ATM security is a discipline developed by EUROCONTROL and NATO in the aftermath of the 9/11 attacks. The two organisations set up the NEASCOG (NATO EUROCONTROL ATM Security Coordinating group), where all ATM stakeholders, civil and military, come together to discuss threats and agree implementation strategies to mitigate them.
The NEASCOG is holding its 45th meeting on 14 March 2018. Over its lifetime it has provided support to Member States and stakeholders, for example by delivering strategies,policies, guidance and tools in key performance areas such as:
- Airspace security incident management.
- Resilience of ATM infrastructure, data and networks.
- Risk management.
- Threat information sharing.
- Confidentiality of State aircraft flights.
- Conflict zones.
- Cyber security, etc.
The original NEASCOG concept for ATM security was subsequently adopted by other organisations, i.e.:
- SESAR (Single European Sky ATM Research) during its definition phase in 2005.
- ICAO: Annex 17 (Security) included a SARP for ATM security (12th amendment); the Aviation Security Manual (Doc 8973) was further updated; the Circular 330 on Civil Military Cooperation in ATM (published in 2011), included a chapter on ATM security; and finally at the beginning of 2013 the Air Traffic Security Manual was published, including the agreed global definition of ATM security.
- ECAC, the European Civil Aviation Conference, which included ATM security as Chapter 13 within its Doc 30 (guidance for aviation security).
- Last but not least, in 2013 CANSO set up the ATM Security Working Group.
In general terms, it can be concluded that the understanding and implementation of ATM security has remained consistent since the NEASCOG developed its concept in 2002. A key milestone to date was the publication of the ICAO ATM Security Manual in 2013. This manual should be the reference for all stakeholders addressing the upcoming security challenges for ATM.
The ATM system is steadily moving from old analogue proprietary systems towards an e-ATM, dependent on digital technologies, use of COTS (commercial of the shelf) products, network-centric operations with extensive use of Internet, open standards, use of UAS, e-enabled aircraft, cloud services and in the long term use of AI (artificial intelligence).
There are undisputable advantages associated with this migration of ATM; but at the same time a number of new risks will also be introduced. The risk profile of aviation and ATM will certainly be higher with regard to the so called ‘mal-space’ and the malicious use of UAS.
The threat and risk landscape may materialise in the form of possible attack scenarios against the integrity and availability of ATM data and systems, with an impact on safety, capacity and service continuity, e.g.:
- Avionics hacking.
- Denial of service by jamming or spoofing CNS signals, data or systems, e.g. surveillance data processing systems, data link communications or GPS.
- Corruption of CNS data integrity.
- UAS as a weapon, including swarm attacks against aircraft or infrastructure.
- And we should not exclude unknown unpredictable threats which may at any moment target the ATM system (as was the case with 9/11).
To mitigate these threats the ATM system must build capabilities in order to provide a joint global comprehensive system response based on a professional approach to security, as explained in the paragraph below.
The way ahead
Despite some pessimistic literature about the imminent major strikes in store for aviation and ATM, the ATM community should neither panic nor underestimate the potential threat. Risks can be managed. However, to do so, a professional approach to risk management is required, including the following three steps:
- Threat and risk assessments. The ICAO Threat and Risk Working Group (TRWG) is doing excellent work in this regard, including the delivery to Member States of a yearly risk context statement (RCS). The NEASCOG and EUROCONTROL are contributing to this work, taking care of the CNS cyber and airspace related threats.
- Improve global situation awareness and understanding on credible realistic threats, associated risks, vulnerabilities and cost-effective risk mitigation.
- Harmonised implementation of the agreed risk mitigation measures.
The three-step process depicted above cannot be carried through in isolation; a joint effort is needed, including international collaboration among regulators, manufacturers, operators (ANSPs, Aircraft Operators, Airports), standardisation organisations and R&D institutions.
In this regard, it should be noted the excellent cooperation already existing between EUROCONTROL and ICAO EUR/NAT Regional Office, in the context of the EUR/NAT AVSEC GROUP (ENAVSECG).
A final word goes to human factors; training the humans is key in security. Education, awareness, training and exercises are essential for a successful security management. EUROCONTROL is providing awareness and training on ATM security since 2008.
Antonio Nogueras is the Head of the Air Traffic Management Security Unit at EUROCONTROL (the European Organisation for the Safety of Air Navigation). The Unit’s work programme focusses on enhancing current levels of Air Traffic Management security through international collaboration and implementation support to Member States and stakeholders.
For more information visit http://www.eurocontrol.int/training-courses, training catalogue.
This article was originally written for the ICAO EUR/NAT Office’s Newsletter (Issue 3) on May 2018. A full list of their newsletters can be found here.