Safety & Security of future SATCOM based Aviation Data Links

Slides:



Advertisements
Similar presentations
1 Documentation Legal Framework Air Navigation Orders Guidelines ATS Manual Airport Manual Safety Management Manual ICAO Annexes Licenses / Certificates.
Advertisements

Module N° 4 – ICAO SSP framework
Module N° 3 – ICAO SARPs related to safety management
1 Reporting April Safety Policy Regulator Service Provider Service Provider Service Provider Regulator to established SRF to harmonize reporting.
1 Welcome Safety Regulatory Function Handbook April 2006.
1 Regulation. 2 Organisational separation 3 Functional Separation.
Session No. 3 ICAO Safety Management Standards. The Big Picture Two audience groups Two audience groups States States Service providers Service providers.
The Future Air Traffic Control System Presented by: Geoffrey BaileyKors van den BoogaardDon Willis EurocontrolInternational Air Transport AssociationU.S.
SESAR position on ATM Communication Technologies and future trends Kors VAN DEN BOOGAARD, SESAR CIT Hanspeter KULHEN, SESAR Task 2.5 R - EADS Astrium Cedric.
Service Technique de la Navigation Aérienne NexSAT: Mission Hypothesis 20 may, 2003 STNA/31 ATM issues at horizon 2015 over ECAC Capacity: - VHF spectrum.
Module 1 Evaluation Overview © Crown Copyright (2000)
A Joint Code of Practice Objectives and Summary Presentation
ACI/GM/3011/1.0 ACI's Portable ATN Software Products & Services Technology for next-generation aviation data communication… Presented by Forrest Colliver.
PETAL A major step Towards Cooperative Air Traffic Services Patrice BEHIER Manager of the Air/ground Co operative ATS Programme Directorate Infrastructure,
ATN ‘99, London, 23 September 1999 David Russell ATS Market Manager, SITA AIRCOM SITA AIRCOM Data Link Service.
Air-Ground Data Link - DFS Strategy
International Civil Aviation Organization Aviation System Block Upgrades Module N° B0-40/PIA-4 Improved Safety and Efficiency through the initial application.
Environment case Episode 3 - CAATS II Final Dissemination Event Brussels, 13 & 14 Oct 2009 Hellen Foster, Jarlath Molloy NATS, Imperial College London.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Aviation Safety, Security & the Environment: The Way Forward Vince Galotti Chief/Air Traffic Management ICAO Safety and Efficiency An ICAO Perspective.
ICAO Provisions for Safety Management
Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.
An Approach to the Software Aspects of Safety Management
FAO/WHO CODEX TRAINING PACKAGE
Session No. 3 ICAO Safety Management Standards ICAO SMS Framework
ATN2001 Rev New Kent Fisher, Program Manager Boeing Air Traffic Management Kent Fisher, Program Manager Boeing Air Traffic Management.
Next Generation Air/Ground Communications (NEXCOM) Presented to ATN 2002 London, England 25 September 2002 James H. Williams Communications Integrated.
Enav.it Channelling Finance and Innovation to Industry Steps towards the Air Traffic Management system modernisation.
1 EUROCAE EUROCAE Dedicated to Aviation Standardisation ASAS Standards: “From concept to equipment” David Bowen (Technical Secretary) April 24 th 2007.
1 FRENCH PROPOSAL FOR ESARR6 1 - BACKGROUND - 15/02/00 : Kick-off meeting, Presentation of the CAA/SRG input (SW01), Request from the chairman to comment.
- Session 4: Interoperation José M. Roca Air/Ground Cooperative ATS Programme Eurocontrol.
Software Safety Case Why, what and how… Jon Arvid Børretzen.
International Air Transport Association Transition to the new CNS/ATM ATN 2000, September 2000, London Günther Matschnigg IATA Vice President Operations.
International Atomic Energy Agency Regulatory Review of Safety Cases for Radioactive Waste Disposal Facilities David G Bennett 7 April 2014.
Certification Considerations for the Implementation of ASAS Applications on Aircraft Kevin Hallworth: UK CAA ASAS-TN Seminar – October 2004.
Module N° 6 – SMS regulation
6/11/04Part 11 Public Meeting1 Risk-Based Approach Scott M Revolinski Washington Safety Management Solutions Carolyn Apperson-Hansen Cleveland Clinic Foundation.
DIRECTORATE GENERAL FOR ENERGY AND TRANSPORT Information Day 6th Framework Programme 1st Call for Proposals, 5 Feb. 2003, Brussels ASAS operational improvements:
Toward a New ATM Software Safety Assessment Methodology dott. Francesca Matarese.
Module 02 Essential Requirements for ATCOs. Training Objectives  Appreciate the content of the essential requirements for ATCOs as described within EASA.
Larry Ley | Digital Aviation | Boeing Commercial Airplanes
Security and resilience for Smart Hospitals Key findings
Quality Management System Deliverable Software 9115 revision A Key changes presentation IAQG 9115 Team March 2017.
Derivation of RCP/RSP specifications
Céline Pasty London, 14 April 2016
Workshop on preparations for ANConf/12 − ASBU methodology
THE THIRD REFERENCE PERIOD (RP3) & EMERGING CHALENGES
Workshop on preparations for ANConf/12 − ASBU methodology
Workshop on preparations for ANConf/12 − ASBU methodology
Regulation (EU) No 2015/1136 on CSM Design Targets (CSM-DT)
ASSTAR Oceanic Session Summary
Concept of ADS-B via Satellite
ALLPIRG/4 MEETING PARTICIPANTS (Montreal , 8 February 2001)
Agenda Item 6 GNSS Operations Ross Bowie, NAV CANADA Rapporteur, Operational WG Navigation Systems Panel Thank you… Good morning… I am ... and member.
Ground System implication for ASAS implementation
Critical Infrastructure Protection Policy Priorities
ICAO EUR HLSC Preparatory Seminar
Workshop on preparations for ANConf/12 − ASBU methodology
ATSEP training - general SJCS Latvijas Gaisa Satiksme (LGS) Latvia
Air Carrier Continuing Analysis and Surveillance System (CASS)
ASSTAR Project Overview & User Forum Objectives
Session – 4: Existing ICAO Standards relating to Air Traffic Control
Global Runway Safety Symposium
IS4680 Security Auditing for Compliance
Safety Risk Management (SRM) Process Overview
Transmitted by the expert from ISO
AMI Security Roadmap April 13, 2007.
Soren Dissing - EUROCONTROL
Workshop on preparations for ANConf/12 − ASBU methodology
Presentation transcript:

Safety & Security of future SATCOM based Aviation Data Links Paul Hampton April 2018

Contents Introduction to Datalink Safety and Security Challenges Current Approach The Future

Introduction to Datalink

Air Traffic Control Communications Voice is primary communications between controller and pilot Common voice channel for all aircraft in a sector Channels increasingly congested 4

Datalink Concepts Data communications HF / VHF + Satcom Air Traffic Services (ATS) Airline Operational Comms (AOC) 5

Datalink Services (CPDLC) (ADS-C) Controller Pilot Datalink Communications (CPDLC) Automatic Dependent Surveillance - Contract (ADS-C) 6

Smarter Skies

Iris Programme SATCOM based datalink service for Air Traffic Navigation Based on evolution of Inmarsat SwiftBroadband infrastructure Complements the terrestrial infrastructure initially Iris Precursor: 2018-19, Iris Service Evolution: 2028-29

Inmarsat SwiftBroadband (SBB) Higher capability & capacity Supports IP Data Services to 432kbps Standard voice channel VoIP Worldwide coverage via Inmarsat 4 SBB Safety Datalink + 2 channel voice Oceanic / remote airspace Location reporting built-in 9

Safety - What are we worried about? Datalink Separation Standards Loss of Separation Überlingen 2002

Security - What are we worried about? Many Claims about vulnerabilities and level of control achieved – often disputed

Iris High Level Architecture

Safety & Security Challenges

Safety Regulations demand that Iris Precursor is sufficiently Safe Essential Requirements Implementing Rules: Reg. (EC) No 29/2009 Common Requirements: Reg. (EU) No 1035/2011 There are established and mature processes & practices Safety concerning itself with unintended, unintentional, inadvertent functional behaviour (addressed by eg. CS-25.1309, SAM, ED-109A, DO-178C) “Protecting the people from the system”

Safety Process - Summary Operational Assessment Operational Safety Assessment (OSA) Safety & Performance Reqs (SPR) System Definition System Functional Hazard Assessment (FHA) Safety Objectives and Requirements Hazards Severity Classification Failure Conditions System Design Preliminary System Safety Assessment (PSSA) Product Assurance Mitigations System Requirements Assurance Approach System Design and Architectural Components System Implementation & Operation System Implementation System Safety Assessment (SSA) Verification Evidence

