Community Research and Development Information Service - CORDIS


GAMMA Report Summary

Project ID: 312382
Funded under: FP7-SECURITY
Country: Italy

Periodic Report Summary 3 - GAMMA (Global ATM security management)

Project Context and Objectives:
The goal of the GAMMA project is to develop solutions to emerging air traffic management vulnerabilities backed up by practical proposals for the implementation of these solutions. The project will also consider the new scenarios created by the Single European Sky programme.
The GAMMA vision is to adopt a holistic approach for assessing ATM security, elaborating a security framework at European level. For this purpose GAMMA aims to reach the following main objectives:

- Extend the scope of threat assessment performed within SESAR to a more comprehensive system of systems level, taking a global and holistic approach to ATM Security inclusive of all its assets (personnel, critical infrastructures, etc.) and all forms of threats. This will result in threat models, security objectives reports and associated security controls, which will then be validated through validation exercises.
- Develop a Global ATM Security Management framework, representing a concrete proposal for the day-to-day operation of ATM Security and the management of crises at European level. GAMMA will elaborate the institutional framework of ATM security while also considering interfaces with, and constraints coming from, stakeholders outside the ATM domain (e.g. military organisations, etc.).
- Define the requirements and architecture of an ATM security solution, suitable to support the security management of the global ATM system (including crisis and incident management), in line with the directions identified by the security management framework. The proposed solution, covering both operational and technological elements, is meant to increase the capability of the single European states (while maintaining national sovereignty) and of Europe as a whole to respond to attacks and manage the consequent crises of the ATM service.
- Design and implement representative prototype components of the above ATM solution so as to demonstrate, through concrete developments, the functionalities and operations proposed for the future European ATM.
- Set up a realistic validation environment, representative of the target ATM solution, through which to perform validation exercises aimed at validating the feasibility and assessing the adequateness of the procedures, technologies, and human resources issues proposed.

