A New Vision for ATM Security Management

Slides:



Advertisements
Similar presentations
Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS
Advertisements

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Transport TEN-T 2012 Calls for Proposals Info Day SESSION 2 MULTIMODAL AND CROSS-CUTTING PRIORITIES AIR TRAFFIC MANAGEMENT Unit Single European Sky - DG.
SIP/2012/ASBU/Nairobi-WP/19
17th February 2004: Slide 1 DG Transport and Energy OATA Workshop 17th February 2004 European Commission OATA and the Single European Sky.
The EMERALD RTD Plan and the ASAS Validation Framework R P (Bill) Booth 10 October 2002.
PETAL A major step Towards Cooperative Air Traffic Services Patrice BEHIER Manager of the Air/ground Co operative ATS Programme Directorate Infrastructure,
19/09/2007 Belfast, AIAA Conference SWIM-SUIT Giuliano dAuria SELEX Sistemi Integrati.
Mission Trajectory Step 1 From planning to deployment.
AIM Operational Concept
International Civil Aviation Organization Aviation System Block Upgrades Module N° B0-80/PIA-1 Improved Airport Operations through Airport-CDM SIP/ASBU/2012.
SECURITY RESEARCH SEVENTH FRAMEWORK PROGRAMME Mark Stroud Home Office Scientific Development Branch UK Security Programme Committee Member.
CIRAS PROJECT OVERVIEW
GAMMA Overview. Key Data Grant Agreement n° Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget:
Enav.it Session 3 Steps towards the SESAR deployment and the ATM system modernisation.
Aviation Safety, Security & the Environment: The Way Forward Vince Galotti Chief/Air Traffic Management ICAO Safety and Efficiency An ICAO Perspective.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
International Civil Aviation Organization Aviation System Block Upgrades Module N° B0-80/PIA-1 Improved Airport Operations through Airport-CDM SIP/2012/ASBU/Nairobi.
International Civil Aviation Organization Block Upgrades Next Steps & AN-Conf/12 Alexander Korsakov Air Navigation Commissioner International Civil Aviation.
6th Framework Programme Thematic Priority Aeronautics and Space.
Stephen S. Yau CSE , Fall Security Strategies.
International Civil Aviation Organization Collaborative Decision Making (CDM) Saulo Da Silva Workshop on preparations for ANConf/12 − ASBU methodology.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
SEC835 Database and Web application security Information Security Architecture.
January THE ISSUE Launch Event. Leicester. THE ISSUE Traffic- Health- Environment. Intelligent Solutions Sustaining Urban Economies. Professor.
SESAR Single European Sky Air traffic management Research
Enav.it Channelling Finance and Innovation to Industry Steps towards the Air Traffic Management system modernisation.
24-25 June 2010 SWIM-SUIT Final User Forum, Rome SWIM-SUIT Final User Forum.
1 SMEs – a priority for FP6 Barend Verachtert DG Research Unit B3 - Research and SMEs.
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
© EUROCONTROL European Air Traffic Management Programme The European ATM Master Plan ASAS TN Dave Young, Business Dev. Manager, EEC.
LSEC H2020-DS - & CIP Ulrich Seldeslachts, Brussels, January 27th, 2016.
IS3220 Information Technology Infrastructure Security
CRITICAL INFRASTRUCTURE RISK ASSESSMENT SUPPORT CIRAS PROJECT OVERVIEW 2nd Stakeholders’ Workshop Aschaffenburg, November, 26th, 2015 Jaime Martín, Project.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
What are the consequences of SES for the Air Force
Security and resilience for Smart Hospitals Key findings
ESA Iris Programme: status
Collaborative Decision Making (CDM) Saulo Da Silva
An Overview on Risk Management
AVIATION SYSTEM BLOCK UPGRADES (ASBU)
FF-ICE A CONCEPT TO SUPPORT THE ATM SYSTEM OF THE FUTURE
Workshop on preparations for ANConf/12 − ASBU methodology
SIP/2012/ASBU/Nairobi-WP/19
AIM Operational Concept
NextGen and Its Impact on Performance
CIRAS FINAL CONFERENCE
OPTIFRAME : Project Overview
Blocks 2 & 3 Overview Samuli Vuokila Air Navigation Commissioner
OptiFrame WP1: Project Management
Critical Infrastructure Protection Policy Priorities
Safety Management in Europe
Security Trends in the Safety-Oriented Aviation World
Instantiation of the Concept in GAMMA Prototypes
The ePhyto Solution A Guide to implement the ePhyto System
ATSEP training - general SJCS Latvijas Gaisa Satiksme (LGS) Latvia
The Single European Sky Implementation Programme: SESAME
Aviation Innovation for Regional Integration
AVI AFRIQUE October 2018 Tshepo Peege
How to Mitigate the Consequences What are the Countermeasures?
Full III Validation Exercise Demonstration
Security Management Platform
Cybersecurity ATD technical
IS Risk Management Framework Overview
Cybersecurity EXERCISE (CE) ATD Scenario questions
Cyber Security in a Risk Management Framework
IT Management Services Infrastructure Services
Presentation transcript:

A New Vision for ATM Security Management GAMMA Final Event - Rome, 15 November 2017

Consortium Composition Worth over fourteen million euros, GAMMA is co-financed by the European Commission within the Seventh Framework Programme (FP7). 8 Countries 19 partners: Airbus SAS Airbus Defence and Space Airbus Group Innovations 10 Large Industries 3 SMEs 3 Research org. and Universities 3 End-users Airbus Cybersecurity Thales UK Thales Avionics

System of systems approach The GAMMA Project stems from the growing need to address new air traffic management threats and vulnerabilities due, for instance, to increased reliance on automation and interconnectivity between systems. The goal of GAMMA is to develop solutions to these emerging vulnerabilities backed up by practical proposals for their implementation.

GAMMA: a Helicopter view Implementation Proposals ATM Security Solution ATM Threat Assessment SESAR Validation Platforms Validation ATM Security Requirements ATM Cyber Security ATM CNS Security ATM physical infrastructure Security ATM Crisis Management Security Risk Assessment GAMMA Solution Definition GAMMA Solution Architecture (NAF Views) 4

Security Risk Assessment and Treatment in GAMMA SecRAM ATM Core Functions (Primary Assets) 13 What Supporting Assets 59 Threat Scenarios (most feared threats) 44 Why High level Risks 95 Security Controls 318 Security KPIs How 27

GAMMA prototypes and validation environment Satcom Security Secure GNSS communications Secure ATC Information Exchange Gateway Security System Integrated Modular Communication ATM Security Management Platform Information Dissemination System Attack Prediction Cybersecurity Intelligent Platform Coordination and Control © GAMMA.All rights reserved © GAMMA.All rights reserved Validation Environment

Integrated validation scenarios and deployment Non coordinated attack Coordinated attack Coordinated + Research context Validation Scenarios storyboard Once upon a time… …and they all lived happily SMP ISS SATCOM IMC GNSS SACom IEG Prototype and Validation Environment preparation © GAMMA.All rights reserved TRT IMC 42 Sol DLR Airbus Cyber Airbus DS Geo-distributed Deployment LEONARDO TASE LEONARDO LEONARDO BRTE

A New Vision for ATM Security Management GAMMA Final Event - Rome, 15 November 2017

ATM Security Risk Assessment and GAMMA Tim H. Stelkens-Kobsch, DLR adapted from Rainer Koelle GAMMA Final Event - Rome, 15 November 2017

Security is a thousand year old discipline; The Security Problem Security is a thousand year old discipline; … every year there is a new lessons learnt, new research, new technologies, new techniques, new products, and even new laws … and every year things get worse. (adapted from Bruce Schneier) If left untouched, … Security Levels will degrade over time

Defining Moments Defining Moments 1988 2001 2001 20xx 2005 2006 2009 2006 20xx 2006 2009 “underpants bomber”

Changing Face of Aviation Security 1948 flight from persecution or prosecution 1968 political phase 1994 aircraft destruction 2001 Taken from ICAO AVSEC Seminar 2005, Marrakech; presentation by Canadian Air Transport Authority, Mark Duncan, Executive Vice President <<< post - 9/11 >>> aircraft as weapon ? today <<<15 years post - 9/11 >>> “cyber”

