Siber Güvenlikte Önemli Noktaların İncelenmesi: Havaalanlarında Terör Saldırılarının Önlenmesi

Abstract

Havaalanları elektromanyetik ve dijital bilgi açısından en gelişmiş yapılardan biridir. Etkin ve zamanında operasyonun sürdürülebilmesi için ilgili havacılık operasyon birimlerindeki yüksek miktardaki bilginin birbirlerine bağlanması gerekmektedir. Dolayısıyla, iletişim ağı hem makul, hem de iyi korunmuş olmalıdır. Havaalanları milyonlarca sistemle donatılmış olduğundan, sistemin ana noktalarını bulmak ve en iyi güvenlik hizmeti seviyesini geri yüklemek için inceleyecek doğru bileşeni seçmek esastır. Bu uygulamanın sonunda, havaalanının kritik noktalardaki olası hata türleri incelenecek ve tanımlanacaktır. Dolayısıyla, herhangi bir siber eylemin olması durumunda, kullanıcılara proaktif destek sistemi bilgisi verilecektir. Ayrıca, kullanıcılar bir siber saldırıdan kaynaklanabilecek muhtemel zararları önlemek veya en aza indirmek için nasıl tepki vereceği konusunda eğitilecektir. Makalenin ilk bölümünde, siber yapı ve muhtemel tehditler kuramsal olarak incelenmiştir. İkinci bölümde hükümet politikasıyla ilgili siber güvenlik şartları ve birimler belirlenmiştir. Çalışmanın son bölümünde havaalanı sistemlerine karşı olası siber saldırıların sınıflandırılmasında gizlilik, bütünlük ve erişilebilirlik ölçeği ile ele alınmış ve değerlendirilmiştir. Bu çalışmada, hata tipini ve seviyesini analiz etmek için FMEA (Hata Türleri ve Etkileri Analizi) yöntemi uygulanmıştır. Bu yöntem, hata belirleme ve önleme için en güçlü sayısal tekniklerden biridir ve yüksek riskli bileşenlerin güvenilir faktörlere dönüştürülmesini sağlar. Elde edilen sonuçları analiz ederek Atatürk Havalimanı'nda ölçeklendirme ve önemli proaktif eylemler için kullanılması planlanan bir sistem belirlenmiş ve sistemin iyileştirilmesi amacıyla bazı öneriler yapılmıştır.

Purpose: Research carried out within the scope of the airport cyber security. Changing life, technology and society conditions are leading to a shift in security perspective. While the number of electronic-based systems and virtual platforms that people and businesses use has increased, security needs and threats have changed accordingly. Design/Methodology/Approach: In this study, the failure type and level of its effect FMEA (Failure Mode Effect Analysis) method is used to analyze and investigate on critical points of airports cyber security. This method is one of the strongest numerical technique which prevent failures before they even exist and identify how to convert high risk components into reliable factors. In the scope of this research, firstly literature search related to cyber security has been done. In the second part of the study, measures taken by the state on cyber threats in public areas such as airports are explained. In the last part, a FEMA scale was developed which consisting three airport-relating steps. In the first dimension of the scale, the systems in the airports were analyzed with the help of literature research. A list of weak systems against cyber threats has been tried to be created. However, due to the unique nature of each airport, a questionnaire form was developed for each employee. The developed questionnaire forms the first dimension of the scale. The second dimension of the scale consists of face-to-face interviews. Faceto-face interviews determine the order of importance of airport systems. In the third dimension of the scale, Likelihood of Occurrence, Discoverability, Severity Scale and Confidentiality, Integrity, Accessibility Scale are assigned to the airport to determine the effect of probable cyberattacks on the airport. It is planned that the scale developed in the survey will be applied at airports. Findings/Results/Discussion: Airport systems and their threat level in terms of cyber security is identified with the framework of ISO 27001. Concept of cyber security is explained and the important information assets in terms of cyber threats in Airport Systems are defined. End of the research decision tree diagram which shows the steps of discoverability, the severity scale has been formed. People have felt the need to take measures against the elements that threaten them for years. Security is one of the most basic needs of an individual or an enterprise. Therefore, security is in the class of necessities. Changing life, technology and society conditions are leading to a shift in security perspective. While the number of electronic-based systems and virtual platforms that people and businesses use has increased, security needs and threats have changed accordingly. In general, it is necessary to determine the systems used in an airport. These systems vary depending on the size and structure of the airport. At least one unit manager should be contacted from all the units in the organization chart of the airport. Airport inventory should be overlooked. If airport systems are exposed to cyber terrorism, to determine the critical points of airport systems, possible effects should be taken orally and the systems should be ranked according to their importance. In the event of a possible cyber-attack on airport systems, the confidentiality of the information may be violated. Systems should be questioned for privacy reasons. However, in terms of integrity (unauthorized modification / incorrect replacement) each system should be evaluated. Airport critical systems should be questioned in terms of accessibility / availability. Research Limitations/Implications: Airports make hosting more than one systems. For this reason, there are many systems used in airports. The scope of the research is limited only to the systems under control of the airports. The systems used by other airport operators are not included in the survey. For example, the systems that ground services using have been ignored. Practical Implications: A FEMA scale was developed which consisting three airport-relating steps. It is planned that the scale developed in the survey will be applied at airports. A warning has been received that the sharing of this application by many airports would constitute a significant security breach when scales were sent to airports. With analyzing the obtained results, a system, which is aimed to be used in Atatü rk Airport for scaling and taking considerable proactive actions, have been identified. On the purpose of improvement of system some recommendations have been made. Social Implications: Airports are one of the important substructures of aviation millions of the people use airport system to transportation. With the developed system airports companies can investigate on cyber security of the airport systems Originality/Value: The airports are under the threat of terrorist organizations for economic, socio-cultural and political reasons. Physical security threats have begun to evolve into threats in the virtual platform due to changing ways of doing business. It is thought that with this research, airports including current social, economic and cultural dynamics of the countries, make significant contribution to academic literature and will also include security analysis by presenting findings.