Final Report Summary - GAMMA (Global ATM security management)
Executive Summary:
The GAMMA Project stems from the growing need to address new air traffic management threats and vulnerabilities due, for instance, to increased reliance on automation and interconnectivity between systems. The goal of GAMMA is to develop solutions to these emerging vulnerabilities backed up by practical proposals for their implementation.
The GAMMA project approached ATM Security Management by following a complete cycle of activities: starting from an initial security risk assessment, the foundations were laid for the definition of security architectures implementing a proposed security solution which was finally validated through the use of prototypes. The initial phase involved a comprehensive assessment of the most feared security threats and vulnerabilities affecting the existing ATM system, considered as a ‘system of systems’ and covering operational as well as technological aspects.
The ATM Security solution proposed by GAMMA builds on the principles and concepts related to Security Management in a collaborative multi stakeholder environment, while maintaining a strong link to the current International and European legal frameworks and the constraints imposed by the respect of national sovereignty. It is this vision which inspired several real-time simulations aimed at exploring the benefits and consequences derived from the implementation of the concept.
For this purpose the GAMMA concept was realized in experimental environments through the development of 7 prototypes. The Security Management Platform prototype, or SMP, represents the core of the concept, implementing the principles of cooperative management of ATM security outlined in the vision.
GAMMA implemented three integrated validation exercises, demonstrating test cases for evaluating the GAMMA concept with external stakeholders and experts.
All validation activities performed within GAMMA explore the technological and operational opportunities derived from the widely accepted principles of collaborative ATM security management. The geo-distributed platforms setup to perform these exercises reflect the real world security challenges of interconnected systems and point to the opportunities opened up by the distributed deployment of validation platforms. The validation exercises highlighted concrete advantages enabled by the implementation of the GAMMA concept through the prototypes developed in the project.
These validation results point towards a wider range of benefits derived by the full implementation of the GAMMA vision and the cooperative management of ATM security.
Project Context and Objectives:
The GAMMA vision is to adopt a holistic approach for assessing ATM security, elaborating a security framework at European level. For this purpose GAMMA aims to reach the following main objectives:
• Extend the scope of threat assessment performed within SESAR to a more comprehensive system of systems level, taking a global and holistic approach to ATM Security inclusive of all its assets (personnel, critical infrastructures, etc.) and all forms of threats. This results in threat models, security objectives reports and associated security controls, which are then validated through validation exercises.
• Develop a Global ATM Security Management framework, representing a concrete proposal for the day-to-day operation of ATM Security and the management of crises at European level. GAMMA elaborates the institutional framework of ATM security while also considering interfaces with, and constraints coming from, stakeholders outside the ATM domain (e.g. military organisations, etc.).
• Define the requirements and architecture of an ATM security solution, suitable to support the security management of the global ATM system (including crisis and incident management), in line with the directions identified by the security management framework. The proposed solution, covering both operational and technological elements, is meant to increase the capability of the single European states (while maintaining national sovereignty) and of Europe as a whole to respond to attacks and manage the consequent crises of the ATM service.
• Design and implement representative prototype components of the above ATM solution so as to demonstrate, through concrete developments, the functionalities and operations proposed for the future European ATM.
• Set up a realistic validation environment, representative of the target ATM solution, through which to perform validation exercises aimed at validating the feasibility and assessing the adequateness of the procedures, technologies, and human resources issues proposed.
The GAMMA project has been set up with a clear objective of building on previous research projects, and connecting with relevant European initiatives. From the very origin of the project, GAMMA was mandated by the EC to ensure strong coordination and alignment with the SESAR initiative.
Coordination with SESAR was inbuilt into the composition of the Consortium as most partners were directly or indirectly involved in the SESAR initiative. To reinforce this connection, the GAMMA project was structured so as to provide for a smooth interaction. One of the most significant outcome of this activity has been the delivery to SESAR2020 of the Security Risk Assessment and architecture modelling performed in GAMMA. This work has the potential for being seamlessly integrated into any future work in the ATM security domain since it is based on the same tools and methodologies adopted in SESAR.
In order to pursue the main objective of validating new concepts and technologies for ATM Security Management, the GAMMA project has maintained strong contacts with stakeholders and institutions with the aim of ensuring that the results derived from GAMMA were kept aligned with the general European framework for managing Security in ATM.
Project Results:
The initial phase of the GAMMA project involved a comprehensive assessment of the most feared security threats and vulnerabilities affecting the existing ATM system, considered as a ‘system of systems’ and covering operational as well as technological aspects.
