Periodic Reporting for period 1 - SEC-AIRSPACE (Cyber SECurity Risk Assessment in virtualized AIRSPACE scenarios and stakeholders’ awareness of building resilient ATM)
Período documentado: 2023-09-01 hasta 2024-08-31
Cyber security is a key enabler to safe Air Traffic Management (ATM). However, as the ATM systems become increasingly more interconnected and complex, the risks towards these systems are likewise becoming more complex. At the same time, the key elements required for achieving a more dynamic airspace management and ATM service provision, including a future data-sharing service delivery model, deployment of infrastructure through a service-oriented architecture, and increased flow of data among different actors , may expose the ATM systems to cyber security threats, which in worst-case can have catastrophic consequences if not properly addressed. To deliver safe and secure ATM, there is an urgent need to address cyber resilience. SEC-AIRSPACE addresses this need with a twofold proactive approach, aiming to
1. Improve the cyber security risk assessment of existing and future ATM scenarios.
2. Increase cyber security awareness and maturity amongst the ATM stakeholders.
These two objectives are inter-weaved since the results of a cyber security risk assessment can be used to target programs on employees’ cyber-awareness better.
The main impact of SEC-AIRSPACE - increased cyber resilience – will be achieved through a step-by-step approach. From its very beginning, SEC-AIRSPACE will contribute to state-of-the-art in cyber security risk assessment of ATM scenarios. Early results from the Exploratory Research activities will be published in acknowledged scientific conferences and disseminated to the ATM community. The short-term impact is, therefore, mainly an increased awareness and knowledge of cyber security threats and risks in the ATM community. However, we also expect that early project results can be utilized by the ongoing SESAR solutions, which can use the results to improve their security work; both when they perform security risk assessments and when they derive suitable security requirements for their solutions to mitigate the identified risks.
By the end of the project, the impact of SEC-AIRSPACE will be more substantial. The project results will be validated and demonstrated, which implies that the increased awareness and knowledge of cyber security threats and risks have reached a wider audience. The Strategic Research and Innovation Agenda states that in 2026, cyber-resilience guidelines and procedures tailored to ATM will be available for the Initial Operational Capacity (IOC) of the virtualised and cyber-secure data sharing scenarios. A significant mid-term impact of SEC-AIRSPACE will be evident in its influence on these guidelines and producers. Further, the two ATM datalink services, Satellite Communication (SATCOM) and L-band Digital Aeronautical Communications System (LDACS), are both expected to become operational and used to deliver Air Traffic Services (ATS) already in 2028. At this point, the SEC-AIRSPACE results will be sufficiently mature to be used to help ensure that multilink is implemented and deployed in a cyber-resilient manner and that the human operators can be trained to prevent, detect, and respond to relevant threats related to the use of datalink in service-oriented architectures. By then, the virtualisation of ATM services will also benefit from the project results, both in an early stage where dynamic airspace management is being applied in a single ATS unit and for assessing cyber security risks associated with future virtualised ATM scenarios before they are deployed.
Over time, SEC-AIRSPACE will establish a lasting foundation for cyber-secure virtualised ATM. Results from SEC-AIRSPACE will help ATM actors protect, detect, and react to potential cyber security threats, while at the same time reducing costs. The AI-driven training paths, tailored for each role in the organization, will, in the long run, reduce the time and overall costs of recurrent cyber-security training for employees in the ATM organisations. The main impact – increased cyber resilience - will be achieved when project results have been taken up and applied by stakeholders all along the ATM supply chain.
1. Improve the cyber security risk assessment of existing and future ATM scenarios.
2. Increase cyber security awareness and maturity amongst the ATM stakeholders.
These two objectives are inter-weaved since the results of a cyber security risk assessment can be used to target programs on employees’ cyber-awareness better.
The main impact of SEC-AIRSPACE - increased cyber resilience – will be achieved through a step-by-step approach. From its very beginning, SEC-AIRSPACE will contribute to state-of-the-art in cyber security risk assessment of ATM scenarios. Early results from the Exploratory Research activities will be published in acknowledged scientific conferences and disseminated to the ATM community. The short-term impact is, therefore, mainly an increased awareness and knowledge of cyber security threats and risks in the ATM community. However, we also expect that early project results can be utilized by the ongoing SESAR solutions, which can use the results to improve their security work; both when they perform security risk assessments and when they derive suitable security requirements for their solutions to mitigate the identified risks.
