Proposals must describe a specific application supporting the improvement of the ATM architecture, with a particular focus on adapting it to better support digital technologies. Proposals must also describe a work plan to undertake the initial validation of their proposed improvement.
The following application areas of interest have been identified by the SJU:
Application area 1: ATM cyber-crisis management
The cybersecurity requirements of the ATM data systems are very high, but it is nevertheless necessary to ensure that if a cyberattack were to be attempted, the system would be ready to ensure the safety of the system at all times, and resume normal operations as soon as possible. Bids must propose one or more cyber-crisis management strategies that include the whole crisis lifecycle (readiness, response and recovery), and a plan to validate them. It is expected that the network analysis models used in other industries can be useful for ATM. Projects working in this area must consider the business aspects of their proposed applications.
Application area 2: ATM data management
The decentralization of the ATM system will bring with it the distribution of data management responsibilities among multiple actors. There is a need to establish requirements that ensure that the data are correctly stored and that the transmission of data is carried out in a secure and fully traceable way. Bids should describe a specific ATM data management challenge and hypothesize one or more novel ways to store and transmit ATM data so that the security and traceability is improved above what is considered in IR (with the SWIM profiles), and propose a plan to validate their hypothesis. It is expected that the generic data encryption solutions that are in use in other industries (e.g. block-chain, smart contracts, quantum-based cryptography, etc.) will be useful for ATM.
Application area 3: Collaborative cybersecurity awareness
The concept of the aircraft downlinking to the ground CNS cybersecurity status information (e.g. jamming, spoofing) is included in the scope of IR Wave 2 (Candidate Solution 110). Bids could propose additional applications that extend this concept, e.g. aircraft sharing cybersecurity status with other aircraft rather than the ground, or to a commercial cybersecurity monitoring service (not necessarily the ATM system).
Application area 4: Interaction between cybersecurity management and safety management in ATM
Similarly to what is done through safety management systems in the area of safety, there is a need to share cybersecurity information in order to ensure that the information and lessons learned from previous incidents is used for the continuous improvement of the system. However, unlike for safety, access to cybersecurity-related information needs to be controlled in order to avoid that sensitive information ends up in the hands of potential attackers. In addition, in the aviation there is a need to consider the trade-off between security measures and safety requirements, e.g. an encrypted ADS-B-in may be more secure if used by the ground, but may become unusable by other aircraft for ADS-B-in applications. Bids should elaborate on one or more of the challenges posed by the interaction between cybersecurity and safety in ATM, hypothesize one or more potential solutions and describe a plan to validate their hypotheses. The output of the project should be a public deliverable with detailed guidance material on how to address these issues.
The above list of potential applications is not intended as prescriptive; bids addressing applications not listed above are welcome, provided adequate background and justification are provided in the bid.
The future ATM architecture is distributed, and will make extensive use of digital technologies to enable a more efficient organisation of the entire mobility system. The implementation of this model provides opportunities for increased efficiencies through the consolidation of services, and increased resilience by increasing the flexibility in the design of fall-back solutions but will face challenges that need to be addressed e.g. cyber security. Securing the confidentiality, integrity and availability of all ATM operations, in particular in the face of rapidly increasing cyber security risks, will be an inherent and collaborative element for civil and military stakeholders in the design, development, deployment, operations and maintenance of ATM capabilities.
It is expected that the research in this topic paves the way for a future distributed, service oriented ATM architecture that will make extensive use of digital technologies while respecting agreed safety targets and defence and security needs.