Scientific articles \ Prolegomena. Fundamentals of knowledge and culture. Propaedeutics \ Computer science and technology. Computing. Data processing \ Special auxiliary subdivision for computing

Cybersecurity in Philippine Aviation: A Multi-Method Evaluation of Vulnerabilities and Mitigation Strategies Through Document Analysis, Case Study, and Risk Modeling

Cybersecurity in Philippine Aviation: A Multi-Method Evaluation of Vulnerabilities and Mitigation Strategies Through Document Analysis, Case Study, and Risk Modeling

Author: Arthur Dela Peña

Journal: International Journal of Wireless and Microwave Technologies @ijwmt

Article in issue: 6 Vol.15, 2025.

Free access

The digitalization of aviation has heightened exposure to cyber risk, yet Philippine aviation governance and practice remain fragmented. This study evaluates sectoral vulnerabilities and feasible mitigations using a multi-method design: (i) document analysis of CAAP circulars, DICT’s National Cybersecurity Plan 2022, and international guidance (ICAO, IATA, NIST, ISO/IEC 27001); (ii) case studies (Cathay Pacific breach; London Heathrow USB mishandling) chosen for analytic transferability to Philippine operations; and (iii) risk modeling via a likelihood–impact matrix with a transparent 1–5 rubric adapted from ICAO SMM, NIST SP 800-30, and DICT, scored independently by two researchers with consensus reconciliation. I integrate results through a SWOT–TOWS synthesis and propose an AI/ML feasibility roadmap tailored to on-prem/air-gapped constraints. Findings reveal high-priority risks, including unauthorized ATC access, reservation-system data breaches, and airport-network ransomware (ris score = 20), driven by monitoring gaps, legacy systems, and uneven policy enforcement. Moderately ranked threats (weak framework implementation; phishing) and under-analyzed insider risk reflect systemic and human-factor weaknesses, compounded by underreporting and limited inter-agency coordination. The study’s novel contribution is a localization map that operationalizes global frameworks for Philippine conditions: phased NIST CSF adoption, tiered ISO/IEC 27001 pathways, and ICAO-aligned CAAP–DICT coordination with centralized incident reporting; plus a staged, low-cost AI/ML roadmap with KPI tracking (MTTD/MTTR, precision/recall). Limitations include the absence of primary stakeholder data and local incident/cost series; we outline a quantitative extension using operator surveys and Expected Annual Loss modeling to strengthen future empirical grounding. The results inform regulators, airlines, and airports on risk-based prioritization and practical governance upgrades to enhance national aviation cyber resilience.

More

Aviation Cybersecurity, Philippines, Risk Assessment, Policy Analysis, NIST Framework

Short address: https://sciup.org/15020082

IDR: 15020082   |   DOI: 10.5815/ijwmt.2025.06.04

QR code for installing the SciUp app Point your camera and download the free app SciUp