descriptors,called signatures, for multi-shot Re-ID. First, we will present the tracklets, i.e trajectories of persons. Then,we compute the signature and represent it based on the approach of Part Appearance Mixture (PAM). Anevaluation of the quality of this signature representation is also described in order to essentially solve the problemsof high variance in a person’s appearance, occlusions, illumination changes and person’s orientation/pose. Todeal with variance in a person’s appearance, we represent it as a set of multi-modal feature distributions modeledby Gaussian Mixture Model (GMM). Experiments and results on two public datasets and on our own datasetshow good performance

Cyber Security in the Maritime Industry: A Systematic Survey of Recent Advances and Future Trends

The paper presents a classification of cyber attacks within the context of the state of the art in the maritime industry. A systematic categorization of vessel components has been conducted, complemented by an analysis of key services delivered within ports. The vulnerabilities of the Global Navigation Satellite System (GNSS) have been given particular consideration since it is a critical subcategory of many maritime infrastructures and, consequently, a target for cyber attacks. Recent research confirms that the dramatic proliferation of cyber crimes is fueled by increased levels of integration of new enabling technologies, such as IoT and Big Data. The trend to greater systems integration is, however, compelling, yielding significant business value by facilitating the operation of autonomous vessels, greater exploitation of smart ports, a reduction in the level of manpower and a marked improvement in fuel consumption and efficiency of services. Finally, practical challenges and future research trends have been highlighted

Cyber-security challenges in aviation industry : a review of current and future trends

The integration of Information and Communication Technology (ICT) tools into mechanical devices in routine use within the aviation industry has heightened cyber-security concerns. The extent of the inherent vulnerabilities in the software tools that drive these systems escalates as the level of integration increases. Moreover, these concerns are becoming even more acute as the migration within the industry in the deployment of electronic-enabled aircraft and smart airports gathers pace. A review of cyber-security attacks and attack surfaces within the aviation sector over the last 20 years provides a mapping of the trends and insights that are of value in informing on future frameworks to protect the evolution of a key industry. The goal is to identify common threat actors, their motivations, attacks types and map the vulnerabilities within aviation infrastructures most commonly subject to persistent attack campaigns. The analyses will enable an improved understanding of both the current and potential future cyber-security protection provisions for the sector. Evidence is provided that the main threats to the industry arise from Advance Persistent Threat (APT) groups that operate, in collaboration with a particular state actor, to steal intellectual property and intelligence in order to advance their domestic aerospace capabilities as well as monitor, infiltrate and subvert other sovereign nations’ capabilities. A segment of the aviation industry commonly attacked is the Information Technology (IT) infrastructure, the most prominent type of attack being malicious hacking with intent to gain unauthorised access. The analysis of the range of attack surfaces and the existing threat dynamics has been used as a foundation to predict future cyber-attack trends. The insights arising from the review will support the future definition and implementation of proactive measures that protect critical infrastructures against cyber-incidents that damage the confidence of customers in a key service-oriented industry

Cyber Security Certification Programmes

Although a large and fast-growing workforce for qualified cybersecurity professionals exists, developing a cybersecurity certification framework has to overcome many challenges. Towards this end, an extended review of the cybersecurity certifications offered currently on the market from 9 major issuing companies is conducted. Moreover, the guidelines for the definition of a cybersecurity certification framework as they are provided from the recent Cyber Security Act and framework of ENISA, NIST and ISO/IEC 17024 are covered. A vast comparison among the presented cybersecurity certifications is given, based not only on the cybersecurity domain covered but also the required level of candidate's experience. A proposed certification program has been also analyzed based on the learning pathways and the knowledge areas described in FORESIGHT

Burden of obesity in the Eastern Mediterranean Region: findings from the Global Burden of Disease 2015 study

Mokdad AH, El Bcheraoui C, Afshin A, et al. Burden of obesity in the Eastern Mediterranean Region: findings from the Global Burden of Disease 2015 study. INTERNATIONAL JOURNAL OF PUBLIC HEALTH. 2018;63(Suppl. 1):165-176.We used the Global Burden of Disease (GBD) 2015 study results to explore the burden of high body mass index (BMI) in the Eastern Mediterranean Region (EMR). We estimated the prevalence of overweight and obesity among children (2-19 years) and adults (20 years) in 1980 and 2015. The burden of disease related to high BMI was calculated using the GBD comparative risk assessment approach. The prevalence of obesity increased for adults from 15.1% (95% UI 13.4-16.9) in 1980 to 20.7% (95% UI 18.8-22.8) in 2015. It increased from 4.1% (95% UI 2.9-5.5) to 4.9% (95% UI 3.6-6.4) for the same period among children. In 2015, there were 417,115 deaths and 14,448,548 disability-adjusted life years (DALYs) attributable to high BMI in EMR, which constitute about 10 and 6.3% of total deaths and DALYs, respectively, for all ages. This is the first study to estimate trends in obesity burden for the EMR from 1980 to 2015. We call for EMR countries to invest more resources in prevention and health promotion efforts to reduce this burden

Burden of cardiovascular diseases in the Eastern Mediterranean Region, 1990-2015 : findings from the Global Burden of Disease 2015 study

To report the burden of cardiovascular diseases (CVD) in the Eastern Mediterranean Region (EMR) during 1990-2015. We used the 2015 Global Burden of Disease study for estimates of mortality and disability-adjusted life years (DALYs) of different CVD in 22 countries of EMR. A total of 1.4 million CVD deaths (95% UI: 1.3-1.5) occurred in 2015 in the EMR, with the highest number of deaths in Pakistan (465,116) and the lowest number of deaths in Qatar (723). The age-standardized DALY rate per 100,000 decreased from 10,080 in 1990 to 8606 in 2015 (14.6% decrease). Afghanistan had the highest age-standardized DALY rate of CVD in both 1990 and 2015. Kuwait and Qatar had the lowest age-standardized DALY rates of CVD in 1990 and 2015, respectively. High blood pressure, high total cholesterol, and high body mass index were the leading risk factors for CVD. The age-standardized DALY rates in the EMR are considerably higher than the global average. These findings call for a comprehensive approach to prevent and control the burden of CVD in the region.Peer reviewe

Mapping 123 million neonatal, infant and child deaths between 2000 and 2017

Since 2000, many countries have achieved considerable success in improving child survival, but localized progress remains unclear. To inform efforts towards United Nations Sustainable Development Goal 3.2—to end preventable child deaths by 2030—we need consistently estimated data at the subnational level regarding child mortality rates and trends. Here we quantified, for the period 2000–2017, the subnational variation in mortality rates and number of deaths of neonates, infants and children under 5 years of age within 99 low- and middle-income countries using a geostatistical survival model. We estimated that 32% of children under 5 in these countries lived in districts that had attained rates of 25 or fewer child deaths per 1,000 live births by 2017, and that 58% of child deaths between 2000 and 2017 in these countries could have been averted in the absence of geographical inequality. This study enables the identification of high-mortality clusters, patterns of progress and geographical inequalities to inform appropriate investments and implementations that will help to improve the health of all populations