Table of Contents
Cybersecurity in Aviation
In conjunction with Estonian Aviation Academy (EAVA), we are offering unique training opportunity for aviation and cybersecurity students. The goal of the course is to give a basic introduction to cybersecurity and to the importance of cybersecurity in aviation.
Description
The students are introduced to basic cybersecurity concepts such as attack surface, types of cyber-attacks, offensive cyber operations, protection measures, basics of risk management, identification of threat actors, and overview of existing regulations. More specific parts of the course are coping with cybersecurity in air traffic, air navigational systems, wireless protocols, smart buildings, airline operations, aircraft vulnerabilities and specific aviation cybersecurity related regulations and guidance.
Academic year, semester: 2023, spring semester
Timeline:
Thursdays 16 February 2023 - 18 May 2023 at 10.00 - 11.30 Lectures
Thursdays 16 March 2023 - 18 May 2023 at 12.00 - 13.30 Seminar / Student presentations
Thursday, 25 May 2023 Exam
Credit points: 3 ECTS
Workload and format of studies: Lectures/exam 34h, group work seminars 15h, individual or group study 29h. Hybrid (classroom/online) option is used.
Lecturers: Mati Tarlap (EAVA, main responsible lecturer), Prof Dr Olaf Manuel Maennel (TalTech), and guest lecturers.
Grading and examination: The course consists of 5 group homework reports (each 14%) and a final exam (30%). The student is only eligible for the exam if every group homework has at least a “passing grade” (50% or more). Prerequisites to be allowed to take the exam are the approved homework assignments.
Schedule of the course
Scroll right to see the full schedule.
| Date | Topic | Lecturer | |
|---|---|---|---|
|
09 Feb 2023 |
Introduction to the course and overview of the aviation ecosystem and the relevance of its cybersecurity protection. |
2 |
M. Tarlap, O.Maennel |
|
16 Feb 2023 |
Basic terms and principles of cybersecurity, networks and systems (e.g., network stack, firewalls, routers, switches, DMZ, crypto basics, PKIs, TLS, GPG). |
2 |
O.Maennel |
|
23 Feb 2023 |
The EU-Regulatory Frameworks, including GDPR, NIS-2 directive, data security standards. |
2 |
Anna-Maria Osula |
|
02 Mar 2023 |
Human factors (OSINT, social engineering, phishing, dark patterns). |
2 |
O. Maennel |
|
09 Mar 2023 |
Aviation Threat Landscape & Threat Actors (incl. APT). |
2 |
Eneken Tikk |
|
16 Mar 2023 |
CIA, Cyber Kill Chain & Attack Trees. Ecosystem: passenger journey. Type of attacks (history of viruses, malware/ransomware, DDoS, MiTM, spoofing, supply chain attacks). |
2 |
O. Maennel |
|
Seminar: Student Presentations I on Homework 1/OSINT exercise |
1.5 |
O.Maennel |
|
|
23 Mar 2023 |
Hacking Demo. Wireless systems 1 - SatComs, AeroMACs/LDACS & voice communication systems. |
2 |
Klaus Gebeshuber |
|
Seminar: Student Presentations II on Homework 1/OSINT exercise |
1.5 |
O.Maennel |
|
|
30 Mar 2023 |
Wireless systems 2 – ADS-B, CPDLC, ACARS, TCAS, messages & privacy. |
2 |
Martin Strohmeier |
|
Seminar: Student Presentations I on Homework 2/Attack trees |
1.5 |
O.Maennel |
|
|
06 Apr 2023 |
ATM Digital Systems, SWIM, PENS, ANSP practical security. Low-cost communication systems (e.g., Software Defined Radios for spoofing and interception). |
2 |
M.Tarlap |
|
Seminar: Student Presentations II on Homework 2/Attack trees |
1.5 |
O.Maennel |
|
|
13 Apr 2023 |
Aircraft digital systems (including AFDX, time-triggered ethernet, segregated networks specific to aircraft and ATM systems). Certification. |
2 |
Gerry Ngu (TBC) |
|
Seminar: Student Presentations I on Homework 3/OpenSky |
1.5 |
O.Maennel |
|
|
20 Apr 2023 |
Airports, Airlines, Drones and u-space. |
2 |
Georg Liigand |
|
Seminar: Student Presentations II on Homework 3/OpenSky |
1.5 |
O.Maennel |
|
|
27 Apr 2023 |
Risk assessments & management, security frameworks (ISO/NIST), resilience, recovery plan, business continuity, network monitoring and the use of protective measures in case of an external threats increase. |
2 |
Kaie Maennel |
|
Seminar: Student Presentations I on Homework 4/DarkWeb |
1.5 |
O.Maennel |
|
|
04 May 2023 |
Risk assessment and management continued. Including methods for vulnerability assessment, Penetration Testing up to Red Team Assessment. Bug Bounty Approaches. |
2 |
O.Maennel |
|
Seminar: Student Presentations II on Homework 4/DarkWeb |
1.5 |
O.Maennel |
|
|
11 May 2023 |
Aviation specific regulatory frameworks (ICAO), regulations and practices on securing information. European Air Traffic Management Computer Emergency Response Team (EATM-CERT) managed by EUROCONTROL. |
2 |
John Hird (TBC) |
|
Seminar: Student Presentations I on Homework 5/Risks |
1.5 |
O.Maennel |
|
|
18 May 2023 |
Incident handling, communication, and reporting (SOC/CERT). |
2 |
Kaie Maennel |
|
Seminar: Student Presentations II on Homework 5/Risks |
1.5 |
O.Maennel |
|
|
25 May 2023 |
Exam |
4 |
O.Maennel |
Registration
The course (code: CNS.073) belongs to the Communication and Navigation Systems speciality of the Aeronautical Engineering (194140) curriculum in the Estonian Aviation Academy and is an elective for other EAVA specialties. It is also an elective and free for TalTech’s Cybersecurity MSc (IVCM) students.
