Working together for the future of ATM
Cyber-security is an increasing concern in all industries, and the aviation system is an attractive target. Air traffic management's (ATM) use of a patchwork network of bespoke systems and protocols has, traditionally, insulated it well from cyber-attack. But this is changing. ATM is at a critical point in moving towards a highly connected 'system-of-systems', underpinned by common standards and components.
Helios, supported by Thales, recently completed a study for the SESAR Joint Undertaking (SJU) on how SESAR's new operational concepts and technologies should respond to these cyber-security concerns.
The pan-European consequences of cyber-attack are striking:
- Any penetration will erode trust in new systems and concepts, potentially limiting their successful deployment.
- Successful cyber-attacks could lead to 'domino effect' failures across connected systems or common components.
- Even the suspicion of attack may be sufficient to close the skies to air traffic for prolonged periods.
Such threats call for a broad response that strengthens the protection and resilience offered by new operational concepts and technologies, but goes further to include both service provision and regulatory functions. Cyber-security in this context, we believe, will require every ATM stakeholder to prepare and protect itself, to be ready to detect and analyse attacks as early as possible, and respond effectively to stop their escalation.
ATM stakeholders have begun to improve cyber-security, but the industry will need to work together to build trust across stakeholders. Good governance and coordination will be at the heart of a successful response. It's not enough for individual stakeholders to address cyber-security in their own 'patch'. The response needs to take account of complex, dynamic and cross-boundary cyber-risks. Clear responsibilities for protection and effective decision-making in response to the inevitable will be vital. In working together to address cyber-security, the aviation community will need to trust each other. It's a pre-requisite to delivering the many benefits that modernisation and harmonisation promises.
For further information contact Matt Shreeve.
Matt is a technology policy expert at Helios. He has over 10 years of experience in the policy, programme and change management aspects of developing, deploying and using innovative technologies and services. His particular expertise is in cyber-security, resilience and enterprise architecture. Many of his projects involve balancing potential benefits, costs and risks in complex and uncertain situations. Since joining in 2013, he has worked across Europe for the Commission, SJU, ANSPs, EUROCONTROL, ESA and the GSA.