Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity CONOPS IFATSEA´s perspective

Published byElijah Rodgers Modified over 7 years ago

Similar presentations

Presentation on theme: "Cybersecurity CONOPS IFATSEA´s perspective"— Presentation transcript:

1 Cybersecurity CONOPS IFATSEA´s perspective
Carlos Viegas - IFATSEA Technical Director Europe - Future Systems Chairman Eurogroup – Montenegro 2017

2 Moving towards a new era with new technologies and concepts
….but evolving from the present reality, existing systems. So IFATSEA´s Cybersecurity CONOPS proposes: Integrated RPAS Communication and Control ( UTM ) (UAV or Unmanned Air System Traffic Management ) Systems . Remotes Towers and enhanced reality systems and technologies. PBN - ADS-B – Data Link. 4D Trajectories MLAT Existing Systems interfaces. Required navigation performance (RNP) extends the capabilities of modern airplane navigation systems by providing real-time estimates of navigation uncertainty, assurance of performance through its containment concepts, and features that ensure the repeatability and predictability of airplane navigation. This precise characterization of airplane performance is key to designing more efficient airspace routes and procedures. Performance-Based Navigation (PBN) Information related to the use of Area Navigation (RNAV) Standard Instrument Departures (SIDs), RNAV Standard Terminal Arrivals (STARs), and Required Navigation Performance Authorization Required (RNP AR) Approaches. Integrates arrival, departure, and surface (IADS) concepts and technologies A-SMGCS (Advanced Surface Movement Guidance & Control System) is a system providing routing, guidance and surveillance for the control of aircraft and vehicles in order to maintain the declared surface movement rate under all weather conditions within the aerodrome visibility operational level (AVOL) while maintaining the required level of safety. (ICAO Doc 9830: Advanced Surface Movement Guidance and Control Systems (A-SMGCS) Manual).

3 Description of Concept What is it in depth?
The document describes a high level architectural approach to addressing the cybersecurity issue for ANSPs for short and mid-term. The architecture is aimed at bridging the gap of the lack of specific tools and measures, addressing the integration of cybersecurity in a complex system of systems such as SESAR , NextGen and others in a global perspective. It provides elements for a long term approach so as to transform and standardize the monitoring of critical technical system processes achieving a predictive system awareness in terms of its health, status, both at the level of service provided but also critically in terms of cybersecurity as well. It is in a mid term perspective scalable, evolutive and future proof.

4 Description continued..
The IFATSEA Human centered approach takes into account the particularities of the CNS/ATM environment and the safety and time criticality of ANS services. This is not addressed as a purely IT Security project , as would be the temptation in using existing technologies in other fields, but with a holistic approach encompassing Airspace related, IT related and Infrastructure/installations or access control systems tailored to the ANS environment and in particular real time response requirements. In SESAR, NextGen and similar systems we deal with a Sociotechnical System of Systems, it will be very difficult to address issues like cascade failures which are a potential reality due to the tight coupling, interoperability and interrelation of the multitude of new processes.

5 CONOPS dissemination IFATSEA has presented the Cyber-SMC Technical Supervision Concept at the ICAO Assembly 2016 Agenda Item 36: Aviation safety and air navigation implementation support with the title “A CYBERSECURITY ARHCITECTURAL APPROACH FOR LEGACY- AND SWIM-BASED CNS/ATM SYSTEMS” , (A39-WP/370) A 25 page original CONOPS description was first submitted to SJU in 2016. The concept was further presented to ENISA in 2016 together with input for the ENISA study on Smart airports.

6 Cyber security in CNS/ATM
The issue of Cybersecurity for ATM is complex as it also includes the physical security at local and remote CNS mission critical installations, the networking elements (space and ground) , the ATM specific attack vectors e.g on Surveillance (i.e spoofing), jamming of space navigation or RPAS, etc. Cross border events and actions represent an new and as yet unapproached scenario. IFATSEA proposes a Technical Supervision (SMC*) model that refers to a beyond state of the art concept of an event object, interfacing with individual systems (or Service providers (e.g SWIM, Datalink)) and displaying their health status with predictive capabilities based on specific sensors (s/w and h/w) activity in the SMC domain (ref. NextGen) This architectural element will provide an interoperable ANSP (level) Total systems situational awareness , including Cybersecurity capability, in a cost effective way. It will be capable of addressing legacy and SWIM based systems and processes. * The CDM regulation already requires an SMC implementation for monitoring the performance of the systems in terms of EC 1035/2011 for accuracy integrity etc.

