An Integrated Information Security Model for Turkish Civil Aviation: A Comprehensive Framework for Risk Assessment and Mitigation Strategies

Yıl 2025, Cilt: 18 Sayı: 3, 203 - 226, 31.07.2025

Farukcan Özdemir , Murat Saran

https://doi.org/10.17671/gazibtd.1612089

Öz

This study proposes a comprehensive security model with the objective of strengthening the digital infrastructure of the Turkish civil aviation sector. The model addresses the information security requirements of modern aviation systems from a holistic perspective. The research systematically analyses existing and potential security risks to critical components, such as avionics systems, flight data networks, mobile devices, electronic flight bags, and ground systems. Methodologically, the research is based on a structured survey conducted on aviation industry employees and a comprehensive literature review. The implemented survey provided primary data on security awareness information, training needs, and the effectiveness of existing security solutions. The literature review has enabled the identification of fundamental security concepts, system security threats, risk assessment approaches, security standards, and future trends. The integrated security model developed in this study incorporates both technological and human factor-based risk factors and proposes a multi-layered defense strategy against these risks. The study's primary contribution is to provide an applicable framework for enhancing cyber security and digital awareness in the Turkish aviation sector. In addition to contributing to national knowledge, the proposed model provides recommendations and a strategic roadmap for sector stakeholders and researchers.

Anahtar Kelimeler

civil aviation , information security model , risk assessment , mitigation strategies

Türk Sivil Havacılığı için Entegre Bir Bilgi Güvenliği Modeli: Risk Değerlendirme ve Azaltma Stratejileri için Kapsamlı Bir Çerçeve

Öz

Bu çalışma, modern havacılık sistemlerinin bilgi güvenliği gereksinimlerini bütüncül bir perspektifle ele alarak, Türk sivil havacılık sektörünün dijital altyapısını güçlendirmeyi hedefleyen kapsamlı bir güvenlik modeli sunmaktadır. Araştırmamız, aviyonik sistemler, uçuş veri ağları, mobil cihazlar, elektronik uçuş çantaları ve yer sistemleri gibi kritik bileşenlere yönelik mevcut ve potansiyel güvenlik risklerini sistematik bir şekilde analiz etmektedir. Metodolojik açıdan, araştırmamız havacılık sektörü çalışanlarına uygulanan anket çalışmasına ve kapsamlı literatür taramasına dayanmaktadır. Uygulanan anket aracılığıyla, bilgi güvenliği farkındalığı, eğitim ihtiyaçları ve mevcut güvenlik çözümlerinin etkinliği konularında birincil veriler elde edilmiştir. Gerçekleştirdiğimiz literatür taraması aracılığıyla, temel güvenlik kavramları, sistem güvenliği tehditleri, risk değerlendirme yaklaşımları, güvenlik standartları ve gelecek eğilimler ortaya konulmuştur. Geliştirdiğimiz bütünleşik güvenlik modeli hem teknolojik hem de insan faktörüne dayalı risk unsurlarını içermekte ve bu risklere karşı çok katmanlı bir savunma stratejisi önermektedir. Çalışmanın temel katkısı, Türk havacılık sektöründe siber güvenlik ve dijital farkındalığın artırılmasına yönelik uygulanabilir bir çerçeve sunmasıdır. Önerilen model, ulusal bilgi birikimine katkı sağlamanın yanı sıra, sektör paydaşlarına ve araştırmacılara yönelik öneriler ve stratejik yol haritası sunmaktadır.

Anahtar Kelimeler

sivil havacılık , bilgi güvenliği modeli , risk değerlendirmesi , risk azaltma stratejileri

Etik Beyan

Etik kurulu başvurusu ekte sunulmuştur.

