Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Trends in the Safety-Oriented Aviation World

Published byBetty Tyler Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Trends in the Safety-Oriented Aviation World"— Presentation transcript:

1 Security Trends in the Safety-Oriented Aviation World
Aviation Cyber Security Summit, London John HIRD PhD CEng Air Traffic Management Security Specialist, EUROCONTROL 21st November 2017

2 Topics Addressed The Air Traffic Management (ATM) System is evolving; its security posture is changing as a consequence Security and Safety need to work together; the potential impact of a Security incident on Safety and other performance areas must be minimised The regulatory environment places a number of security requirements on ATM European ATM security research programmes are summarised Short, medium, and long-term trends are identified from the legal requirements and research activities

3 Air Traffic Management (ATM) in Europe

4 enter your presentation title
EUROCONTROL : The European Organisation for the Safety of Air Navigation EUROCONTROL Member States (41) EUROCONTROL & EU EUROCONTROL but not EU 2 Comprehensive Agreement States: Israel and Morocco 4 enter your presentation title

5 ATM Today in Europe EUROCONTROL
41 Member States, typically each with its own ANSP Approximately 64 Area Control Centres (ACC) Over 700 sectors when at full capacity Approx. 17,000 Air Traffic Controllers Approx. 41,000 other staff Total Employees 58,000 Total revenue B€8/year ICAO: The contracting States recognise that every State has complete and exclusive sovereignty over the airspace above its territory.

6 Air Traffic in Europe IFR traffic in Europe
25 -10% -5% 20% Flights in Europe (Million) Annual Growth 2035 2030 2020 2015 2010 2005 2000 1995 1990 1985 1980 1975 1970 1965 1960 2025 15 20 10 5 -5 IFR traffic in Europe historical figures forecast 0% 15% 10% 5% 25% 30% 35% 40% 45% 50% Annual Growth Forecast Trafic Long-Term Trend Long-Term Average Growth Actual Traffic

7 Security in Air Traffic Management (ATM)

8 ATM Security within Aviation Security
Airport Security Safeguarding of the airport Aircraft Security Safeguarding of the aircraft Airspace Security Safeguarding of the airspace Air Traffic Management (ATM) Security Safeguarding of the ATM System Collaborative support to national / Pan European aviation security incident management

9 ATM System Assets – What Are We Trying to Protect?
Information Systems Service Provision Physical: e.g. Communications, Navigation, Surveillance (CNS), ATM centres, ... Staff: Operational, Engineering, IT … Information: Operational, Historical Organisational: Financial, Reputation Staff CNS Systems ANSP Facilities Service Provision

10 ATM System Evolution

11 The Transition to the New System
Operational Concepts ASAS 4D More COTS Products CWP FDP RDP Tomorrow’s ATM System Evolution Today’s ATM System Transition Open Standards TCP/IP XML HTML More Inter- connected Systems SWIM AG GG More Data Sharing AIM CIA provenance

12 Information Sharing Today – One-to-one Connections

13 Information Sharing Tomorrow
Net-centric Information Viewpoint

14 Risk Evolution in the Changing ATM Environment
Risk = f (Impact, Likelihood) Drivers : increased hacking; criminality; State sponsorship; … Impact (severity) of attack on ATM Drivers : system interdependency; data sharing; geographical area Likelihood (probability) of attack on ATM 2010 2020 2030 Transition LIKELIHOOD How likely is the event RISK Combined likelihood and impact IMPACT How bad can the event be? 14

15 Impact Areas

16 Potential Consequences of an Attack – Impact Areas
Safety Stress, minor injury, …, fatality Personnel Breach of requirement Regulatory Reduction, loss Performance Financial loss Economic Reputation Branding Reduction, loss Capacity Impact on environment Environment

17 Safety versus Security
Concerned with human error, system failure, acts of god Concerned with intentional acts of unlawful interference Ease of access to users Restricted access Real-time system Controls may impact performance

18 ATM Security Regulation

19 ATM Security Regulations & Guidance
ATM Security Research Annex 17 amend. 13, 2013 EAFS Security Guide, 2014 2001 2005 2010 2016 Doc 8973 AVSec Manual Doc 9854 ATM Op Concept, 2005 Annex 17 amend. 12, 2011 (ATSP, cyber) Doc 9985 ATM Sec, 2013 (Secure design) Annex 17 amend. 14, 2014 Doc 8973 AVSec, Ed.9, 2014 Doc 8973 AVSec, Ed.10, 2017 EC 2096/2005, CR EC 1035/2011, CR EC 409/2013 Dir 2016/1148, NIS Dir 373/ 2017, CR Doc 30 AVSec, Ed 13, 2010 (Ch 13, ATM Sec)