7 Principles of Concept design
The event effect must not reach the Controller or Pilot (if at all possible) (Note: Navigation info is transmitted directly to the pilot). We consider that when this happens the systems has failed. Cybersecurity events are treated as any other technical event. These events are not only IT but may include physical elements such as ‘signal in space’ , RPAS , DoS, or procedures. ATSEP on duty must have the tools and training to distinguish whether the event is technical failure or security (*this will require research and standardization activity) Concepts such as Remote towers must integrate C&C in SMC/Cyber (concept must be future proof including new Business models and Service Oriented Architecture). Cyber-attack vector and pattern recognition and analysis is done locally and integrated in a Pan-European image or global image although at different levels.

8 EU Framework ensuring Cybersecurity in ATM

9 Legacy and SWIM based SMC of CNS/ATM systems for ANSPs
ATSEP Cybersecurity specialist on duty

10 Cybersecurity Complex Events Analysis

11 Cybersecurity Event Handling

12 ATSEP SMC Cybersecurity Functions

13 Impact on ATSEP Training
CNS Domains specialists receive Cybersecurity training. Cybersecurity specialist receives CNS training as well. Need to change training requirements for ATSEP.

14 Technical description and operation
A cybersecurity related event, is considered as any other event, taking of course into account the type may be of a transversal nature, impacting more than one process or service in the ANS environment. (*….Cascade failures) The system’s technical health events including Cyber events will feed a Complex Event Processing (CEP) to be implemented at Local ANSP level. According to the Cyber and System’s health related predefined criteria (rules), the outcome of this CEP has to be treated accordingly and in any case as close as possible to real time. Cyber threats or suspicious activities or patterns of activities detected will be immediately addressed locally and communicated to a higher level (National) or further through to supranational entities.

15 Beyond the state of the art
IFATSEA proposes the definition of a System Health SMC Object* to be researched. This object will integrate a Security Data Object so as to build up a continuous holistic picture of the ‘real time’ system status, leading to an in depth system wide awareness. The filtered output of the events created by these objects will be displayed on the screen of the ATSEP Technical working position on duty supported by decision making tools*. The Complex Event Processing & Analysis will be incorporated incrementally into ATSEP SMC duties, making it very cost effective. Designing systems with Cybersecurity in mind from the onset, enhanced with SMC_SEC Object* within a SMC_XML object over secure protocols will constitute a paradigm shift and create a robust Cybersecurity Capability for ANSPs. *not existing today.

16 IFATSEA High level abstract model of ANSP SMC_SEC INTEROPERABILITY

17 ANSP SMC_SEC for SMC_CYBER Ops
3 2 1

18 The SWIM based ATM information exchange concept
SMC_SEC Object* within a SMC_XML

19 MAIN POINTS on the Human element
One thing is for sure, all these new concepts are not without challenges for all the ATM actors. However, ATSEP will require to run the Legacy systems until 2020 while working towards the implementation and integration of all these new systems. There will be: New roles/duties and competences for ATSEP, driven by the new technologies and automation. New teaching disciplines to fulfill these new competencies. Security and integrity wise, resilient systems , together with trained and competent personnel (ATSEP & ATCO) in order to avoid situations that will impact safety and damage the image of aviation industry. For Patrik Peters, president of the International Federation of Air Traffic Controllers (IFATCA), these differences in physical layout and procedures make cross-training controllers across multiple airports, “challenging to say the least.” The organization states in a position paper that managing multiple airports, “can lead to a fragmented situational awareness, causing misunderstandings, mix-ups and other working errors, thus having the potential to significantly decrease the safety of operations.” The Association also worries that such operations “may negatively affect the controllers’ performance and lead to safety hazards.” Multiple remote towers create the potential for “location error”—namely thinking you are controlling one airport, when in fact you are managing another, says Nadine Sarter, a University of Michigan professor of industrial and operations engineering. This can happen when a controller switches back and forth between managing different airports at different times. A controller may spend the first day of the workweek managing one airport and switch to a different airport on the second day. Following the switch, confusion can arise as the controller loses sight over which airport is current, says Sarter, who teaches courses in cognitive ergonomics and organizational safety. Another scenario Sarter envisions is one where a controller is aware of which airport is being managed but mistakenly apply procedures intended for the other. To IFATCA’s Peters, such errors can have a profound impact on safety.

20 SMC_SEC ATSEP Training Reference

21 Road to Acceptance Need for Case Study – It´s uncharted territory, so how ? Too many unfinished studies today, very little coherence, how we achieve this coherent picture of what is being done? How will context for application change in the near future ? Next step ? For Patrik Peters, president of the International Federation of Air Traffic Controllers (IFATCA), these differences in physical layout and procedures make cross-training controllers across multiple airports, “challenging to say the least.” The organization states in a position paper that managing multiple airports, “can lead to a fragmented situational awareness, causing misunderstandings, mix-ups and other working errors, thus having the potential to significantly decrease the safety of operations.” The Association also worries that such operations “may negatively affect the controllers’ performance and lead to safety hazards.” Multiple remote towers create the potential for “location error”—namely thinking you are controlling one airport, when in fact you are managing another, says Nadine Sarter, a University of Michigan professor of industrial and operations engineering. This can happen when a controller switches back and forth between managing different airports at different times. A controller may spend the first day of the workweek managing one airport and switch to a different airport on the second day. Following the switch, confusion can arise as the controller loses sight over which airport is current, says Sarter, who teaches courses in cognitive ergonomics and organizational safety. Another scenario Sarter envisions is one where a controller is aware of which airport is being managed but mistakenly apply procedures intended for the other. To IFATCA’s Peters, such errors can have a profound impact on safety.