This work was rooted on the new ATM scenarios introduced by the Single European Sky initiative and the Security Risk Assessment methodologies laid down in SESAR-
The ATM Security solution proposed by GAMMA builds on the principles and concepts related to Security Management in a collaborative multi stakeholder environment, while maintaining a strong link to the current International and European legal frameworks and the constraints imposed by the respect of national sovereignty. For this purpose, GAMMA defines three different layers with the aim of supporting security management at local, national and European level. The GAMMA architectural vision enhances the scope for cooperative management of ATM security while maintaining compatibility with the European ATM framework defined in the Single European Sky.
The GAMMA concept was realized in experimental environments through the development of 7 prototypes. The Security Management Platform prototype, or SMP, represents the core of the concept, implementing the principles of cooperative management of ATM security outlined in the vision. It is based on an information sharing platform for improved situational awareness and decision support functionalities. The SMP is fed by security related information sent by the other 6 prototypes, each representing specific security enhancements applied to the ATM domain and providing defence against security attacks at local level.
By integrating the prototypes into a larger validation environment, GAMMA was able to build complex geo-distributed platforms. GAMMA implemented three integrated validation exercises, demonstrating test cases for evaluating the GAMMA concept with external stakeholders and experts.
The first exercise was defined to handle uncoordinated attacks within the same country. It aimed at exploring the management of a hijacking event in which the SATCOM communication was deliberately disconnected in an area out of civil radar coverage, while satellite navigation was jammed in a separate unconnected incident. This exercise was set up using a distributed platform formed by the SMP prototype receiving security alerts from the SATCOM Security prototype and the Secure GNSS Monitoring System prototype. The SATCOM Security prototype is capable of detecting a threat targeting the SATCOM asset onboard the plane, while the Secure GNSS Monitoring System prototype is able to detect GPS jamming. Stakeholders and experts involved in this validation exercise recognized that the GAMMA concept implemented in this scenario enables an early reaction by the Military to hijacking events, saving valuable time for launching the scrambling of fighters. Measurements performed during the exercise runs revealed a reaction time saving of almost 4 minutes.
The second integrated exercise was designed to handle a coordinated attack within the same country. This exercise was set up using a distributed platform formed by the SMP prototype, receiving security alerts from the SACom and the ISS prototypes. While SAcom prototype is capable of detecting unauthorized speakers and non-conformance of flights, the ISS prototype is capable of detecting attacks to AEROMACS. The SMP correlates and displays the alerts received from the ISS and SACom prototypes allowing the GAMMA operator to initiate countermeasures. Stakeholders and experts involved in this validation exercise appreciated the benefits of automated detection of attacks and the ability to identify their correlation. This was recognized as enabling the rapid and efficient implementation of countermeasures
In the third integrated validation exercise a coordinated cyber attack affecting several European countries was combined with an additional uncoordinated cyber attack in one of these countries. Hacking of aeronautical weather data was successfully blocked by the IEG prototype while attacks on the on board communication systems were prevented by the IMC prototype. In addition, appropriate alerts were sent to the national Security Management Platforms by the local security prototypes. The correlation algorithms of the European SMP allowed the coordinated nature of the attacks to be identified in less than one minute. Validation carried out on this exercise together with stakeholders and experts demonstrated that the GAMMA set-up was capable of ensuring the activation of countermeasures in less than 2 minutes,
All validation activities performed within GAMMA explored the technological and operational opportunities derived from the widely accepted principles of collaborative ATM security management. The geo-distributed platforms setup to perform these exercises reflect the real world security challenges of interconnected systems and point to the opportunities opened up by the distributed deployment of validation platforms. The validation exercises highlighted concrete advantages enabled by the implementation of the GAMMA concept through the prototypes developed in the project.
Potential Impact:
The impact of the GAMMA has been enhanced through dissemination activities aimed at ensuring that the results emerging from the project were widely recognized by stakeholders and users as a basis for continued research and follow up activities beyond the life of GAMMA. At a strategic level, GAMMA has targeted the main European institutions with a role in framing the structure of ATM Security Management in Europe.
To maximize the impact of GAMMA and alignment with the global research strategy in ATM, GAMMA was structured to enable a strong coordination with SESAR. For this purpose GAMMA has been devised to complement and extend the SESAR ATM Security approach. A continuous coordination with SESAR was therefore foreseen during the project in recognition of the evolving context set by SESAR in the ATM security domain. One of the most significant outcome of this activity has been the delivery to SESAR2020 of the Security Risk Assessment and architecture modelling performed in GAMMA. This work has the potential for being seamlessly integrated into any future work in the ATM security domain since it is based on the same tools and methodologies adopted in SESAR.
In addition to SESAR, other European institutions targeted by GAMMA were EASA, EDA, Eurocontrol and EUROCAE. Coordination with EASA was specially fruitful as this institution was also included into the GAMMA Advisory board together with SESAR. Various meetings were organize with EDA and Eurocontrol, also within the framework of NEASCOG.