20 What the Regulations & Guidance Tell Us
Perform Security Risk Assessments Implement Security Controls Detect Security Breaches IR (EU) 2017/373 Common Requirements Protect Personnel Protect Operational Data EstablishSecurity Management System Protect Facilities Protect Service Provision Vet Personnel Generate Alerts Mitigate Impact Recover Prevent recurrence Doc 8973 AVSec, Ed.10, 2017 Security Culture Security Training Security Vetting DIR (EU) 2016/1148 Security of Network and Information Systems Identify Operators Of Essential services Report Security Incidents Identify Critical Assets Designate CSIRTs Doc 9985 ATM Sec, 2013 Security by Design

21 ATM Security Research & Development

22 ATM Security Research in Europe – Key Examples
2001 Vision for 2020 2011 Flightpath 2050 SRIA 2017 2017 2016 SESAR 2020 In 2000 the importance of aviation was recognised in Europe and consequently Commissioner Philippe Busquin invited Personalities from key stakeholders to agree on how aviation could better serve society’s needs and become a global leader in the field of aeronautics. The result was the “European Aeronautics: A vision for 2020” report, which was published in January 2001. The Group of Personalities also agreed to establish a new Advisory Council for Aeronautics Research in Europe (ACARE) to develop and maintain a Strategic Research Agenda (SRA) that would help achieve the goals of Vision ACARE was launched at the Paris Air Show in June 2001 and attracted over 40 member organisations and associations including representation from the Member States, the European Commission and stakeholders: manufacturing industry, airlines, airports, service providers, regulators, research establishments and academia. There is a vigorous programme of Aeronautics and Air Transport research, which is already delivering important initiatives and benefits for the aviation industry, including: EU collaborative research in Aeronautics and Air Transport (EC’s Framework Programme research FP6, FP7 and Horizon 2020), the Clean Sky Joint Technology Initiative, the SESAR Joint Undertaking, national programmes in many Member States and research establishment as well as private company programmes. To date, ACARE has made significant contribution towards the overall goals on Vision 2020 and examples of successful research are detailed in “ACARE Success Stories: benefits beyond aviation” published in March 2011. Over the same period a number of boundary conditions changed that prompted ACARE members to reconsider the sufficiency of the existing Vision 2020 with the view to extend it to a new horizon towards 2050 Flightpath 2050 – Europe’s vision for aviation : Maintaining global leadership and serving society’s needs.. - Meeting Societal and Market Needs - Maintaining and Extending Industrial Leadership - Protecting the Environment and the Energy Supply - Ensuring Safety and Security - Prioritising Research, Testing Capabilities and Education 2006 SESAR Anticipating future research needs ACARE OPTICS Analysing current research programmes OPTICS2 Integrating security into R&D, deployment

23 European Aeronautics – A Vision for 2020
Meeting society’s needs and winning global leadership” Report of the Group of Personalities January 2001 Establishment of ACARE (Aviation Council for Aeronautics Research in Europe) Launched at Paris Air Show, June 2001 40 members - European Commission, Member States, manufacturing industry, airlines, airports, service providers, regulators, research establishments and academia Goal to development and maintain the Strategic Research Agenda (SRA)

24 Flightpath 2050 “Flightpath 2050 – Europe’s Vision for Aviation”
Report of the High Level Group on Aviation Research 2011 Presented at Aerodays, Madrid Flightpath 2050 Goals : 1. Meeting Societal and Market Needs 2. Maintaining and Extending Industrial Leadership 3. Protecting the Environment and the Energy Supply 4. Ensuring Safety and Security 5. Prioritising Research, Testing Capabilities & Education

25 ACARE SRIA (Strategic Research & Innovation Agenda)
“Strategic Research & Innovation Agenda (SRIA)” 2017 Update Identify short (2020), medium (2035), and long term (2050) Research and Innovation actions To reach Flightpath 2050 goals SRIA Components Executive Summary : For Decision Makers Volume 1 : For Policy Makers Volume 2 : For Research & Innovation Actors Working Group 4 (WG4) : Ensuring Safety and Security