22 Thank you for your attention
END Thank you for your attention questions?

Download ppt "Cybersecurity CONOPS IFATSEA´s perspective"

Similar presentations

SIP/2012/ASBU/Nairobi-WP/19

SIP/2012/ASBU/Nairobi-WP/19
1 Marinus C. F. Heijl Acting Director Air Navigation Bureau ICAO 30 March 2007 SYMPOSIUM OUTCOMES AND THE WAY FORWARD.

1 Marinus C. F. Heijl Acting Director Air Navigation Bureau ICAO 30 March 2007 SYMPOSIUM OUTCOMES AND THE WAY FORWARD.
A PERFORMANCE BASED GLOBAL AIR NAVIGATION SYSTEM: PART II

A PERFORMANCE BASED GLOBAL AIR NAVIGATION SYSTEM: PART II
Jeffrey T. Williams Manager, RNAV & RNP Group Air Traffic Organization

Jeffrey T. Williams Manager, RNAV & RNP Group Air Traffic Organization
PETAL A major step Towards Cooperative Air Traffic Services Patrice BEHIER Manager of the Air/ground Co operative ATS Programme Directorate Infrastructure,

PETAL A major step Towards Cooperative Air Traffic Services Patrice BEHIER Manager of the Air/ground Co operative ATS Programme Directorate Infrastructure,
Mission Trajectory Step 1 From planning to deployment.

Mission Trajectory Step 1 From planning to deployment.
AIM Operational Concept

AIM Operational Concept
SC227 – SC214 ISRA – Datalink Interface. PBN Manual, Part A, Chapter 1 1.2.3 On-board performance monitoring and alerting 1.2.3.1 On-board performance.

SC227 – SC214 ISRA – Datalink Interface. PBN Manual, Part A, Chapter On-board performance monitoring and alerting On-board performance.
Presented to: MPAR Working Group By: William Benner, Weather Processors Team Manager (AJP-1820), FAA Technical Center Date: 19 March 2007 Federal Aviation.

Presented to: MPAR Working Group By: William Benner, Weather Processors Team Manager (AJP-1820), FAA Technical Center Date: 19 March 2007 Federal Aviation.
Area Nav: RNP Evolution

Area Nav: RNP Evolution
Study Continuous Climb Operations

Study Continuous Climb Operations
SESAR Single European Sky Air traffic management Research

SESAR Single European Sky Air traffic management Research
A Vision Based on Achievable Expectations Jack Howell Director / Air Navigation Bureau Agenda Item 1.

A Vision Based on Achievable Expectations Jack Howell Director / Air Navigation Bureau Agenda Item 1.
Programme Status ECTL AAB 15-16 February 2012. FACTS  A mature approach: 2500 contributors Release process organises the delivery cycle ATM Engineering:

Programme Status ECTL AAB February FACTS  A mature approach: 2500 contributors Release process organises the delivery cycle ATM Engineering:
Gdansk International Air & Space Law Conference November 2013 Authority and Organisation Requirements “effective management systems for authorities and.

Gdansk International Air & Space Law Conference November 2013 Authority and Organisation Requirements “effective management systems for authorities and.
Second ATM R&D projects Co-ordination and networking meeting 14 Nov 2007 Advanced Remote Tower - ART A concept study of Enhanced functionalities during.

Second ATM R&D projects Co-ordination and networking meeting 14 Nov 2007 Advanced Remote Tower - ART A concept study of Enhanced functionalities during.
Federal Aviation Administration Integrated Arrival/Departure Flow Service “ Big Airspace” Presented to: TFM Research Board Presented by: Cynthia Morris.

Federal Aviation Administration Integrated Arrival/Departure Flow Service “ Big Airspace” Presented to: TFM Research Board Presented by: Cynthia Morris.
APAC PBN Seminar F.LECAT (ICAO)

APAC PBN Seminar F.LECAT (ICAO)
Larry Ley | Digital Aviation | Boeing Commercial Airplanes

Larry Ley | Digital Aviation | Boeing Commercial Airplanes
Overview of the PBN Airspace Implementation Processes

Overview of the PBN Airspace Implementation Processes

Similar presentations

Ads by Google