Contacts with EUROCAE are especially noteworthy as this critical dissemination activity was associated with the continuing standardisation of GAMMA results. The GAMMA solution was accepted as a baseline for the EUROCAE WG-72 ED-205 standard and GAMMA ensured its active involvement and contributions to the standard through dedicated representatives.
A large range of papers and presentations were given by GAMMA in conferences as part of dissemination activities ensuring that the impact of the project extended to the wider scientific communities as well as stakeholders and users involved in ATM security. Of special significance was the organization of a GAMMA seminar during the ATM World Congress 2017, in Madrid. To increase the impact, GAMMA was also represented on various partner booths during the ATM congress.
Validation workshops were also organized with the aim of ensuring a wider engagement of outside users in the validation of the GAMMA solutions. Separate workshops were therefore organized to coincide with validation exercises providing the opportunity for a hands on view of the results and opportunities made available by the GAMMA solutions.
In addition to specialized conferences, GAMMA has strived to engage with the wider public. Of special note was the GAMMA presence at the Cybertech 2017 exhibition organised in Rome which represented an opportunity to widen significantly the audience towards the general public as well as experts in the cyber domain.
The most impressive dissemination action taken by the project was its final event organized in Rome in November 2017. This event represented the perfect occasion to showcase the project results and ensure a lasting legacy for the project. For this occasion a project film was prepared providing a broad vision of the GAMMA activities and results. In addition a GAMMA Handbook was published and distributed with a collection of scientific articles prepared by the project partners on the subject of ATM security.
Exploitation of GAMMA results depends widely on the specific activities. For many prototypes, exploitation falls within a clearly defined roadmap defined for instance by SESAR or Clean Sky. In other cases the roadmap is less well defined and exploitation relies on the buy-in from stakeholders of the innovative concepts and technologies developed by GAMMA. It is for this reason that the active dissemination and engagement with stakeholders carried out throughout the life of the project is strictly connected to the successful exploitation of results.
List of Websites:
www.gamma-project.eu
Project coordinator: Giuliano d'Auria
email: giuliano.dauria@leonardocompany.com
Phone: +39 0641504448
Mobile: +39 3351629954
The GAMMA Project stems from the growing need to address new air traffic management threats and vulnerabilities due, for instance, to increased reliance on automation and interconnectivity between systems. The goal of GAMMA is to develop solutions to these emerging vulnerabilities backed up by practical proposals for their implementation.
The GAMMA project approached ATM Security Management by following a complete cycle of activities: starting from an initial security risk assessment, the foundations were laid for the definition of security architectures implementing a proposed security solution which was finally validated through the use of prototypes. The initial phase involved a comprehensive assessment of the most feared security threats and vulnerabilities affecting the existing ATM system, considered as a ‘system of systems’ and covering operational as well as technological aspects.
The ATM Security solution proposed by GAMMA builds on the principles and concepts related to Security Management in a collaborative multi stakeholder environment, while maintaining a strong link to the current International and European legal frameworks and the constraints imposed by the respect of national sovereignty. It is this vision which inspired several real-time simulations aimed at exploring the benefits and consequences derived from the implementation of the concept.
For this purpose the GAMMA concept was realized in experimental environments through the development of 7 prototypes. The Security Management Platform prototype, or SMP, represents the core of the concept, implementing the principles of cooperative management of ATM security outlined in the vision.
GAMMA implemented three integrated validation exercises, demonstrating test cases for evaluating the GAMMA concept with external stakeholders and experts.
All validation activities performed within GAMMA explore the technological and operational opportunities derived from the widely accepted principles of collaborative ATM security management. The geo-distributed platforms setup to perform these exercises reflect the real world security challenges of interconnected systems and point to the opportunities opened up by the distributed deployment of validation platforms. The validation exercises highlighted concrete advantages enabled by the implementation of the GAMMA concept through the prototypes developed in the project.
These validation results point towards a wider range of benefits derived by the full implementation of the GAMMA vision and the cooperative management of ATM security.
Project Context and Objectives:
The GAMMA vision is to adopt a holistic approach for assessing ATM security, elaborating a security framework at European level. For this purpose GAMMA aims to reach the following main objectives:
• Extend the scope of threat assessment performed within SESAR to a more comprehensive system of systems level, taking a global and holistic approach to ATM Security inclusive of all its assets (personnel, critical infrastructures, etc.) and all forms of threats. This results in threat models, security objectives reports and associated security controls, which are then validated through validation exercises.
• Develop a Global ATM Security Management framework, representing a concrete proposal for the day-to-day operation of ATM Security and the management of crises at European level. GAMMA elaborates the institutional framework of ATM security while also considering interfaces with, and constraints coming from, stakeholders outside the ATM domain (e.g. military organisations, etc.).
