Looking towards the Single European Sky: a Tailored Security Assessment for Future ATM Systems
Authors
Abstract
The objective of this paper is the definition of a new methodology for carrying out security risk assessment in the Air Traffic Management (ATM) domain. This process is carried out by modelling the system, identifying the assets, threats and vulnerabilities, prioritizing the threats and proposing countermeasures for the weaknesses found.ATM security is concerned with securing the ATM assets, to prevent threats and limit their effects on the overall aviation network. This effect limitation could be achieved by removing the vulnerability from the system and/or increasing the tolerance in case of component failures due to attacks.
The security risk assessment methodology proposed is based on what is currently being done by the industry and international organisations (International Civil Aviation Organization (ICAO), Common Criteria (CC), International Standard Organisation (ISO), EUROCONTROL Guidance Material, etc.) and comprises five main stages.
For demonstrative purposes, the methodology is applied to a case study on the Flight Data Processing Subsystem (FDPS), which is a component of many ATM systems