Managing cybersecurity risks in ATM in the face of digitalisation

Air Traffic Management (ATM) is undergoing a significant transformation as digital solutions are replacing paper and hard-wired systems. In order to reduce cybersecurity risks in the face of increasing digitalisation, a proactive and systematic approach must be adopted, based on sound risk management principles and practices.

The ATM world is undergoing exponential change in terms of digital transformation. There are significant benefits to embracing digital solutions, but operators must also be prepared for the challenges and risks these pose, particularly when it comes to cybersecurity.

Navigating cybersecurity threats

Digitalisation increases the exposure of ATM systems and data to cyberattacks, such as hacking, malware, denial-of-service, and jamming of satellite navigation signals. But cybersecurity risks do not necessarily originate from a malicious attack – they can also be caused by human error.

The focus of implementing cybersecurity controls is about keeping systems operational and secure – vital for ensuring the ATM infrastructure functions as it should.

Cyberattacks can disrupt or manipulate ATM functions, such as surveillance, navigation, and decision support, resulting in degraded performance, or loss of service, and ultimately passenger safety.

They can also affect the trust and confidence of ATM stakeholders in the reliability of digital solutions – whether air traffic service providers, airlines, airports, or regulators – ultimately leading to a reluctance to adopt digital solutions.

Four key components of a risk management strategy

The transition from paper and hard-wired systems to digital solutions in ATM is not a simple or straightforward process. Managing the cybersecurity risk involves technical, operational, organisational, and regulatory aspects that need to be carefully considered and coordinated.

To do so successfully, we must consider the entire ATM system and its interactions with the external environment – right from initial design to implementation and beyond. It must be a continuous and dynamic process that adapts to the changing nature and complexity of cyber threats and digital solutions.

Here, we explore four key components to consider as part of a cybersecurity risk management strategy in ATM:

  1. Incorporate risk management in the design of ATM systems. Risk management should be an integral part of the system development life cycle, right from the initial concept design to the final deployment and operation – rather than an afterthought. This involves identifying and assessing potential cybersecurity risks and their impacts in order to implement appropriate mitigationManagaing Cycbersecurity measures for those which are not considered acceptable, such as encryption, authentication, redundancy, and backup. It also involves testing and validating the system's functionality, security, and recovery in case of an attack, as well as monitoring and auditing the system’s performance and compliance. Only then can we ensure integration of cybersecurity requirements in any ATM system design. The Civil Aviation Authority of Singapore (CAAS) is a great example of the development and implementation of a comprehensive cybersecurity framework for ATM, covering governance, strategy, policy, and operations. The framework also includes a cybersecurity centre, which monitors and responds to cyber incidents, and a cybersecurity lab, which conducts research and development on cybersecurity solutions.
  2. Assess the level of risk. The first step to taking action is being aware of the risks and assessing the likelihood and consequences of those risks. Once the risk level has been assessed, it should be compared to the acceptable level and if it’s determined as being too high, a decision must be taken on the mitigating measures required to reduce the level of risk. These measures might be proactive, defensive or reactive.One example of this is maintaining separate systems while enabling secure information exchange, to reduce the likelihood of an attacker being able to move between different systems. Airport operators can reduce the risk of cyberattacks by having different systems ‘live’ in different segments of the network for different ATM functions, such as surveillance, communication, navigation, and decision support. This reduces the interdependencies of the systems and limits the potential damage and propagation of cyberattacks. One great example of this in practice is the Single European Sky ATM Research (SESAR) project, which is a collaborative effort to modernise and harmonise the European ATM system. SESAR aims to develop and implement new digital solutions, such as remote tower services, trajectory-based operations, and system-wide information management. SESAR adopts a risk-based approach to cybersecurity, which involves identifying and prioritising the most critical and vulnerable ATM functions and applying appropriate risk mitigation measures.
  3. Strike a balance between people, processes, and technology. Cybersecurity is not just a technical matter – it also involves people and processes. Both preventative and corrective measures are important in cybersecurity and it’s essential that no piece of the puzzle is ignored. The balance of the mitigation measures required for people, processes, and technology will differ for different Managaing Cycbersecurity organisations – from minimising human error to implementing a robust incident response plan which is well-rehearsed and known by all relevant personnel. This ultimately helps ensure ATM infrastructure meets security requirements and is operationally robust and resilient, as well as avoiding extensive losses.
  4. Harmonising and adopting common standards. Digitalisation in ATM requires interoperability and compatibility between different systems, platforms, and stakeholders – both nationally and internationally. In risk management, this requires harmonising and adopting common standards, rules, and procedures. Common standards can also enhance cybersecurity by establishing minimum requirements and best practices for the protection of ATM systems and data. The aeronautical message handling system (AMHS) as defined by the ICAO, is one digital solution for the exchange of aeronautical messages between air traffic service providers. AMHS uses encryption, authentication, and digital signatures to ensure the security, authenticity, and integrity of the messages. It also uses a common protocol and format to ensure the interoperability and compatibility of the messages.

Taking a proactive and systematic approach

Digitalisation in ATM is inevitable and irreversible, as it offers significant benefits for the efficiency, safety, and capacity of air traffic operations. However, it also introduces new challenges and risks which must be considered in managing cybersecurity risks – in ATM the stakes are high.

Cyberattacks can compromise the functionality and security of ATM systems and data and can have severe consequences for air traffic safety and operations.

It is therefore essential to adopt a proactive and systematic approach to managing cybersecurity risks in ATM, based on sound risk management principles and practices. There are numerous examples of this already being done successfully in the ATM industry, and the results speak for themselves. By adopting a proactive approach, ATM stakeholders are already leveraging the opportunities and advantages of digitalisation, while reducing the likelihood and consequences of potential threats to an acceptable level – and we must continue to do so.

 

References

  1. EUROCONTROL (2019). Cybersecurity in ATM. Retrieved from [URL]
  2. ICAO (2019). Cybersecurity Strategy for Civil Aviation. Retrieved from [URL]
  3. SESAR (2020). Cybersecurity. Retrieved from [URL]
  4. CAAS (2020). Cybersecurity in Air Traffic Management. Retrieved from [URL]