Safety Assessment The highest severity class for Iris is SC4 (Minor) Safety objective: detected 1x10-3 pfh Minor (SC4) Safety objective: undetected 1x10-5 pfh Major (SC3) Operational Layer SRs SRs ATSP/Aircraft Application Layer ATSP/Aircraft Hazard Detection Mechanism Hazards: Detected loss of capability (Availability) Hazards: Undetected loss of capability, corruption, unintended, interrupted Hazards: Detected corruption, unintended, interrupted (Integrity) ACSP Comms Service (Iris) The highest severity class for Iris is SC4 (Minor) SC3 related hazards mitigated by ATSP Assurance Level for Iris is ED-109A AL5

Security Regulations demand that Iris Precursor is sufficiently Secure Essential Requirements Implementing Rules: Reg. (EC) No 29/2009 Common Requirements: Reg. (EU) No 1035/2011 There are established and mature processes & practices Security concerned with protecting confidentiality, integrity and availability of the system from unauthorised interaction (eg. ISO2700X) “Protecting the system from people”

Security Process - Summary Establish Context Security Scope Definition and Policy System Security Requirements Identify, Analyse, Evaluate Risk Security Risk Assessment Security Objectives and Requirements Threat Risk Classification Compromise Method Security Risk Treatment Treat Risk (Design) Product Assurance Measures System Requirements Assurance Approach System Design and Architectural Components Treat Risk Implementation & Operation System Implementation Security Verification Verification & Effectiveness Evidence

Security From the Security Analysis The highest Impact Level for security is ‘Moderate’ as effects are comparable to SC3 (Major) based on the Operational Safety Assessment cf. safety impact of compromising communication integrity (eg. controller masquerade) Security risks mitigated through appropriate security measures with effectiveness assured to a level commensurate with ‘Moderate’ impact

Safety & Security Historically separate disciplines but are now being brought together eg. ED-202A (2014) - Airworthiness Security Process Specification for airborne systems But no clear industry methodology on how to bring safety and security together for ground system

Current Approach

Interpretation of ED-202A for Ground No current standards/guidance for combined safety and security for ground systems ED-202A is relevant but intended for airborne systems Common guidelines can be drawn from ED-202A # Guideline Section 1 Establish differentiated but interacting security and safety processes 2.1.3 2 Maintain overall consistency by ensuring the security process considers outputs of the safety assessment processes 3 Threat conditions having an identical safety effect as a previously identified failure condition shares its severity 2.2.1.1 4 Security requirements are subject to the same development requirements and assurance actions as other safety related mitigations 2.1.2

Integrated Safety and Security

Combined Safety & Security - Implications From the Safety Analysis The highest severity class for Comms Service Provider is SC4 (Minor) Development Assurance Level for Comms Service is ED-109A AL5 From the Security Analysis The highest Impact Level for security is ‘Moderate’ as effects are comparable to SC3 (Major) based on the Operational Safety Assessment Challenge is with Assurance: ED-202A Guideline 4: Security requirements are subject to the same development requirements and assurance actions as other safety related mitigations

Interpreting ED-202A Guideline 4 Security requirements are subject to the same development requirements and assurance actions as other safety related mitigations One interpretation of this is that Security Measures addressing SC3 hazards must be developed to ED-109A AL3 (SC3, Major impact) , however: Likely precludes use of industry certified security COTS products Duplicates assurance activities already required to assure security measures Does not specifically improve the security of the solution Another interpretation is to apply security verification techniques that are commensurate with the impact level (as informed by safety criticality) Applies a level of verification rigour commensurate with risk Security verification activities are more effective in assuring the security measures Use of certified products leverages independent security verification, history etc Safety Assurance Level based verification applied to residual risk

Safety & Security Integration Approach ISP Service Management Enhanced Inmarsat SSB Service Management Systems PKI Systems SwiftBroadband Service Security Barriers Aero Rack Aero Ground Gateway Secure VPN Ground Security Gateway Air-Ground Router Key Security Assurance commensurate with SC3 ED-109A AL5 (SC4) ED-109A AL5 (SC4) alternative means 26

The Future

Existing and Future Relevant Standards Existing Aviation standards ED-202A - Airworthiness Security Process Specification ED-203 - Airworthiness Security Methods And Considerations ED-204 - Information Security Guidance For Continuing Airworthiness Future Aviation standard ED-203 revision A ED-205 - Security accreditation of ATM systems Other challenges Remotely Piloted Aircraft System Command and Control ATN Baseline 3 (full 4D)

Our commitment to you We approach every engagement with one objective in mind: to help clients succeed

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.