Next Article in Journal
An Accurate Refinement Pathway for Visual Tracking
Previous Article in Journal
A Method for Determining the Shape Similarity of Complex Three-Dimensional Structures to Aid Decay Restoration and Digitization Error Correction
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Information
Volume 13
Issue 3
10.3390/info13030146
Review Report
information-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Review
Peer-Review Record

Cyber-Security Challenges in Aviation Industry: A Review of Current and Future Trends

Information 2022, 13(3), 146; https://doi.org/10.3390/info13030146
by Elochukwu Ukwandu 1, Mohamed Amine Ben-Farah 2, Hanan Hindy 3, Miroslav Bures 4, Robert Atkinson 5, Christos Tachtatzis 5, Ivan Andonovic 5 and Xavier Bellekens 6,*
Reviewer 1: Anonymous
Reviewer 2:
Georgia Lykou
Reviewer 3: Anonymous
Information 2022, 13(3), 146; https://doi.org/10.3390/info13030146
Submission received: 10 February 2022 / Revised: 3 March 2022 / Accepted: 5 March 2022 / Published: 10 March 2022
(This article belongs to the Section Information Security and Privacy)

Round 1

Reviewer 1 Report

The paper reviews digital security reports relating to the aviation industry. It is an important area that has not attracted enough attention to date so their contribution is welcome. The review itself is of moderate quality. The search method is limited and likely to have missed many papers. They summarize important aspects of several papers but their broader analysis that cuts across the field is questionable.

For example, a main finding is that APT's are the main source of threats but that appears to be based on a single report from a company that puts a lot of focus on APT's. It is not explicitly borne out of the analyses collected for this paper (i.e. in Table 1).

They also claim to predict future trends but there is no tie made between the fairly speculative types of technologies they discuss and the aviation industry. Along those lines, I suggest dropping section 7 in its entirety and not discussing future trends.

I also suggest dropping the "Attack Surface" column from Table 3. Those components can be attacked in many ways other than what is written in the column. It gives the impression that the components are easier to secure than they are.

Author Response

Comment 1:

They summarize important aspects of several papers but their broader analysis that cuts across the field is questionable. For example, a main finding is that APT's are the main source of threats but that appears to be based on a single report from a company that puts a lot of focus on APT's. It is not explicitly borne out of the analyses collected for this paper (i.e. in Table 1).

Response 1:

APT group are made up of so many arms and with regards to whether they were responsible for some of the attacks as recorded in Table 1 are not clear from the available records. But what is clear is that they do have support of some state actors in perpetrating their malicious acts and hence a bit more sophisticated in their exploits.

 

Comment 2:

They also claim to predict future trends but there is no tie made between the fairly speculative types of technologies they discuss and the aviation industry. Along those lines, I suggest dropping section 7 in its entirety and not discussing future trends.

Response 2:

Section 7 has been omitted.

 

Comment 3:

I also suggest dropping the "Attack Surface" column from Table 3. Those components can be attacked in many ways other than what is written in the column. It gives the impression that the components are easier to secure than they are.

Response 3:

Table 3 has been amended, omitting the “Attack Surface” column while integrating additional commentary in the description where appropriate.

Reviewer 2 Report

This work reviews cyber-security incidents in aviation sector, analyses different attack surfaces, and the existing threat dynamics in aviation industry. Author’s work is throughout and well organized with appropriate and adequate references to related work. However, there are inconsistencies and misleading statements in the manuscript as the ones listed below, so I recommend minor revision of this work before accepted for publication.

  • Some sentences stated by the authors are not properly justified like the one mentioned in lines 37-40. What is the evidence of this statement? It is recommended for the authors to provide some references to support this.
  • In section 2.1.2. Classification and Research Criteria, In lines 103-104: It is obvious that the use of word “Industry” has minimized their search results, so their conclusions about published scholarly papers are not accurate. In Aviation the word “Industry” is less used than the synonym “Aviation Sector”. For example, while omitting word “Industry”, at least 27 papers will appear in the same Scopus search, instead of 1 paper presented.

Therefore I will recommend the authors to rephrase their search result analysis, as the same applies to lines 129-133 with synonym words cyber-“incident” and cyber-“attack”

  • In table 2, since no information is presented about Column: Money Lost, I would recommend this column to be omitted.
  • In lines 126-128, citation for MS-thesis mentioned is missing.
  • In line 192, I believe that the authors meant ‘Industrial Control Systems’ for the Acronym (ICS), instead of ‘Inter-Communication System’
  • In line 243, the term: ….”cyber-technology systems” is not commonly used, please rephrase.
  • In line 284, … with 11 out 12 recorded incidents… should be corrected to 11 out 26 recorded incidents.
  • In lines1375-379, citation is missing.
  • In table 3, in the 1st Column (Class) for COM Components: ACARS, ADS-B, AWN the (C) for Confidentially should be added, since when communication channels lack encryption, confidentially is mostly impacted.