26 ACARE WG4 – Key Points of SRIA 2017 Update
Major update on Security content Security Action Areas Collaborate for Security Engage Aviation Personnel and Society for Security Build and Exploit Security Intelligence Ensure Operational Security Design, Manufacture and Certify for Security Parallel approach taken for Safety & Security Exploitation of synergies, closer integration key Timescales for security are short Aim for integration with other transport modes

27 OPTICS (Observation Platform for Technical and Institutional Consolidation of Safety Research)
Overview of EU Safety-related research and innovation activities Assess contribution of research towards achieving ACARE Flightpath 2050 goals Evaluate societal & market impact of Safety research Provide strategic recommendations on research avenues OPTICS2 ( ) Commenced November 2017 Scope enlarged : Safety and Security

28 SESAR (Single European Sky ATM Research programme)
Technological pillar of Europe’s Single European Sky (SES) initiative Coordinates EU R&D activities in R&D; ~300 experts involved Pools public and private R&D to advance SES SESAR 2020 ( ) Commenced November 2017 Budget €1.5 Billion (EU – €500Million; remainder from industry & EUROCONTROL)

29 Trends in ATM Security

30 Trends in ATM Security Risk Management
Address security at all stages of the life-cycle Design-in security from the beginning Apply a holistic approach to security Apply a common or harmonized approach Establish a common, minimum level of security across system From concept development through to decommissioning Retrofitting can be expensive, time-consuming, not feasible Assets to protect include people, information, infrastructure, … Enable the sharing, comparing, and aggregation of results Potential adversaries will exploit the weakest link

31 Trends in ATM Security Risk Management (2)
Integration of Safety and Security Development of a Security Culture Innovations in Monitoring Harmonized Vetting of Personnel Secure sharing of Security Information Benefit from synergies; address conflicting requirements Awareness, training, development of personnel Remote, non-intrusive, behavioural analysis Common across ATM system Real-time, multiple sources; early warnings, alert mechanisms

32 Trends in ATM Security Risk Management (3)
Forensic Analysis of security events Door-to-door security Manufacture and Test Security Certification Post-incident information acquisition and analysis information Integration with other transport modes (4 hour limit) Supply-chain security; testing via modelling and simulation Systems certified to recognised security standards

33 The Stairway to the Security Nirvana
Incidents : Collaborative Response, Recovery Incidents : Share Information System-wide Common Minimum Security Level Trust Framework Share Assessment Results Perform Risk Assessments Tool Support Mitigate Risks Minimum Security Level Security Awareness Security Training Security Workshops Security Culture Development Compatible Security Risk Assessment Approach Compatible Standards, Guidelines Security / Safety Interface Vision R&D Security Policy Security Management System Security by Design Holistic Approach

34 Examples of Longer Term Trends (ACARE SRIA 2017)
Inter-modal Security Governance & Management Inter-sector Security Governance Collaborate Safety &Security Integration 2025 2035 2050 Engage Personnel & Society Develop Security Culture Advanced People-Monitoring means to identify Threats & Vulnerabilties System-wide Security Radar Multi-modal Security Radar Exploit Security Intelligence System-wide Horizon-scanning Multi-modal Horizon-scanning Advanced Forensic Analysis Ensure Operational Security System-wide SOCs Inter-modal SOCs Inter-sector SOCs Security Performance Monitoring Secure Info Exchange Inter-modal Info Exchange Design, Manufacture, Certify for Security Secure design Methods, Tools, … Model, simulate security performance Security, Safety, HF Dependencies Architectures for Security Security Performance Verification, Validation, Certification Security Performance Estimation, Prediction during Design

35 Supporting Material SESAR / SESAR 2020 ATM Security Reference Material
EUROCONTROL ATM Security Training SEC-LEX – Regulatory Framework SEC-MS – Management Systems SEC-CYBER – Cyber Security Cooperating with ICAO in development of ICAO training course - “Fundamentals of ATM Security” EUROCONTROL ATM Security Guidance Material Security Management Handbook Security Risk Management Toolkit SESAR Security Reference Material EUROCONTROL EATM-CERT Stakeholder Workshops (ANSPs, NSAs, AA, Military, CAAs, …) Tailored to stakeholder needs (All based on international standards : ISO 2700X; 27035; 29331; …) Management review Checking & corrective action Implement- ation & operation Security risk assessment & planning Policy Security System

36

37

Download ppt "Security Trends in the Safety-Oriented Aviation World"

Similar presentations

SAFETY MANAGEMENT WORKSHOP

SAFETY MANAGEMENT WORKSHOP
© Integra A/S SAFETY MANAGEMENT WORKSHOP Karachi - January 2006 PRESENTERS: PETER THORSEN STEFAN REIB.

