Aircraft are being networked and equipped with technology that enables onboard and air-to-ground connectivity, increasing the importance of information security in aircraft avionics. These networked systems provide access to and share real-time data for responsive decision-making and control ? supporting enhanced safety, increased efficiency, and cost savings for users. The increase in net-enabled aircraft raises the concern that they may be susceptible to attacks that could impact aircraft and passenger safety. Understanding the true potential of these attacks is critical for designing effective security measures, creating appropriate policies and procedures, and ensuring overall flight system safety. Therefore, the aviation industry needs a repeatable methodology that consistently and correctly identifies, prioritizes, and mitigates safety risks associated with aircraft information systems while considering adversarial action.Such a methodology should include guidelines and procedural steps that exercise careful analysis, testing, and strategizing in order to advance up-to-date airworthiness security and protection. This work documents the adjustment of an extension on STPA[1], STPA-Sec[2], to better fit aviation cyber security, and the application of that modified process, STPA-Sec of Aircraft Systems(STPA-SecA), to Aircraft Systems Information Security/Protection (ASISP). We will cover the changes made to Hazardous Control Action (HCA) types; the addition of attack trees as scenario representations; the common lists of capabilities, weaknesses, and vulnerabilities; the replacement of probability with capability when evaluating risk; and the lessons learned in implementation.[1] Nancy G. Leveson and John Thomas. STPA Handbook. 2018.
[2] William Young and Reed Porada. System-Theoretic Process Analysis for Security (STPA-SEC): Cyber Security and STPA. Boston, MA, Mar. 2017. url: http://psas.scripts.mit.edu/home/wp-content/uploads/2017/04/STAMP_2017_STPA_SEC_TUTORIAL_as-presented.pdf (visited on 11/28/2018).