Registration for IVCM students:
In OIS, choose "ITC8112 Special Course in Cyber Security II". Make sure to choose the course taught by Olaf Maennel.
If you already have used this course code in your study plan previously, please contact the Program Manager's Assistant at: IVCM@taltech.ee.
Contacts
Questions about the content of the course
Olaf Maennel
olaf.maennel@taltech.ee
Questions about adding the course to the IVCM study plan
Emily Ridal
Programme Manager's Assistant (IVCM)
IVCM@taltech.ee
Partners
Past courses
In conjunction with Estonian Aviation Academy (EAVA) and NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE), will be offering unique training opportunity for aviation and cybersecurity students.
The participants will be introduced to basic cybersecurity concepts: ATM, wireless protocols, smart buildings, airline and aircraft vulnerabilities. Concepts of attack surface, cyber attacks and risk assessment. Techniques used for spoofing, modifying data and gaining access. The course will be taught in English.
This course has an ambition to cover cybersecurity aspects in all domains of aviation and therefore it is unique in kind. Since the topic is very broad, the idea is not to go too much in detail, but assure to offer an operational focussed university level course. In order to achieve this, a lot of specialists a specific field, coming from different organisations, are willing to contribute to this course.
- Time: 12 February - 14 May 2021 (Fridays) from 9:00 AM - 1:00 PM (EET)
- Venue: Online (or when the situation permits hybrid at Estonian Aviation Academy)
- Credit points: 3 ECTS
Full Schedule
|
Welcome |
Nele, Olaf, Erwin |
Tootsi, Maennel, Orye |
|
Friday |
12 |
February |
2021 |
09:00 |
09:45 |
EET |
|
Overview of the attack and defence methods in cybersecurity |
Olaf |
Maennel |
TalTech |
Friday |
12 |
February |
2021 |
10:00 |
10:45 |
EET |
|
The threat landscape |
Eneken |
Tikk |
Cyber Policy Institute |
Friday |
12 |
February |
2021 |
11:15 |
12:00 |
EET |
|
Basic principles used in cybersecurity |
Erwin |
Orye |
CCDCOE |
Friday |
12 |
February |
2021 |
12:15 |
13:00 |
EET |
|
Risk management |
Erwin |
Orye |
CCDCOE |
Friday |
19 |
February |
2021 |
09:00 |
09:45 |
EET |
|
Risk management |
Erwin |
Orye |
CCDCOE |
Friday |
19 |
February |
2021 |
10:00 |
10:45 |
EET |
|
Demo Hacking |
Christian |
Behling |
CCDCOE |
Friday |
19 |
February |
2021 |
11:15 |
12:00 |
EET |
|
Wireless transmission media |
Erwin |
Orye |
CCDCOE |
Friday |
19 |
February |
2021 |
12:15 |
13:00 |
EET |
|
Cybersecurity regulations |
Massimilliano |
Signoretti |
CCDCOE |
Friday |
5 |
March |
2021 |
09:00 |
09:45 |
EET |
|
Cybersecurity regulations |
Massimilliano |
Signoretti |
CCDCOE |
Friday |
5 |
March |
2021 |
10:00 |
10:45 |
EET |
|
Aviation Regulations |
John |
Hird |
Eurocontrol |
Friday |
5 |
March |
2021 |
11:15 |
12:00 |
EET |
|
Aviation Regulations |
John |
Hird |
Eurocontrol |
Friday |
5 |
March |
2021 |
12:15 |
13:00 |
EET |
|
Wireless Systems - working principles |
Nele |
Tootsi |
Estonian Aviation Academy |
Friday |
12 |
March |
2021 |
09:00 |
09:45 |
EET |
