As part of the modernisation of air traffic management, a growing number of infrastructures and technologies are being deployed to improve air traffic services. While these developments can improve situation awareness and operational efficiency, they also come along with increasing cybersecurity risks. This study presents a half-day training concept for air traffic controllers to identify cyberattacks exploiting ADS-B vulnerabilities. Eight experienced Swedish Air Traffic Controllers (ATCOs) participated in three simulation runs using the Attack Simulator, a cybersecurity training platform that simulates various cyberattacks. Performance was measured by the correct identification of six probabilistically occurring attacks, with weighted scores reflecting the difficulty of each event. Knowledge transfer through briefing and video-based training aimed to educate ATCOs about cyberattacks that they could realistically face during their duties. Subjective assessments of situation awareness, workload, and stress were generally acceptable. Results suggest that training significantly improves ATCOs’ ability to respond to cyberattacks.

Traditional perimeter-based security models, which implicitly trust internal networks, are vulnerable to modern cyber threats such as ransomware and credential misuse, allowing lateral movement and large-scale breaches. Zero Trust Architecture (ZTA) mitigates these risks by enforcing continuous authentication and least-privilege access for all devices. However, organizations face challenges in adopting ZTA without disrupting operations or incurring high costs, and existing research lacks actionable guidance. Through extensive literature analysis, semi-structured interviews with diverse organizational staff, and evaluation of Zero Trust maturity across seven pillars, this article proposes a practical, phased roadmap tailored to the needs of an organization. The approach prioritizes operational continuity and minimizes implementation barriers, enabling robust and sustainable cybersecurity.

Industry 4.0 and 5.0 offer a promising framework for connecting electro-mechanical systems to cyberspace, enabling real-time access, telecontrol, human-machine collaboration, and intelligent automation of industrial operations. While horizontal and vertical interoperability serve as critical enablers of this ecosystem, heterogeneity among entities and the lack of standardized governance in interoperability allow cybercriminals to exploit structural vulnerabilities. These weaknesses and unknown bugs provide avenues for cyber-attackers to breach systems, conduct espionage, sabotage assets, and extort organizations, threatening IT and OT infrastructures, finances, reputations, and even human lives. This survey paper discusses cybersecurity and privacy threats within the Industry 4.0 and 5.0 ecosystems, their potential impact on industrial processes and peripherals, and the security challenges associated with the transition from Industry 4.0 to 5.0. To identify research gaps and vulnerabilities, we examine the architecture and components of diverse industrial frameworks and establish functional mappings using IIRA and RAMI models. Following a comprehensive threat modeling approach, we present a layered taxonomy of cyber-threats, classified based on their nature, behavior, and execution characteristics. To assist network administrators and security professionals, we propose a threat prioritization framework based on likelihood, detectability, impact severity, and operational consequences. Furthermore, we outline perspective-based cybersecurity challenges that expose deficiencies in current protective measures. As countermeasures, we advocate for AI-driven, blockchain-enabled, edge-computing-based, and privacy-preserving security solutions to defend against threats and mitigate potential damages. We also elaborate on key standardization initiatives, nation-specific privacy regulations, and ongoing research efforts focused on safeguarding the security and privacy of Industry 4.0 and beyond. The paper concludes by summarizing key lessons learned, identifying unresolved research questions, and suggesting future directions for a secure and resilient Industry 5.0 paradigm.

The security risk management discipline has historically been less developed than safety management systems, but the rapid digitalization of industries creates an urgent need for more proactive approaches. Current methods often rely on outdated lists and paper-based processes, leading to overlooked vulnerabilities and delayed responses to emerging threats. This paper presents a possible enhancement of the existing cyber and physical Security Risk Assessment Methodology (SecRAM). The enhanced SecRAM is currently validated through dedicated exercises and expert input. The approach considers cascading effects for attack and impact propagation, and is embedded within a system framework that recognizes interconnections and dependencies between services, systems, procedures, roles, and functions. With its web-based tool and user-friendly interface, the enhanced SecRAM proves its general applicability and shows potential for broader adoption across sectors, particularly aviation. Future work will focus on integrating automation and AI to improve efficiency and accuracy in risk assessments.

Current Air Traffic Management (ATM) systems are undergoing significant evolution due to increased traffic volumes, the introduction of diverse airborne systems such as Unmanned Aerial Vehicles (UAVs), technological advancements, and the potential to optimize operations through data-driven approaches. These advancements offer benefits in terms of efficiency, safety, and sustainability, but they also expose the systems to heightened cybersecurity risks. This paper analyzes the Security Risk Assessment Methodology (SecRAM) proposed by SESAR, focusing specifically on its use of complementary catalogs of threats and vulnerabilities. By validating the SecRAM approach in a contemporary ATM scenario, this paper identifies gaps in the framework that could be addressed to better meet the security needs of a modern and complex ATM ecosystem. Finally, this work proposes a set of enhancements to the SecRAM catalogs that will enable security professionals to design and develop secure and resilient modern ATM environments.

