Publikováno:
2025, EASA Part IS in U-Space Operations: Is System-Theoretic Process Analysis for Security Sufficient to Meet Information Security Risk Assessment Requirements?, Linz, Elsevier BV), p. 2448-2457), ISSN 1877-0509
Anotace:
The U-space implementation within airspace management has led to the emergence of research activities focused on information exchange between U-space stakeholders. U-space requires information exchange among various entities, including the Air Navigation Service Provider, U-space Service Provider, Common Information Service Provider, Unmanned Aircraft Systems, and remote pilots. This information must be secured. European Part-IS addresses information security risks by establishing processes to safeguard information used, transmitted, or received during U-Space operations. This paper investigates whether the System-Theoretic Process Analysis for Security (STPA-Sec) can ensure compliance with EASA Part-IS information security risk assessment requirements. By applying the analysis to the CISp operation concept and comparing the outcomes with Part-IS requirements, the results indicate that while STPA-Sec effectively identifies potential security vulnerabilities and hazards, it does not provide specific mitigation recommendations. Therefore, while STPA-Sec can inform the development of security strategies, additional steps are needed to fully comply with EASA Part-IS requirements.
Typ:
Stať ve sborníku z mezinár. konf.