CYBERSECURITY CHALLENGES TO AIRLINES A LITERATURE REVIEW OF RISK & COMPLIANCE
(2025) FLYL01 20251School of Aviation
- Abstract (Swedish)
- This thesis reviews existing research on how cybersecurity affects flight safety and to what extent these threats are addressed in regulatory requirements. This mixed method thesis employs anchoring in safety science, systematic literature review, legal requirements analysis, interviews, and a survey. Research shows risks related to unencrypted VHF/HF radio, CPDLC, ACARS, Mode-S, ADS-B, TCAS and GNSS. Unlike in IT where risks are quickly patched, this study shows unresolved persistent risks. The open academic research was found to be close to nonexistent combining cybersecurity effects on aviation safety and
the relevance of regulatory controls. Regulations were found to be fragmented and reactive. While the conclusions supports further... (More) - This thesis reviews existing research on how cybersecurity affects flight safety and to what extent these threats are addressed in regulatory requirements. This mixed method thesis employs anchoring in safety science, systematic literature review, legal requirements analysis, interviews, and a survey. Research shows risks related to unencrypted VHF/HF radio, CPDLC, ACARS, Mode-S, ADS-B, TCAS and GNSS. Unlike in IT where risks are quickly patched, this study shows unresolved persistent risks. The open academic research was found to be close to nonexistent combining cybersecurity effects on aviation safety and
the relevance of regulatory controls. Regulations were found to be fragmented and reactive. While the conclusions supports further studies on encryption to CPDLC, airlines are primarily urged to acknowledge that these vulnerabilities will remain, and to conduct risk assessments and implement compensating controls. This thesis is concluded with recommendations to airline management to implement an information security management system, and enhancing resilience through awareness training. (Less)
Please use this url to cite or link to this publication:
http://lup.lub.lu.se/student-papers/record/9200989
- author
- Ekström, Eric LU
- supervisor
- organization
- course
- FLYL01 20251
- year
- 2025
- type
- M2 - Bachelor Degree
- subject
- keywords
- Airline, aviation, information security, cybersecurity, risk management, critical infrastructure, FLYL01
- language
- English
- id
- 9200989
- date added to LUP
- 2025-06-18 13:06:55
- date last changed
- 2025-06-18 13:06:55
@misc{9200989,
abstract = {{This thesis reviews existing research on how cybersecurity affects flight safety and to what extent these threats are addressed in regulatory requirements. This mixed method thesis employs anchoring in safety science, systematic literature review, legal requirements analysis, interviews, and a survey. Research shows risks related to unencrypted VHF/HF radio, CPDLC, ACARS, Mode-S, ADS-B, TCAS and GNSS. Unlike in IT where risks are quickly patched, this study shows unresolved persistent risks. The open academic research was found to be close to nonexistent combining cybersecurity effects on aviation safety and
the relevance of regulatory controls. Regulations were found to be fragmented and reactive. While the conclusions supports further studies on encryption to CPDLC, airlines are primarily urged to acknowledge that these vulnerabilities will remain, and to conduct risk assessments and implement compensating controls. This thesis is concluded with recommendations to airline management to implement an information security management system, and enhancing resilience through awareness training.}},
author = {{Ekström, Eric}},
language = {{eng}},
note = {{Student Paper}},
title = {{CYBERSECURITY CHALLENGES TO AIRLINES A LITERATURE REVIEW OF RISK & COMPLIANCE}},
year = {{2025}},
}