Validating a European ATM Security System Architecture

Abstract

The awareness about security threats and vulnerabilities in Air Traffic Management (ATM) has been steadily growing over the last years. The number of recent security research projects shows that the effort taken to close these vulnerabilities and to make air traffic more robust against security attacks is increasing in the same way. As Air Traffic Management is often done across national borders, related security incidents could affect several air navigation service providers and stakeholders in different nations at the same time. A quick and efficient exchange of security-relevant information as well as a multi-national level of security management is needed. In the frame of the Global ATM Security Management Project (GAMMA), several prototypic security systems were developed and designed as part of a European security management system architecture. This concept foresees a local, a national and a European level of security management while essential information is shared between those levels. In order to validate this approach, several real-time human-in-the-Ioop simulations were conducted in the first half of 2017. Both, the connected security systems and also the validation environment were set up in a geo-distributed way across Europe integrating different components from several project partners. During these trials, special attention was payed to information exchange and transmission times, the performance of automatic correlation as well as the role of human operators embedded in this system of systems. The trials showed that - even in a geo-distributed setup - information can be exchanged and countermeasures can be initiated in less than 2 minutes through the different levels of security management. This paper provides information about the experimental setup and conduction of the GAMMA project's third geo-distributed validation exercise. It illustrates selected results as well as provides a discussion and an outlook.