Cyber-security is a key enabler to safe Air Traffic Management (ATM). Advanced technologies, such as Big Data, automation, Artificial Intelligence, increased connectivity, the Internet of Things and the introduction of cloud services and virtualization are revolutionizing the business landscape. European aviation needs to embrace this change and further engage in its digital transformation based on data sharing, connectivity, and automation. However, the digital transformation of aviation may pose a risk if cyber security is not properly addressed already during the R&D phase.
A security risk assessment is a process for identifying and mitigating potential attacks against a system. The Security Risk Assessment methodology (SecRAM) provides a methodology and practical guidance for the ATM projects to perform a cyber security risk assessment of their solutions. SecRAM presents a line of actions for demonstrating that a solution has adequately addressed cyber security in their research and development phase, thus ensuring that the outcome is a resilient solution. The methodology includes identifying potential targets of attacks, evaluating the impacts of such attacks, identifying vulnerabilities, and assessing relevant threats and finally, identifying a set of security requirements that will mitigate the risk to an acceptable low level when deploying the solution.
During the past 5 years, SINTEF has been part of a cyber security expert team, which is responsible for coordinating cyber-security activities across all the SESAR projects. One of our tasks is to provide guidance to the projects on how to apply SecRAM to perform a security risk assessment of their technology and how to derive security requirements for their solutions. These requirements are then validated, as a part of the overall performance assessment of the technology and/or operational procedure that the project develops. In this project, we have assisted many solutions in this process, thereby contributing to a more secure, and thereby also safer, air travel also in the future.
