Multi-Layer Cybersecurity Risk Assessment for Civil Aviation Systems: Bridging Gaps Between Policy, Technology, and Practice

The aviation field is now digitally transforming more rapidly than ever, bringing more opportunities for the sector and new vulnerabilities that traditional safety measures cannot cope with. With the attempts to integrate the civil aviation systems of today with a wide range of technological applications, including satellite-based navigation, digital traffic control, and automated passenger processing, cybersecurity has become the most vital point of aviation security. However, current cybersecurity methods in the aviation sector continue to be disintegrated, as they are concentrating on only isolated technical solutions or are compliance-focused, at the expense of holistic risk management being limited. This research introduces and verifies a civil aviation-based multi-layer cybersecurity risk assessment framework that brings back a sense of unity to policy, technology, and real-world operational practice. The paper conducts a quantitative study of 58 peer-reviewed works and legal reports published between 2010 and 2024 to identify and assess the cybersecurity risks that exist in the aviation industry and are distributed across four layers, i.e., technical, operational, human, and policy layers. The Quantitative results demonstrate that a significant part of the cyber incidents are due to technical and human failures, while the policy level deteriorates the vulnerabilities of the whole system. Thematic analysis underpins the problems, including repeated ones, such as the lack of coordination among departments in implementing security measures, the narrowness of the scope of cyber training, and the poor execution of regulations. The research offers actionable insights for regulators, airport authorities, airlines, and cybersecurity vendors. Different kinds of visual patterns, such as a PRISMA study flow diagram, a risk attribution chart, and a thematic map, provide the framework's verification and make it easier to understand from a visual perspective. The proposed implementation model outlines the strategy by which each layer can serve as a defense for the rest by working together to achieve the security goal set. The study gives practical tips to regulators, airport authorities, airlines, and cybersecurity vendors. It expresses the opinion that our cyber security defense should be based on many layers and be capable of dealing with challenges at once rather than just fixing problems when they arise. The innovation presented in the paper empowers participants to take the initiative to protect the aviation sector from digital dangers, which, consequently, is a step towards peace of mind concerning the connectedness and digitalization of the global society in the years to come.