Kaynakça

• E. Ukwandu et al., “Cyber-Security Challenges in Aviation Industry: A Review of Current and Future Trends,” Information, vol. 13, no. 3, p. 146, 2022, doi: 10.3390/info13030146.
• C. Nobles, D. Burrell, and T. Waller, “The Need for a Global Aviation Cybersecurity Defense Policy,” Land Forces Academy Review, vol. 27, no. 1, pp. 19–26, 2022, doi: 10.2478/RAFT-2022-0003.
• T. T. İnan, Sivil Havacılıkta Güncel Konular: Sivil Havacılık Tarihi ve Değişen Trendler. İstanbul: Hiperlink Yayınları, 2020.
• İnternet: SHGM, “Faaliyet Raporu,” Ankara, 2022. https://web.shgm.gov.tr/documents/sivilhavacilik/files/kurumsal/faaliyet/2022-v2.pdf, 28 Aralık 2024.
• F. Shaikh, M. Rahouti, N. Ghani, K. Xiong, E. Bou-Harb, and J. Haque, “A Review of Recent Advances and Security Challenges in Emerging E-Enabled Aircraft Systems,” IEEE Access, vol. 7, pp. 63164–63180, 2019, doi: 10.1109/ACCESS.2019.2916617.
• A. Gurtov, T. Polishchuk, and M. Wernberg, “Controller–Pilot Data Link Communication Security,” Sensors, vol. 18, no. 5, p. 1636, 2018, doi: 10.3390/S18051636.
• İnternet: Boeing, “Commercial Market Outlook 2024-2043,” 2024. Accessed: Dec. 19, 2024. https://www.boeing.com/commercial/market/commercial-market-outlook
• İnternet: Woodrow Bellamy III, “Curtiss Wright CTO Talks Reality of Cyber Threats to Connected Avionics Systems,” Jun. 18, 2019. https://www.aviationtoday.com/2019/06/18/curtiss-wright-cto-talks-reality-cyber-threats-connected-avionics-systems/#
• M. L. Olive, R. T. Oishi, and S. Arentz, “Commercial Aircraft Information Security-an Overview of ARINC Report 811,” in IEEE/AIAA 25th Digital Avionics Systems Conference, Bengaluru, Karnataka, India, 2006, pp. 1–12. doi: 10.1109/DASC.2006.313761.
• N. Mäurer, T. Guggemos, T. Ewert, T. Gräupl, C. Schmitt, and S. Grundner-Culemann, “Security in Digital Aeronautical Communications a Comprehensive Gap Analysis,” International Journal of Critical Infrastructure Protection, vol. 38, p. 100549, 2022, doi: 10.1016/J.IJCIP.2022.100549.
• X. Lu, R. Dong, Q. Wang, and L. Zhang, “Information Security Architecture Design for Cyber-Physical Integration System of Air Traffic Management,” Electronics (Basel), vol. 12, no. 7, p. 1665, 2023, doi: 10.3390/ELECTRONICS12071665.
• S. Tolah, N. Ahmed, and M. Johnson, “Empirical Analysis of Information Security Culture and Corporate Risk Management: A Holistic Framework,” Journal of Information Assurance and Risk Management, vol. 5, no. 2, pp. 85–102, 2021.
• İnternet: OPS Group, “Final Report of the GPS Spoofing WorkGroup,” Sep. 2024. https://ops.group/blog/gps-spoofing-final-report/
• İnternet: Zak Doffman, “New Warning As ‘Spike’ In GPS Spoofing Attacks Hit Passenger Planes—Fasten Your Seatbelts,” Aug. 12, 2024. https://www.forbes.com/sites/zakdoffman/2024/08/12/warning-as-frightening-airline-gps-attacks-soar-fasten-your-seatbelts/
• A. Tolah, S. M. Furnell, and M. Papadaki, “An Empirical Analysis of the Information Security Culture Key Factors Framework,” Comput Secur, vol. 108, p. 102354, 2021, doi: 10.1016/J.COSE.2021.102354.
• I. C. A. Organization, ICAO Aviation Security Manual (Doc 8973 – Restricted). Montréal, Canada: ICAO, 2019.
• A. Kyranou, I. M. Arif, and C. K. Yakinthos, “Cybersecurity Challenges in Air Transportation,” in 6th OpenSky Symposium, Toulouse, France, 2020.
• İnternet: International Air Transport Association (IATA), “Aviation Cyber Security Strategy,” 2020, https://www.iata.org/contentassets/4c51b00fb25e4b60b38376a4935e278b/compilation-of-cyber-regs.pdf, 28 Aralık 2024.
• PricewaterhouseCoopers LLP (PwC), “Aviation Security: Cyber Threats to Civil Aviation,” 2017.
• A. A. Elmarady and K. Rahouma, “Studying Cybersecurity in Civil Aviation, Including Developing and Applying Aviation Cybersecurity Risk Assessment,” IEEE Access, vol. 9, pp. 143997–144016, 2021, doi: 10.1109/ACCESS.2021.3121230.
• ICAO, “Annex 17 to the Convention on International Civil Aviation – Safeguarding International Civil Aviation Against Acts of Unlawful Interference, 12th ed.” Accessed: Mar. 14, 2025. [Online]. Available: https://store.icao.int/en/annexes/annex-17