Virtual Private LAN Service (VPLS) is commonly used for secure multi-point communication across geographically scattered industrial sites, simulating a unified LAN broadcast domain for Industrial IoT (IIoT)-type devices. This configuration demands a fully-connected overlay network with encrypted Host Identity Protocol (HIP)/IPsec tunnels exhibiting quadratic scalability to the number of tunnels and a significant increase in forwarding table entries. Herein, we introduce Tunnel Relay Nodes (TRNs) as selected routers that maintain full-mesh connectivity. This approach allows non-TRN routers, or Provider Equipment (PEs) acting as spoke PEs, to connect via a TRN. We explore the challenges of using TRNs in secure HIP-based VPLS (HIPLS) networks, including (i) placing reliable TRNs within provider networks and (ii) scheduling TRNs to minimize their activation/deactivation costs as well as the connection cost among PEs. We then demonstrate how (i) can be addressed in polynomial time using a modified general median problem approach. Additionally, we formulate (ii) as a Mixed Integer Linear Programming (MILP) scheduling problem and prove its NP-completeness. Furthermore, we introduce an algorithm based on Lagrangian relaxation to address the intractability in large-scale deployments. This algorithm offers fast, near-optimal solutions while simultaneously balancing solution quality and execution time. Our simulations on three real-world network topologies with real network demands show a 92% average reduction in forwarding table entries on PE. Compared to existing solutions, our method reduces the number of tunnels established by up to 95%, at the expense of a 1.39-fold increase in tunnel path length.

This exercise validated an enhanced Attack Simulator that strengthens ATCOs cybersecurity awareness and response to ADS-B threats through realistic, simulation-based training. The research assessed the Attack Simulator's effectiveness in improving ATCOs' cyberattack recognition/response and to evaluate behavioural and performance changes pre-and post-knowledge transfer.

Controller Pilot Data Link Communications (CPDLC) enhances air traffic communication by replacing traditional voice transmissions with digital messages over Very High Frequency (VHF) radio systems. This transition improves communication resilience by providing clear, text-based instructions that reduce misunderstandings and increase bandwidth efficiency by enabling more data to be transmitted simultaneously. It benefits congested airspace by reducing radio frequency congestion and minimizing communication errors. However, due to the plain-text nature of its messages, CPDLC faces significant security challenges, making it vulnerable to cyber-attacks such as eavesdropping, modification, injection, and man-in-the-middle (MITM) attacks. This vulnerability allows motivated attackers to intercept CPDLC messages using inexpensive devices like Software-Defined Radio (SDR), HACKRF-one, and an antenna. Such breaches can lead to fatal safety incidents, severely impacting passengers and the aviation industry. To address this, we proposed a robust security framework for securing CPDLC communication by implementing critical measures, including mutual authentication, secure key establishment, and handover. The proposed framework has been tested on hardware to verify its effectiveness in practical scenarios, ensuring it aligns with existing CPDLC standards and integrates seamlessly into current systems without impacting operational efficiency. Our findings indicate that the proposed security framework enhances CPDLC's defenses against potential cyber threats while maintaining system performance, making it feasible to protect global air traffic communications.

Cybersecurity assessments are critical for ensuring that security measures in organizational infrastructures, systems, and applications meet necessary requirements. Given the significant HTTPS vulnerabilities exposed in recent years, assessing HTTPS deployments is increasingly important. However, there has been no systematic literature review (SLR) comparing different cybersecurity assessment methods specifically for HTTPS deployment security issues. This study aims to address this gap by identifying, analyzing, and comparing various HTTPS deployment assessment methods documented in scientific literature. Our approach involved a structured research methodology with specific inclusion and exclusion criteria for selecting relevant methods. The review utilizes 16 comparison metrics, divided into two categories: critical security metrics, focusing on assessment metrics adopted and the number of vulnerabilities evaluated by each method, and additional metrics assessing the methods’ applicability and effectiveness in real-world scenarios. The findings indicate varied adoption rates of these metrics among the reviewed cybersecurity assessment methods, highlighting the absence of a standardized approach using common, well-defined security metrics for HTTPS deployment assessment. In contrast, merging all the comparison metrics outlined in this review would enable a more in-depth assessment of HTTPS deployment security issues, enhance the quality of reported results, and lead to the development of a more practical assessment method.

In this paper, we analyze the performance of a wireless caching system with heterogeneous traffic and relaying capabilities satisfying secrecy constraints for one of two receiving users. In this setup, the second user has no secrecy requirements and receives cacheable content either from the relay helper or the core network through a wireless base station. The wireless relay helper can assist both users since it is equipped with finite storage that is split into cacheable and non-cacheable storage. Concurrently, a passive eavesdropper tries to overhear transmissions to the user with secrecy requirements. Consequently, we examine how this relay’s storage split and the eavesdropper affect the performance of the average throughput and delay of the system as the transmission powers, the relay’s transmission probability, and the relay’s cache size vary. © 2023 IEEE.