|
Wireless Systems - cybersecurity aspects |
Erwin |
Orye |
CCDCOE |
Friday |
12 |
March |
2021 |
10:00 |
10:45 |
EET |
|
Wireless Systems - ADS-B |
Martin |
Strohmeier |
Armasuisse |
Friday |
12 |
March |
2021 |
11:15 |
12:00 |
EET |
|
Wireless Systems - ADS-B |
Martin |
Strohmeier |
Armasuisse |
Friday |
12 |
March |
2021 |
12:15 |
13:00 |
EET |
|
ANS Digital Systems - working principles |
Nele |
Tootsi |
Estonian Aviation Academy |
Friday |
19 |
March |
2021 |
09:00 |
09:45 |
EET |
|
ANS Digital Systems - cybersecurity aspects |
Erwin |
Orye |
CCDCOE |
Friday |
19 |
March |
2021 |
10:00 |
10:45 |
EET |
|
ANSP practical cybersecurity implementation |
Mario |
Reinu |
EANS |
Friday |
19 |
March |
2021 |
11:15 |
12:00 |
EET |
|
Cyber Kill Chain in cybersecurity |
Erwin |
Orye |
CCDCOE |
Friday |
19 |
March |
2021 |
12:15 |
13:00 |
EET |
|
ICS systems |
Gabor |
Visky |
CCDCOE |
Friday |
26 |
March |
2021 |
09:00 |
09:45 |
EET |
|
Demo ICS systems |
Gabor |
Visky |
CCDCOE |
Friday |
26 |
March |
2021 |
10:00 |
10:45 |
EET |
|
Current/future EASA cybersecurity requirements/regulation for aircraft certification |
Gerry |
Ngu |
EASA |
Friday |
26 |
March |
2021 |
11:15 |
12:00 |
EET |
|
Current cybersecurity threats in aviation (information sharing initiatives) |
Gerry |
Ngu |
EASA |
Friday |
26 |
March |
2021 |
12:15 |
13:00 |
EET |
|
Aircraft digital systems - cybersecurity overview |
Erwin |
Orye |
CCDCOE |
Friday |
9 |
April |
2021 |
09:00 |
09:45 |
EET |
|
Cybersecurity in Airports - cybersecurity overview |
Erwin |
Orye |
CCDCOE |
Friday |
9 |
April |
2021 |
10:00 |
10:45 |
EET |
|
Cybersecurity in Airports - operational aspects |
Jeroen |
Roelandt |
freelance consultant |
Friday |
9 |
April |
2021 |
11:15 |
12:00 |
EET |
|
Cybersecurity in Airports - operational aspects |
Jeroen |
Roelandt |
freelance consultant |
Friday |
9 |
April |
2021 |
12:15 |
13:00 |
EET |
|
Military aviation |
Fabio |
Biondi |
CCDCOE |
Friday |
30 |
April |
2021 |
09:00 |
09:45 |
EET |
|
Military aviation |
Fabio |
Biondi |
CCDCOE |
Friday |
30 |
April |
2021 |
10:00 |
10:45 |
EET |
|
The passenger journey |
Olaf |
Maennel |
TalTech |
Friday |
30 |
April |
2021 |
11:15 |
12:00 |
EET |
|
The passenger journey |
Olaf |
Maennel |
TalTech |
Friday |
30 |
April |
2021 |
12:15 |
13:00 |
EET |
|
Cybersecurity for airlines |
Olaf |
Maennel |
TalTech |
Friday |
7 |
May |
2021 |
09:00 |
09:45 |
EET |
|
Cybersecurity from pilot's view |
Martin |
Pacher |
Vereinigung Cockpit |
Friday |
7 |
May |
2021 |
10:00 |
10:45 |
EET |
|
Drones and u-space |
Andres |
Moks |
Estonian Aviation Academy |
Friday |
7 |
May |
2021 |
11:15 |
12:00 |
EET |
|
Drones and u-space |
Erwin |
Orye |
CCDCOE |
Friday |
7 |
May |
2021 |
12:15 |
13:00 |
EET |
|
ATC simulator hack |
Erwin |
Orye |
CCDCOE |
Friday |
14 |
May |
2021 |
09:00 |
09:45 |
EET |
|
ATC simulator hack |
Erwin |
Orye |
CCDCOE |
Friday |
14 |
May |
2021 |
10:00 |
10:45 |
EET |
|
Strategic impacts |
Erwin |
Orye |
CCDCOE |
Friday |
14 |
May |
2021 |
11:15 |
12:00 |
EET |
|
Admin and questions |
Erwin |
Orye |
CCDCOE |
Friday |
14 |
May |
2021 |
12:15 |
13:00 |
EET |