A Novel Semi-Automatic Approach for Security Risk Treatment for U-Space Solutions

The European U-space initiative is expected to drive the widespread adoption of drones, which in turn increases the risk of novel and evolving cyberattacks. Consequently, it is essential to prioritize the assessment and treatment of security risks within the design of U-space solutions. As part of the process, security controls must be selected and implemented to strengthen the system’s cybersecurity posture. However, such selection must take into account their costs, effectiveness, and efficiency. On the other hand, choosing the wrong security controls can leave the analyzed solution highly exposed to threat scenarios. Accordingly, manual security risk treatment could be impractical, especially for highly automated and interconnected systems like U-space. This paper introduces an innovative semi-automatic approach for the security risk treatment of U-space solutions, introducing a bridging between some established frameworks. In detail, the work proposes a systematic integration between the NIST CyberSecurity Framework (CSF) and the Security Risk Assessment Methodology (SecRAM), with the latter representing the main point of reference within the Single European Sky ATM Research (SESAR) programme. The paper demonstrates the effectiveness and cost-efficiency of the approach in developing secure U-space systems through a case study on pharmaceutical delivery in a U-space environment.

• Publication year

  2025

• Venue

  IEEE International Conference on Systems, Man and Cybernetics

• Publication date

  2025-10-05

• Fields of study

  Computer Science, Engineering

• Identifiers
  DOI 10.1109/SMC58881.2025.11342602
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Automated Identification and Evaluation of Threat Scenarios for U-Space Solutions

  2025cited by this paper
• A First Step Towards an Automated Methodology for the Security Risk Assessment of U-Space Solutions

  2024influential reference
• A Game-Theoretic Approach for Security Control Selection

  2024cited by this paper
• An evaluation of practitioners’ perceptions of a security risk assessment methodology in air traffic management projects

  2022cited by this paper
• Developing Cyber-Resilient Systems:

  2021cited by this paper
• Threat identification and risk assessments for named data networking architecture using SecRam

  2021cited by this paper
• Heuristic Approach for Countermeasure Selection Using Attack Graphs

  2021cited by this paper
• Identification of Threats and Security Risk Assessments for Recursive Internet Architecture

  2018cited by this paper
• Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 

  2018influential reference
• Security Risk Analysis of a Trust Model for Secure Group Leader-Based Communication in VANET

  2017cited by this paper
• Towards automated network mitigation analysis

  2017cited by this paper
• Securing Airline-Turnaround Processes Using Security Risk-Oriented Patterns

  2016cited by this paper
• Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach

  2013cited by this paper
• Security and Privacy Controls for Federal Information Systems and Organizations

  2013cited by this paper
• Applying the SecRAM Methodology in a CLOUD-Based ATM Environment

  2013cited by this paper
• A Security Pattern-Driven Approach toward the Automation of Risk Treatment in Business Processes

  2012cited by this paper

• No citing papers are available for this paper.