Risk assessment for aircraft gained relevance since the introduction of CS25 §1319. This paragraph explains the requirement of assessing and mitigating cyber-risks as necessary. The assessment is tied to adverse effects on the safety of the aircraft. Usually, most of the risk assessment can be shortened for aircraft due to the aircraft network domain principle. Due to goals for future air traffic management (ATM) and aircraft such as more interconnected and open networking or the usage of more commercial-of-the-shelf (COTS) components that clear separation of safety-critical and non-safety-critical of aircraft network domains is weakening. To minimize the risk assessment effort and enable support of continuous risk assessment machine-readable security metrics must be specified.

At first an overview of necessary model elements to conduct risk assessment is given. That model elements are defined considering a compromise between the ease of modeling and the technical level of detail necessary for automated risk assessment. In a second step, a state-of-the-art investigation is used to identify and elaborate on existing risk quantification methods and metrics. Besides the efforts to quantify risk with financial estimation methods, the focus of this study lies on the risk assessment of technical systems. Afterwards the findings are projected to the use-case of automated risk assessment. During the presentation a method to quantify cybersecurity risks is presented, that not only includes the shared metrics of state-of-the-art methods but also considers the mechanics and effects of security measures. Furthermore, the quantification method includes metrics to consider the estimated time of a successful attack compared to monitoring measures. Moreover, the metrics specify correlations between attack state concepts like the Cyber-Kill-Chain and quantified risk.

In the end, the proposed approach of quantifying risk for usage during automated risk assessment is demonstrated. The demonstration features a current state-of-the-art risk assessment approach and the calculated residual risk. In comparison the proposed metrics are used to calculate a more specific and detailed residual risk. The results of both methods are evaluated by utilizing the current MACSFIRE implementation. Subsequently, the advantages and disadvantages of the new approach are discussed. Besides the discussion, the results are judged concerning current aviation regulations. The last part of the presentation is focused on the identification of gaps between the requirements that need to be fulfilled while conducting risk assessment and the developed risk quantification approach. Furthermore, the usability of the defined approach and unambiguity in the sense of machine-readability and understandability is evaluated