Preparing for cyber-attacks on Air Traffic Management infrastructures: Cyber-safety scenario generation

Malware poses a growing threat to a host of safety-critical systems that depend on common software components, including the Linux operating system and the Internet Protocol (IP). Threats include `mass market´ malware that is not deliberately aimed at safety-related systems. They also include more sophisticated techniques exploited by W32.Stuxnet, W32.Duqu, W32.Flame etc. Previous work in this area has focused on the consequences of a cyber-attack under `optimal conditions´. Very little work has been done to identify more complex scenarios when malware exacerbates routine system failures that occur in all safety-critical applications. We show how Vulnerability and Violation (V2) diagrams can identify interactions between malware and degraded modes of operation. The intention is not to accurately predict future modes of attack. In contrast, the aim is to create training scenarios that test the expertise and judgement of systems engineers, operators and managers. The initial results from our work have revealed the underlying vulnerabilities that exist across safety-critical transportation infrastructures.