Dealing with cyber threats in Air Traffic Management

Cyber threats are growing daily, making air traffic management systems increasingly vulnerable.

The digital transformation of air traffic management is making systems more connected and, therefore, more exposed to cyber risks. Thales provides a comprehensive cybersecurity program tailored to the needs of Air Navigation Service Providers (ANSP), ensuring resilient and cost-efficient protection.

Air Traffic Management Faces Growing Cybersecurity Challenges

The organisations responsible for Air Traffic Management, the Air Navigation Service Providers (ANSP), are operators of vital importance, in many countries. They track aircraft crossing their airspace, sending them information, adapting their flight path to weather conditions and air-traffic demand, guide them through the delicate take-off and landing phases, etc. Failure of an air-traffic management system can have grave consequences.

As cyber threats grow daily, around the world, the systems of these operators are in the process of digital transformation. Increasingly connected to airlines, airports and other providers of air traffic control, their systems are ever more vulnerable to potential cyberattack. Cybersecurity is thus becoming a major challenge.

Thales: A Trusted Cybersecurity Partner for ANSPs

Both a long-standing provider of air traffic control systems and a major player in cybersecurity, Thales now offers a range of solutions specially designed for air traffic needs. Since every ANSP has different improvement strategies and weaknesses, priorities must first be identified and risks analysed. It would be pointless, for example, to install a sophisticated firewall if passwords are lying around on Post-Its!

A 360-Degree Cybersecurity Programme to Protect, Detect, Respond and Recover

To combat cyber threats, Thales advocates a holistic approach and offers solutions based on business risks. It covers all the issues and can be tailored to specific requirements:

Protect
Secure architecture, firewalling, authentication and access control, OS hardening, network infrastructure upgrades, etc. Protection measures can be of different types, since it is necessary to protect not only the system core but also the infrastructure, data feeds and system supports.

Detect
Depending on the need, cyberattack detection sensors can be installed. The aim is to detect attacks before they reach the system core. It is thus necessary to identify critical functional chains, subsystems and data feeds that could be initial entry points.

Respond
Given that ATM systems are critical and must be permanently available, analysis and evaluation of detected incidents is crucial. It is important to avoid both a minor event eliciting recourse to drastic measures that affect service quality and the underestimation of an apparently minor event. Thales offers a security supervision tool that helps analyse incidents, link them to their possible impact on operations then propose actions to prevent the attack, as far as possible.

Recover
Whatever the measures adopted, the threat is there and the possibility cannot be excluded that a well-orchestrated and targeted cyberattack might get the better of the existing defences. Faced with this eventuality, ANSPs can prepare a rapid-system-recovery plan, which involves having a duplicate version, synchronized with the original, so strongly protected that it stays healthy at the moment of the attack.

For an ANSP, a “successful” cyberattack has three costs. The first is in the harm done to services. The second is the detailed investigation necessary to understand the attack. The third is the cost of making changes to the system so the incident does not recur. Thanks to the flexibility of the Thales cybersecurity programme, ANSPs can reduce risks with regard to the challenges and also respond in an appropriate and proportionate manner. The programme brings them a high level of resilience coupled with cost-efficiency.