Progress in cyber security in ATM
It's time to act and push for implementation-oriented security in order to establish a coherent and efficient security system for ATM.
The ICAO Threat and Risk Working Group is addressing cyber security issues as part of the overall threat and risk assessment for aviation. The task is to identify credible threat scenarios and consequent risks to aviation in the fields of cyber threats and CNS (communications, navigation, surveillance).
The NEASCOG ATM Threat and Risk Assessment Document is a regular contribution to ICAO's work. EUROCONTROL is contributing to this by providing inputs for security issues related to: air-ground voice communications and data links, surveillance systems, GNSS, RPAS, SWIM, FMS and flight data processing.
ICAO's work, supported by EUROCONTROL, will form the basis for an updated global risk context statement (RCS) and subsequent updates of Annex 17 (Security) and its associated security manuals. The ATM Security Unit is coordinating internal and external contributions to this very important activity, e.g. with the NEASCOG ATM Security Threat and Risk Assessment Task Force (ASAT).
The ICAO Threat and Risk Working Group identified the NEASCOG CNS Security Workshop (14th June) as an excellent opportunity to cross-check and validate initial results of its work on cyber and CNS security. The workshop concluded with an interesting CNS security statement.
At its 32nd meeting, NEASCOG agreed its revised programme of work for the next 4 years. The ‘White Paper on Cyber Security in ATM’, developed by the ATM Security Unit, is a builder of this revised programme of work, which will have a strong cyber component. The White Paper was first introduced at the ATM Security Information Days (October 2012), in a joint presentation with the EDA (European Defence Agency). EDA stressed the need for civil/military cooperation in cyber security, since both face similar challenges and civil ATM is becoming critical for military operations. The expected outcome of the White Paper is to provide an agreed common cyber security baseline for civil and military players in ATM. This is considered a basic requirement for trust building.
On 5 and 6 November 2013, EUROCONTROL organised a workshop on National Security Operation Centres (SOC) and Network Security. Again, very interesting conclusions were reached. All participants agreed that it’s time to act and push for implementation-oriented security in order to establish a coherent and efficient security system for ATM. In this regard, an important milestone will be achieved at the NEASCOG/34 meeting (5 – 6 June 2014), which will be dedicated entirely to a SWIM cyber security workshop.
Implementation strategies for cyber security in ATM will be proposed and discussed during this important event. This activity will broadly contribute to the development of centralised services for security, as proposed by EUROCONTROL.
Another important development is a generic ATM security course. One main outcome of the ATM Security Information Days (October 2012) was the urgent need to develop training material, including for cyber security. An Education Awareness and Training Plan was supported. The ATM Security Unit is developing training material in coordination with ICAO.
In 2012, ATM and cyber security obtained full recognition at ICAO level as a major component of the Aviation Security Programme. In 2013, we witnessed the first concrete results. In 2014, we should see the first building blocks for a secure ATM network. The framework, the organisations and the actors, including EUROCONTROL, are ready, willing and able to go.