By the end of the project, the impact of SEC-AIRSPACE will be more substantial. The project results will be validated and demonstrated, which implies that the increased awareness and knowledge of cyber security threats and risks have reached a wider audience. The Strategic Research and Innovation Agenda states that in 2026, cyber-resilience guidelines and procedures tailored to ATM will be available for the Initial Operational Capacity (IOC) of the virtualised and cyber-secure data sharing scenarios. A significant mid-term impact of SEC-AIRSPACE will be evident in its influence on these guidelines and producers. Further, the two ATM datalink services, Satellite Communication (SATCOM) and L-band Digital Aeronautical Communications System (LDACS), are both expected to become operational and used to deliver Air Traffic Services (ATS) already in 2028. At this point, the SEC-AIRSPACE results will be sufficiently mature to be used to help ensure that multilink is implemented and deployed in a cyber-resilient manner and that the human operators can be trained to prevent, detect, and respond to relevant threats related to the use of datalink in service-oriented architectures. By then, the virtualisation of ATM services will also benefit from the project results, both in an early stage where dynamic airspace management is being applied in a single ATS unit and for assessing cyber security risks associated with future virtualised ATM scenarios before they are deployed.
Over time, SEC-AIRSPACE will establish a lasting foundation for cyber-secure virtualised ATM. Results from SEC-AIRSPACE will help ATM actors protect, detect, and react to potential cyber security threats, while at the same time reducing costs. The AI-driven training paths, tailored for each role in the organization, will, in the long run, reduce the time and overall costs of recurrent cyber-security training for employees in the ATM organisations. The main impact – increased cyber resilience - will be achieved when project results have been taken up and applied by stakeholders all along the ATM supply chain.
The technical and scientific parts of the work performed have been done in the context of three technical work packages (WPs).
In WP1, the main achievements so far are:
• Development of a knowledge base of reusable primary and supporting assets, vulnerabilities and threats for existing and emerging ATM systems. The knowledge base can be exported to a machine‐readable taxonomy.
• Development of guidelines for modelling assets, threats, vulnerabilities and security controls for ATM scenarios. The guidelines integrate with existing practices withing the ATM domain.
• Development of a methodology for analysing cascading effects from cyber‐attacks against ATM scenarios.
• Initial planning and development of a methodology for dynamically assessing changes in the risk models.
• Initial planning and development of a web‐based tool supports the usage of the building blocks above.
These results will be a part of the ATM solution "Holistic and dynamic risk assessment for the ATM domain" (solution 0426).
In WP2 , the main achievements so far are
• Development of a novel training process in which People Analytics are actively used to mitigate human-related risk through training.
• Design of a novel approach to People Analytics that suits the special needs of ATM organisations.
• Development of a catalogue of available training material, specifically adapted for ATM organisations.
• Development of a novel definition of Return on Training Investment (ROTI) logic.
• Development of Machine Learning (ML) logic to support the identification of trainee clusters and for coupling those clusters with training courses.
• Initial planning and development of a PA-based learning analytics dashboard, supported by an ML engine.
These results will be a part of the ATM solution "Personalised cyber security training and awareness for ATM actors" (solution 0427).
In WP3, the main achievements are
• Development of the two project use cases: "Future communication infrastructure (FCI)" and "Virtualisation of Air Traffic Services (ATS)"
• Definition and preparation of four validation exercises, which will be used to validate the two solutions in the context of the two use cases.
In WP1, the main achievements so far are:
• Development of a knowledge base of reusable primary and supporting assets, vulnerabilities and threats for existing and emerging ATM systems. The knowledge base can be exported to a machine‐readable taxonomy.
• Development of guidelines for modelling assets, threats, vulnerabilities and security controls for ATM scenarios. The guidelines integrate with existing practices withing the ATM domain.
• Development of a methodology for analysing cascading effects from cyber‐attacks against ATM scenarios.
• Initial planning and development of a methodology for dynamically assessing changes in the risk models.
• Initial planning and development of a web‐based tool supports the usage of the building blocks above.
These results will be a part of the ATM solution "Holistic and dynamic risk assessment for the ATM domain" (solution 0426).
In WP2 , the main achievements so far are
• Development of a novel training process in which People Analytics are actively used to mitigate human-related risk through training.
• Design of a novel approach to People Analytics that suits the special needs of ATM organisations.
• Development of a catalogue of available training material, specifically adapted for ATM organisations.
• Development of a novel definition of Return on Training Investment (ROTI) logic.
• Development of Machine Learning (ML) logic to support the identification of trainee clusters and for coupling those clusters with training courses.
• Initial planning and development of a PA-based learning analytics dashboard, supported by an ML engine.
These results will be a part of the ATM solution "Personalised cyber security training and awareness for ATM actors" (solution 0427).
In WP3, the main achievements are
• Development of the two project use cases: "Future communication infrastructure (FCI)" and "Virtualisation of Air Traffic Services (ATS)"
• Definition and preparation of four validation exercises, which will be used to validate the two solutions in the context of the two use cases.
The main results from the SEC-AIRSPACE project at this point in time are the results developed as part of the two ATM solutions described above. The impact achieved so far is twofold: 1) We have contributed to increased awareness and knowledge of cyber security threats and risks in the ATM community through the presentation and publication of initial results in ATM-related events. 2) We have enabled ongoing SESAR solutions to use the WP1 results to improve their security work, most significantly the analysis of threats and vulnerabilities in ATM systems, which have already been used by the SESAR FCDI project in their threat modelling activities.