Centralized security governance for air navigation services: Innovative strategies to confront emerging threats against Civil Aviation

Abstract

Civil aviation remains an attracting target for criminals and the obligation to protect civil aviation against acts of unlawful interference must cope with increasingly sophisticated threats, many of a technological nature. The development of complex systems, by their nature interoperable, in an increasingly global and supranational environment, requires a methodological approach of the security governance to enable the constant monitoring of resources, process integration between IT, logical and physical security, continuously measuring the threat level and the potential vulnerability, with the aim to react and respond to acts of unlawful interference. This requires also a close and continuous link between all the actors of the system. The legal framework, both European and national, forms a solid term of reference, but the mere compliance with regulations is not enough, while it is always necessary to demonstrate due diligence for the protection of human lives in the air and on the ground and to ensure, in general, security, continuity, resilience and regularity of the public service of transportation by air. ENAV, Italian State-owned Air Navigation Service Provider, is in charge a vital segment of aviation and it has established an integrated security management system, focused on the concept of centralized government. Its centerpiece is the Security Operation Center, now evolving into an Integrated Defense Center, in constant evolution and aimed at a full context awareness and adaptive response. In accordance with Annex 17 to the Chicago Convention and related guidance material, ENAV provided a strategy based on the principle to combine technology, human and material resources, a set of processes and procedures intended to address a continuous improvement based on Deming cycle. Furthermore, the process management is focused on internationally recognized standards and committed to the exchange of information with the appropriate authorities and key stakeholders to achieve the dynamic configuration of the devices of physical and logical security and their responsiveness in the context of the system of critical infrastructure protection and cyber security system of the Italian Republic.