© Integra A/S SAFETY MANAGEMENT WORKSHOP Karachi - January 2006 PRESENTERS: PETER THORSEN STEFAN REIB.
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Transport TEN-T 2012 Calls for Proposals Info Day SESSION 2 MULTIMODAL AND CROSS-CUTTING PRIORITIES AIR TRAFFIC MANAGEMENT Unit Single European Sky - DG.

Transport TEN-T 2012 Calls for Proposals Info Day SESSION 2 MULTIMODAL AND CROSS-CUTTING PRIORITIES AIR TRAFFIC MANAGEMENT Unit Single European Sky - DG.
17th February 2004: Slide 1 DG Transport and Energy OATA Workshop 17th February 2004 European Commission OATA and the Single European Sky.

17th February 2004: Slide 1 DG Transport and Energy OATA Workshop 17th February 2004 European Commission OATA and the Single European Sky.
ACG Workshop, 17 Feb 2004 – OATA project The European ATM 2000+ Strategy and the need for a Target Architecture ACG Workshop, 17 February 2004 Bernard.

ACG Workshop, 17 Feb 2004 – OATA project The European ATM Strategy and the need for a Target Architecture ACG Workshop, 17 February 2004 Bernard.
CIRAS PROJECT OVERVIEW

CIRAS PROJECT OVERVIEW
NZ’s STATE SAFETY PLAN W hat the CAA has to do to implement its SMS CAA/AIA/GAPAN South Pacific Aviation Symposium on SMS Simon Clegg General Manager -

NZ’s STATE SAFETY PLAN W hat the CAA has to do to implement its SMS CAA/AIA/GAPAN South Pacific Aviation Symposium on SMS Simon Clegg General Manager -
GAMMA Overview. Key Data Grant Agreement n° 312382 Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget: 14.837.981.

GAMMA Overview. Key Data Grant Agreement n° Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget:
Enav.it Session 3 Steps towards the SESAR deployment and the ATM system modernisation.

Enav.it Session 3 Steps towards the SESAR deployment and the ATM system modernisation.
6th Framework Programme Thematic Priority Aeronautics and Space.

6th Framework Programme Thematic Priority Aeronautics and Space.
International Civil Aviation Organization Collaborative Decision Making (CDM) Saulo Da Silva Workshop on preparations for ANConf/12 − ASBU methodology.

International Civil Aviation Organization Collaborative Decision Making (CDM) Saulo Da Silva Workshop on preparations for ANConf/12 − ASBU methodology.
Advisory Council for Aviation Research and Innovation in Europe Core Presentation ACARE Communications Group March 2014 2-Aug-15 1.

Advisory Council for Aviation Research and Innovation in Europe Core Presentation ACARE Communications Group March Aug-15 1.
The European Organisation for the Safety of Air Navigation Ian Middleton, Deputy Director EUROCONTROL - Directorate Single Sky Amsterdam, 27 April 2012.

The European Organisation for the Safety of Air Navigation Ian Middleton, Deputy Director EUROCONTROL - Directorate Single Sky Amsterdam, 27 April 2012.
SESAR Single European Sky Air traffic management Research

SESAR Single European Sky Air traffic management Research
Isdefe ISXXXX-090000-1XX 5.10.2010 Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
Enav.it Channelling Finance and Innovation to Industry Steps towards the Air Traffic Management system modernisation.

Enav.it Channelling Finance and Innovation to Industry Steps towards the Air Traffic Management system modernisation.
Gzim Ocakoglu European Commission, DG MOVE World Bank Transport Knowledge and Learning Program on Intelligent Transportation Systems (ITS), 24/06/2010.

Gzim Ocakoglu European Commission, DG MOVE World Bank Transport Knowledge and Learning Program on Intelligent Transportation Systems (ITS), 24/06/2010.
Regional ATFM in Europe

Regional ATFM in Europe
Can our ATM systems cope?

Can our ATM systems cope?

Similar presentations

Ads by Google