Validating a European ATM Security System Architecture

The awareness about security threats and vulnerabilities in Air Traffic Management (ATM) has been steadily growing over the last years. The number of recent security research projects shows that the effort taken to close these vulnerabilities and to make air traffic more robust against security attacks is increasing in the same way. As Air Traffic Management is often done across national borders, related security incidents could affect several air navigation service providers and stakeholders in different nations at the same time. A quick and efficient exchange of security-relevant information as well as a multi-national level of security management is needed. In the frame of the Global ATM Security Management Project (GAMMA), several prototypic security systems were developed and designed as part of a European security management system architecture. This concept foresees a local, a national and a European level of security management while essential information is shared between those levels. In order to validate this approach, several real-time humanin-the-loop simulations were conducted in the first half of 2017. Both, the connected security systems and also the validation environment were set up in a geo-distributed way across Europe integrating different components from several project partners. During these trials, special attention was payed to information exchange and transmission times, the performance of automatic correlation as well as the role of human operators embedded in this system of systems. The trials showed that – even in a geo-distributed setup – information can be exchanged and countermeasures can be initiated in less than 2 minutes through the different levels of security management. This paper provides information about the experimental setup and conduction of the GAMMA project’s third geo-distributed validation exercise. It illustrates selected results as well as provides a discussion and an outlook

Towards validating a security situation management capability

With SESAR and NextGen readying towards implementing novel operational concepts and technical enablers in ATM/CNS, the question of how to manage security in a dynamic environment across a highly distributed and networked system gains higher attention. The Global ATM Security Management project (GAMMA) addresses the development of such a security situation management capability. Following the September 11 attacks and major large-scale outages of critical infrastructures, the security of air navigation has emerged as a critical capability gap. On-going transformation programs like SESAR and NextGen are moving into the deployment phase with limited to none tangible security solutions. GAMMA addresses this gap by investigating a security situation management capability. The framework of this capability is devised as a distributed network of aviation stakeholders that jointly collaborate in identifying and localizing security incidents while considering the constraints given by the different participants, national responsibilities, and collaboration-related requirements. This paper addresses the preparatory work for the validation of an initial security situation management capability. For that purpose, project partners setup a joint configuration and trial network for the security functions and systems developed in the frame of a real-time human-in-the-loop simulation. The simulation results have been measured against the mapping of the operational concept and validation requirements, in particular in terms of situational awareness on the operator side and networked incident management response. These results will inform the further validation activities of the project

Netcentric Protection against Aircraft Misuse and Passivation of Misused Aircraft.

A concept was developed to ensure the early detection of the misuse of an aircraft and to initiate efficient countermeasures. The Eurocontrol ERRIDS system is used to transmit the misuse information from the aircraft to the ground and to distribute it to all stakeholders. In case of continuous misuse a fighter is sent out to intercept the aircraft. To prove the concept, a distributed real time simulation with a functional aircraft cockpit, a fighter cockpit, an air traffic simulation, and an ERRIDS network was established. This was achieved through a network geographically distributed in Europe with the aircraft cockpit installed at the Munich exercise. During the simulation the concept of ERRIDS information distribution, aircraft intercept , and passivation was succesfully demonstrated. It was shown during this experiment that the technology is available and matured