GAMMA is strongly driven by End Users and includes within the consortium ANSPs as well as an airport operator, supporting the project activities from the threat and vulnerability analysis to the validation of the developed concepts.
GAMMA methodology is based on a clear activity flow starting from the threat assessment, and proceeding with architecture definition, prototypes design and validation exercises. The approach foresees two iterations allowing the necessary adjustments needed to reach the optimal results on the basis of the validation activities.
The GAMMA projects builds on previous research projects and connect with relevant European initiatives, most notably SESAR. A cooperation framework is in place with SESAR JU ensuring the constant alignment of GAMMA with the overall SESAR framework defined for the next generation ATM.
Project Results:
The first GAMMA activities to get going were focused on a comprehensive assessment of the full set of security threats and vulnerabilities affecting existing ATM systems, considering it as a ‘system of systems’ and covering operational as well as technological aspects. These WP2 (ATM Threat Assessment Model) activities set the frame and context for the rest of the work to be carried out in the project. In order to be able to compare the results of GAMMA with SESAR, it was decided to adopt the steps of SESAR security methodology (SecRAM). The work done on threat assessment, including identification of threat scenarios and impacts are reported in document D2.2 (Security objective report) together with the security objectives. The analysis on the risk treatment is instead inserted into deliverable D2.3 (Risk treatment report). The work performed has led to the identification of 13 Primary Assets, 59 Supporting Assets, 44 Threat Scenarios, 95 High Level risks, 318 Security controls and 27 Security KPIs.
WP3 (ATM Security Management framework) broadens the scope to consider the institutional environment within which the GAMMA proposed solutions are intended to operate. For this purpose the ATM Security Management framework, has been defined through the GAMMA CONOPS (Concept Of Operations) which will become part of document D3.1. The international cooperation aspects and the Legal and Institutional issues are contained in document D3.3 which analyses all requirements and best practices applicable within the international cooperation framework, with a special focus on the agreement between US and Europe, as well as applicable regulations and standards.
Work carried out within WP2 (ATM Threat Assessment Model) has served as a starting point for defining the ATM Security Architecture (WP4). The GAMMA requirements on ATM security are included in the D4.1 document (including 250 requirements) while the architectural modelling is made available in document D4.2 and D4.3 (D4.2 representing an intermediate version). The architectural work has been carried out adopting the same modelling tool (MEGA) used by SESAR, thus ensuring compatibility and potential re-use in future SESAR work.
The link between the definition of the GAMMA solution and its validation is performed in WP5 which sets out the validation needs (document 5.1) and the definition of an architecture comprising prototypes and a validation environment capable of supporting the validation activities (document D5.3).
The development process for each prototype has been progressing within WP6, so that at the end of the third year all prototypes reached a good state of completion in preparation for the first stand alone validation activities. Special focus was put on the integration of the various modules composing the main prototype (Security Management Platform), which involves the collaboration of three different partners.
The Validation Environment Requirements and the first release of the Validation Environment Design & Development were both completed within WP7. As part of this work the different Validation Environment Building Blocks (VEBBs) required to execute each validation scenario were identified and their technical interfaces checked for consistency.
Integration activities at month 35 were reported in document D8.1 and included the verification of the integration of the SMP modules and verification of connections for a geo-distributed architecture.
WP9 set about identifying the storylines containing information and procedures for each validation exercise. Partners have been preparing their validation environment to perform the validation trials of the prototypes, in close cooperation between WP6, WP7 and WP8. Some validation exercises have already been conducted while others are planned in the coming months.
All these activities have been widely disseminated to the outside community of users, exploiting the links established through the GAMMA user group and institutional stakeholders (EDA, NEASCOG, Eurocontrol, etc). A GAMMA 1st User Workshop has been successfully performed while a range of focused workshops are planed for the future in association with validation activities. Finally, dissemination has been enhanced through the distribution of the GAMMA Brochure and the Newsletter as well as several publications and presentations given to conferences.
Potential Impact:
GAMMA has produced a detailed assessment of the vulnerabilities of the ATM system conducted through established methodology (ISO 27001 / ISO 27005 / ISO 31000) which include the definition of the Context Establishment, the Threat Assessment and Risk Treatment.
The Threat Assessment work provides an assessment of the full set of security threats and vulnerabilities possibly affecting the global ATM current system and future evolution prepared in the frame of SESAR. Risk Treatment provides recommendations on ATM risk reduction, retention, avoidance, transfers of residual risks, and a target European-scale ATM security policy defining a process for security accreditation of the European ATM.
These results set the basis for the development of an architectural solution capable of tackling the identified vulnerabilities and comprising system as well as operational elements. Special attention has been given to ensure that the proposed solution is grounded on an institutional framework providing a reference for its implementation in the real world European context. For this reason an important outcome of GAMMA is the definition of a reference ATM security management framework, including operational procedures, institutional issues, civil-military cooperation, and as much as possible integration with ATM security management systems outside Europe. In addition, the GAMMA project foresees specific tasks aimed at assessing the wider social implications of adopting the proposed solution. These include issues relating to Human Resources and Training. The wider definition of roles and responsibilities within a broad international context is considered together with the legal issues facing the implementation of an ATM security management framework.
The GAMMA solution will be validated through dedicated exercises designed to test the architectural proposal and assess its effectiveness in tackling ATM security. For this purpose prototypes are being developed and validated within a realistic environment representative of the current and future ATM scenarios. The prototypes implement some functionalities identified in the proposed solution and will serve to validate the feasibility and adequateness of the threat countermeasures identified. The validation exercises will also serve as a concrete example of the applicability of the GAMMA solution and thereby ensure the buy-in of stakeholders. For this purpose it is planned to organise several validation workshops with the involvement of relevant stakeholders and experts who will therefore be part of the assessment process. These activities will be part of the wider effort to ensure a lasting impact of GAMMA through direct engagement with stakeholders and users, smoothing the way for successful implementation.
These actions will also be pursued through the GAMMA User Group which aims to provide a basis for discussing GAMMA activities beyond the consortium and engage with the community of users at large.
The GAMMA project will result in a solid baseline from which further research activities may derive inspiration. It is within this context that GAMMA has established a strong relationship with SESAR JU and EASA as well as other key European stakeholders. Contacts with SESAR JU, which is included in the Project Advisory Board, will ensure the alignment of GAMMA activities with the broader environment for the future of ATM defined by SESAR.
List of Websites:


Alessandro Ambrosetti, (Institutional Financing EU, NATO & UN)
Tel.: +390106584703
Fax: +390106093344
Record Number: 199733 / Last updated on: 2017-06-21
Follow us on: RSS Facebook Twitter YouTube Managed by the EU Publications Office Top