English used is mostly correct and readable, however significant editing of English language is required. Some language findings are listed below:

  1. Line 54: Syntax error …This work provides and exploration of cyber-security situation in civil aviation
  2. Line 167: Syntax error …While ICAO [4] believe that increase reliance on the integrity…
  3. Line 167: Grammar error …there are likelihood of rise in cyber-threats…
  4. Lines 247-251, Long sentence with no proper punctuation, please rephrase.
  5. Lines 364-366: Syntax error
  6. Lines 716-719, Long sentence with no proper punctuation, please rephrase.

Author Response

Reviewer Two

Comment 1:

Some sentences stated by the authors are not properly justified like the one mentioned in lines 37-40. What is the evidence of this statement? It is recommended for the authors to provide some references to support this.

Response 1:

The evidence has been added, highlighted in line 38.

 

Comment 2:

In section 2.1.2. Classification and Research Criteria, In lines 103-104: It is obvious that the use of word “Industry” has minimized their search results, so their conclusions about published scholarly papers are not accurate. In Aviation the word “Industry” is less used than the synonym “Aviation Sector”. For example, while omitting word “Industry”, at least 27 papers will appear in the same Scopus search, instead of 1 paper presented.  Therefore I will recommend the authors to rephrase their search result analysis, as the same applies to lines 129-133 with synonym words cyber- “incident” and cyber-“attack”

 

Response 2:

The use of search terms – “cyber AND attack AND aviation AND sector” as suggested were used on Scopus database, yielding 13 results. We would like to stress that many more combinations were used as search terms but did not yield appropriate results; hence the authors resorted to manual searches of recorded events through blogs, websites, online newsletters and technical reports.

 

Comment 3:

In Table 2, since no information is presented about Column: ‘MoneyLost’, I would recommend this column to be omitted.

Response 3:

The column “MoneyLost” has been omitted In Table 2.

 

Comment 4:

In lines 126-128, citation for MSc-thesis mentioned is missing.

Response 4:

It is not missing, but the issue with the reference is that it is listed as ‘PhD Thesis’ in Google Scholar, but it is not. All efforts to change the Bibtex citation content was unsuccessful as the citation disappears once amended.

 

Comment 5:

In line 192, I believe that the authors meant ‘Industrial Control Systems’ for the Acronym (ICS), instead of ‘Inter-Communication System’

Response 5:

ICS has been changed to Industrial Control System, highlighted in line 179

 

Comment 6:

In line 243, the term: ….”cyber-technology systems” is not commonly used, please rephrase.

Response 6:

In line with other Reviewers comments, this line has been omitted.

 

Comment 7:

In line 284, … with 11 out 12 recorded incidents… should be corrected to 11 out 26 recorded incidents.

Response 7:

This line has been changed to read 11 out of 26 recorded incidents

 

Comment 8:

In lines 375-379, citation is missing.

Response 8:

These lines are summary of what the authors analysis of 4 previously cited works.

 

Comment 9:

In Table 3, in the 1st Column (Class) for COM Components: ACARS, ADS-B, AWN the (C) for Confidentially should be added, since when communication channels lack encryption, confidentially is mostly impacted.

Response 9:

Confidentiality (C) has been added to the ACARS, ADS-B, AWN class columns.

 

Comment 10:

English used is mostly correct and readable, however significant editing of English language is required.

Response 10:

A thorough proof-reading has been performed to improve the narrative and to correct spelling errors.

Reviewer 3 Report

The authors conducted a systematic literature review of cyber security issues in the civil aviation industry. Particularly, the existing cyber security incidents have been identified, the attack surfaces have been analyzed, and the threat vectors along with the potential mitigation techniques have been explored. The review aims to comprehensively review existing cyber security issues in the aviation industry and identify research challenges within the domain.

Overall, this work presents a very interesting and novel topic and provides future directions for research in the cybersecurity aviation industry. In terms of presentation, the paper is well structured, clearly written, and can be easily followed by the reader. However, careful proofreading is required, as there exist typos and expressive mistakes. Further, the paper will benefit from a summary, in a tabular form, of the results presented in subsection 2.1.2 regarding the number of publications per keywords search. Finally, it would be easier for the reader to provide some more details about the mitigation techniques presented in Table 3 such as how these techniques are derived from.

Author Response

Comment 1:

However, careful proofreading is required, as there exist typos and expressive mistakes.

Response 1:

A thorough proof-reading has been performed to improve the narrative and to correct spelling errors.

 

Comment 2:

Further, the paper will benefit from a summary, in a tabular form, of the results presented in Subsection 2.1.2 regarding the number of publications per keywords search.

Response 2:

Table 1 has been added to provide a summary of the literature search in Section 2.1.2.

 

Comment 3:

Finally, it would be easier for the reader to provide some more details about the mitigation techniques presented in Table 3 such as how these techniques are derived from.

Response 3:

Table 3 has been enhanced through additional information in the description where appropriate.

19.5

Back to TopTop