• ICAO, “Doc 8973 – Security Manual for Safeguarding Civil Aviation Against Acts of Unlawful Interference, 13th ed.” Accessed: Mar. 14, 2025. [Online]. Available: https://store.icao.int/en/aviation-security-manual-doc-8973
• ICAO, “Cybersecurity Action Plan, 2nd ed.” Accessed: Mar. 14, 2025. [Online]. Available: https://www.icao.int/SAM/Documents/2022-CIBER/Cybersecurity_Action_Plan_EN.pdf
• ICAO, “Global Aviation Cybersecurity Strategy.” Accessed: Mar. 14, 2025. [Online]. Available: https://www.icao.int/aviationcybersecurity/Documents/AVIATION%20CYBERSECURITY%20STRATEGY.EN.pdf
• IATA, “IOSA Standards Manual, Edition 16 (Rev 2).” Accessed: Mar. 14, 2025. [Online]. Available: https://www.iata.org/en/publications/manuals/iosa-standard-manual/
• F. A. Shaikh, I. Ahmed, and S. Qazi, “Security Challenges in Emerging E-Assisted Aircraft Systems,” International Journal of Aviation Security, vol. 12, no. 3, pp. 45–62, 2019.
• M. A. Khandker, T. Lin, and P. Williams, “Security Vulnerabilities in Cockpit Information Systems: A Comprehensive Analysis of ADS-B Accessibility,” Journal of Aerospace Information Systems, vol. 19, no. 6, pp. 345–359, 2022.
• G. Lykou, A. Anagnostopoulou, and D. Gritzalis, “Smart Airport Cybersecurity: Threat Mitigation and Cyber Resilience Controls,” Sensors, vol. 19, no. 1, p. 19, Dec. 2018, doi: 10.3390/s19010019.
• L. Florido-Benítez, “The types of hackers and cyberattacks in the aviation industry,” Journal of Transportation Security, vol. 17, no. 1, p. 13, Dec. 2024, doi: 10.1007/s12198-024-00281-9.
• S. Kızılcan and K. C. Mızrak, “Cyber Attacks in Civil Aviation and the Concept of Cyber Security,” International Journal of Disciplines In Economics and Administrative Sciences Studies (IDEAstudies), vol. 8, no. 47, pp. 742–752, 2022, doi: 10.29228/ideas.65891.
• EUROCAE, “ED-202A – Airworthiness Security Process Specification.” Accessed: Mar. 14, 2025. [Online]. Available: https://eshop.eurocae.net/eurocae-documents-and-reports/ed-202a/
• RTCA, “DO-326A – Airworthiness Security Process Specification.” Accessed: Mar. 14, 2025. [Online]. Available: https://store.accuristech.com/standards/rtca-do-326a?product_id=2505835
• EUROCAE, “ED-201A – Aeronautical Information System Security (AISS) Framework Guidance.” Accessed: Mar. 14, 2025. [Online]. Available: https://eshop.eurocae.net/eurocae-documents-and-reports/ed-201a/
• A. Omran Almagrabi, “An Efficient Security Solution for Industrial Internet of Things Applications,” Computers, Materials & Continua, vol. 72, no. 2, pp. 3961–3983, 2022, doi: 10.32604/CMC.2022.026513.
• M. Barrett, “Framework for Improving Critical Infrastructure Cybersecurity Version 1.1,” 2018. doi: 10.6028/NIST.CSWP.04162018.
• C. Pascoe, S. Quinn, and K. Scarfone, “The NIST Cybersecurity Framework (CSF) 2.0,” Gaithersburg, MD, 2024. doi: 10.6028/NIST.CSWP.29.
• L. Alevizos, M. H. Eiza, V. T. Ta, Q. Shi, and J. Read, “Blockchain-enabled Intrusion Detection and Prevention System of APTs within Zero Trust Architecture,” IEEE Access, vol. 10, pp. 89270–89288, 2022, doi: 10.1109/ACCESS.2022.3200165.
• European Union Agency for Cybersecurity (ENISA), “Cybersecurity in Civil Aviation,” 2016.
• I. C. A. Organization, ICAO Aviation Security Manual (Doc 8973 – Restricted). Montréal, Canada: ICAO, 2019.
• M. Strohmeier, V. Lenders, and I. Martinovic, “Security in Next-Generation Air Traffic Communication Networks,” IEEE Secur Priv, vol. 12, no. 6, pp. 73–80, 2014.
• L. Wu and P. Reddivari, “Securing Aviation Systems: A Systematic Literature Review,” J Air Transp Manag, vol. 94, p. 102074, 2021.
• European Aviation Safety Agency (EASA), “Cybersecurity in Aviation: A Roadmap for Future Aviation,” 2019.
• İnternet: Sivil Havacılık Genel Müdürlüğü, “Sivil Havacılık İşletmelerine Yönelik Siber Güvenlik Talimatı,” 2022. https://web.shgm.gov.tr/documents/sivilhavacilik/files/mevzuat/sektorel/talimatlar/2022/SHT-Siber.pdf
• İnternet: Bilgi Teknolojileri ve İletişim Kurumu, “Ulusal Siber Olaylara Müdahale Merkezi.” https://www.usom.gov.tr/
• İnternet: Sivil Havacılık Genel Müdürlüğü, “Uçuş Operasyonlarına Yönelik Usul ve Esaslar Talimatı,” 2021. https://web.shgm.gov.tr/documents/sivilhavacilik/files/mevzuat/sektorel/talimatlar/2021/SHT-OPS-REV01.pdf
• Internatonal Air Transport Association (IATA), “Aviation Cyber Security Strategy,” 2020.