Airport Security Aircraft Security Airspace Security ATM Security Safeguarding of the airport Aircraft Security Safeguarding of the aircraft Airspace Security Safeguarding of the airspace ATM Security Safeguarding of the ATM System Collaborative support to national / Pan European aviation security incident management

Why GAMMA? New Vulnerabilities While SESAR improves performance and dependability of ATM, it opens the way to new vulnerabilities due, for instance, to: increased reliance on distributed enterprise computing automated flow of information across a ground and airborne network Cyber attacks come from many sources and have a range of possible targets, including civilian, commercial and military systems to damage critical services

The Transition to the New System Operational Concepts ASAS 4D … Tomorrow’s ATM System More COTS Products CWP FDP RDP … Evolution Today’s ATM System Transition More Inter- connected Systems SWIM AG GG … Open Standards TCP/IP XML HTML … More Data Sharing AIM CIA provenance …

Electro-magnetic space Natural/physical attack space Threats and Vulnerabilities Threat … capabilities, intentions, and attack methods of adversaries to exploit, or any condition, circumstance or event with the potential to cause harm to assets. Threat is different from threat source! … sources of threat range from vandals to terrorists (and even states). Vulnerabilities … weaknesses of a system or control … “Social Engineering” Electro-magnetic space Cyber space Natural/physical attack space

Security Risk Management “external” aspects - risk policy - risk appetite Risk Assessment Decision (Risk Response) assets Risk Identification and Assessment threats Security Measures/ Controls vulnerabilities mitigation Risk Monitoring

Supporting Documents SESAR ATM Security Reference Material SESAR 1 2001 SESAR 1 SESAR 2020 2009 2016 EC 2096/2005, CR EC 1035/2011, CR Dir 2016/1048, NIS Doc 8973 AVSec Doc 9854 ATM Op Concept, 2005 Annex 17 amend. 12, 2011 (ATSP, cyber) Doc 9985 ATM Sec, 2013 (Secure design) Doc 30 AVSec, Ed 13, 2010 (Ch 13, ATM Sec)

Risk Assessment Methodology The Security Risk Assessment Methodology Identify : Assets Impacts on CIA Risks Controls

Holistic Approach to Controls Organisation, Culture & Management Clear roles & Responsibilities Risks managed Operation of ICT Systems Systems isolated Network security Backups Change mgmt Technical Mechanisms & Infrastructure - Access control – networks, OS, applications, user mgmt. Acquisition & Development IS security Anti-malware Monitoring & Audit Logging Audits Compliance - Legal, Policy, Standards Corporate Direction & Policy - Policy supported Physical & Environmental Security Secure perimeter Equipment maintenance … Human Resources Training Vetting … Tomorrow’s ATM System If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology. Bruce Schneier

Security Risk Management and Operational Continuity Management Preventing an incident by protecting the system from an attack Recovering to normal operations as safely/quickly as possible This is realised by performing a Security Risk Assessment to identify what needs to be protected and how to protect it and then follow through with operating the security system !

The Overlooked Security Function SESAR Definition Phase Budget cuts  redefinition of security working packages SESAR Development Phase Security “transversal activity” Security Risk Assessment Limited security engineering SESAR Deployment Phase “pilot” projects to deliver operational benefits Deployment Plan “recognises” “cyber security”

Definition of ATM Security mapped to ATM/Air Navigation System airspace navigation user services Air Navigation System ATM System “ATM Security Function” “security coordination” services aviation security stakeholder ATM (Air Navigation) System is to ensure the safe, efficient, and orderly flow of air traffic ATM Security has to ensure (self-protection/resilience) the security of the associated air navigation services to the airspace users. Management of security requires introduction of “ATM Security Function” within air navigation system. Function is defined as operational, procedural, and technical means to ensure objective.

GAMMA - Security Risk Assessment - Summary Security is not a fundamentally new problem Understanding of ATM Security as a component of Aviation Security has matured over the last 15 years ATM System is undergoing a fundamental transformation (new technologies, new concepts of operations) While SESAR and NextGen address Security on a transversal system engineering level (i.e. security risk assessment), the development of security solutions is minimal, and deployment activities / opportunities are not used GAMMA addressed this void! Structured security risk assessment process building on SESAR Security solution prototype development and targeted validation Security Function a fundamental enabler for security management

Thank you and follow us @ http://www.gamma-project.eu

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.