New technologies have been growing rapidly since the beginning of the COVID19 pandemic. In this connected and digitalised world, cyber-attacks are now a reality, but they can be anticipated and prevented with good organisational governance and robust security approach. Digitalisation of systems and its adoption is one of the main priorities of the European Digital Agenda. Aviation is increasingly challenged and needs to strengthen its cyber resilience. Today we present how Coflight Cloud Services integrates these security principles for its partners and customers.
Securing ATM systems
Air Traffic Management (ATM) organisations, Air Navigation Service Providers (ANSPs) and other ATM stakeholders are key operators in many countries. They track aircraft passing through their airspace, provide information to them, adapt their flight path to weather conditions and air traffic demand, guide them through tricky take-off and landing phases, etc. The failure of an ATM system can have serious consequences for the entire chain and for users.
Safety is the primary issue in air traffic management, which is why it is organised through system redundancy (duplication of critical elements, back-up in case of malfunction), fall back procedures for non-nominal operations, making sure the system is fundamentally robust. Air traffic management comprises a complex set of systems, traditionally characterised by customised communication protocols and autonomous systems to exchange information between entities: aircraft, air traffic control, aerodrome control towers, aircraft operators and flow managers.
As cyber threats increase every day around the world, the systems of these operators are undergoing a digital transformation. Increasingly connected to airlines, airports and other air traffic control providers, their systems are more vulnerable to a potential cyber-attack. Cyber security is therefore becoming a major issue for all ATM stakeholders.
EUROCONTROL estimates that of all security incidents reported by aviation stakeholders in 2019, 20% targeted ANSPs. Of the total number of events, 80% were classified as low severity, 20% as medium and fortunately none as high.
Air traffic management relies on interdependent and interconnected processes on a global scale, so cyber-attacks can affect actors at national, regional and international level. There are therefore an increasing number of security vulnerabilities to be detected, tested and addressed. To mitigate these attacks as much as possible and become cyber-resilient, actors in the field need to put in place a solid information security management system and an appropriate approach to cyber security. This can be done for example with appropriate risk management (threat analyses, responses via requirements) but also with an operational approach with the establishment of SOCs (Security Operations Centres).
International cooperation, information sharing and a common vision are also essential elements to ensure a global resilience of the ATM system.
In order to address these security challenges, to protect critical infrastructure and aviation data from cyber threats, aviation decision-makers are taking legislative action at national and global level.
The European Union has already put in place horizontal legislation to address cyber security challenges, covering critical infrastructure sectors, including major aviation players. The regulatory framework for aviation security has been reviewed to incorporate ICAO requirements. EASA is also working on common rules to address the security aspects of information security risks.
Aviation must take into account the (current and future) European’s cyber security rules in order to ensure a highly secure system. For this, some adaptations in the management system have to be put in place. Even more than the costs, it can also become a very big safety issue, as malevolent hackers may corrupt ATM Data
Cyber security at CCS
In Europe, security policy is given by the European Union Agency of Cyber security (ENISA), which is then deployed in each member state. CCS benefits from this. The security approach also covers the entire life of the product, from design to withdrawal from service.
Since its inception, CCS has been the subject of cross-fertilisation between ENAV and DSNA (the two “operators”), as well as with customers (skyguide), in order to be designed/operated in a secure manner.
This has resulted in the implementation of security concepts in the infrastructure, components and software. Thus, communications between CCS and its clients are encrypted and access is subject to mutual authentication, using certificates, between client and server. CCS therefore respects the Security Specification for SWIM Technical Infrastructure (SWIM Yellow Profile). The CCS provider platform is dedicated and isolated from the rest of the information system. The principles of least privilege and least functionality allowing to “contain” possible intrusions/incidents (by limiting the possibilities that an attacker would have if he managed to penetrate CCS) are applied in the different technical components.
A risk analysis and audit approach then validate these various technical measures (respectively by confirming the good adequacy with the envisaged threats and the good implementation of the measures).
The “security” approach does not end with the commissioning. CCS is connected to the SOCs of the providers, which will ensure the analysis of logs and network traffic in and around CCS in real time. This analysis will allow the detection and identification of security events/incidents. The SOCs will also be responsible for managing and steering the reactions/remedies to these possible events.
Another mission of the SOCs is to monitor security flaws in the various components of the platform, so that the technical teams can make updates and corrections before the flaws are exploited.
Conclusion
The digitalisation of air traffic management is leading to an increase in the use of digital data and increased connectivity of systems, allowing for improved performance while keeping the safety and security of goods and people as the main objective. These developments can make the ATM system more vulnerable to cyber-attacks. Security incidents can have significant impacts on society and repercussions outside the aviation system. A comprehensive approach to cyber security and a major involvement of ATM stakeholders is essential to ensure the cyber resilience of air traffic and CCS is already taking it fully into account in its current and future development.