• Define the requirements and architecture of an ATM security solution, suitable to support the security management of the global ATM system (including crisis and incident management), in line with the directions identified by the security management framework. The proposed solution, covering both operational and technological elements, is meant to increase the capability of the single European states (while maintaining national sovereignty) and of Europe as a whole to respond to attacks and manage the consequent crises of the ATM service.
• Design and implement representative prototype components of the above ATM solution so as to demonstrate, through concrete developments, the functionalities and operations proposed for the future European ATM.
• Set up a realistic validation environment, representative of the target ATM solution, through which to perform validation exercises aimed at validating the feasibility and assessing the adequateness of the procedures, technologies, and human resources issues proposed.
The GAMMA project has been set up with a clear objective of building on previous research projects, and connecting with relevant European initiatives. From the very origin of the project, GAMMA was mandated by the EC to ensure strong coordination and alignment with the SESAR initiative.
Coordination with SESAR was inbuilt into the composition of the Consortium as most partners were directly or indirectly involved in the SESAR initiative. To reinforce this connection, the GAMMA project was structured so as to provide for a smooth interaction. One of the most significant outcome of this activity has been the delivery to SESAR2020 of the Security Risk Assessment and architecture modelling performed in GAMMA. This work has the potential for being seamlessly integrated into any future work in the ATM security domain since it is based on the same tools and methodologies adopted in SESAR.
In order to pursue the main objective of validating new concepts and technologies for ATM Security Management, the GAMMA project has maintained strong contacts with stakeholders and institutions with the aim of ensuring that the results derived from GAMMA were kept aligned with the general European framework for managing Security in ATM.
Project Results:
The initial phase of the GAMMA project involved a comprehensive assessment of the most feared security threats and vulnerabilities affecting the existing ATM system, considered as a ‘system of systems’ and covering operational as well as technological aspects.
This work was rooted on the new ATM scenarios introduced by the Single European Sky initiative and the Security Risk Assessment methodologies laid down in SESAR-
The ATM Security solution proposed by GAMMA builds on the principles and concepts related to Security Management in a collaborative multi stakeholder environment, while maintaining a strong link to the current International and European legal frameworks and the constraints imposed by the respect of national sovereignty. For this purpose, GAMMA defines three different layers with the aim of supporting security management at local, national and European level. The GAMMA architectural vision enhances the scope for cooperative management of ATM security while maintaining compatibility with the European ATM framework defined in the Single European Sky.
The GAMMA concept was realized in experimental environments through the development of 7 prototypes. The Security Management Platform prototype, or SMP, represents the core of the concept, implementing the principles of cooperative management of ATM security outlined in the vision. It is based on an information sharing platform for improved situational awareness and decision support functionalities. The SMP is fed by security related information sent by the other 6 prototypes, each representing specific security enhancements applied to the ATM domain and providing defence against security attacks at local level.
By integrating the prototypes into a larger validation environment, GAMMA was able to build complex geo-distributed platforms. GAMMA implemented three integrated validation exercises, demonstrating test cases for evaluating the GAMMA concept with external stakeholders and experts.
The first exercise was defined to handle uncoordinated attacks within the same country. It aimed at exploring the management of a hijacking event in which the SATCOM communication was deliberately disconnected in an area out of civil radar coverage, while satellite navigation was jammed in a separate unconnected incident. This exercise was set up using a distributed platform formed by the SMP prototype receiving security alerts from the SATCOM Security prototype and the Secure GNSS Monitoring System prototype. The SATCOM Security prototype is capable of detecting a threat targeting the SATCOM asset onboard the plane, while the Secure GNSS Monitoring System prototype is able to detect GPS jamming. Stakeholders and experts involved in this validation exercise recognized that the GAMMA concept implemented in this scenario enables an early reaction by the Military to hijacking events, saving valuable time for launching the scrambling of fighters. Measurements performed during the exercise runs revealed a reaction time saving of almost 4 minutes.
The second integrated exercise was designed to handle a coordinated attack within the same country. This exercise was set up using a distributed platform formed by the SMP prototype, receiving security alerts from the SACom and the ISS prototypes. While SAcom prototype is capable of detecting unauthorized speakers and non-conformance of flights, the ISS prototype is capable of detecting attacks to AEROMACS. The SMP correlates and displays the alerts received from the ISS and SACom prototypes allowing the GAMMA operator to initiate countermeasures. Stakeholders and experts involved in this validation exercise appreciated the benefits of automated detection of attacks and the ability to identify their correlation. This was recognized as enabling the rapid and efficient implementation of countermeasures
In the third integrated validation exercise a coordinated cyber attack affecting several European countries was combined with an additional uncoordinated cyber attack in one of these countries. Hacking of aeronautical weather data was successfully blocked by the IEG prototype while attacks on the on board communication systems were prevented by the IMC prototype. In addition, appropriate alerts were sent to the national Security Management Platforms by the local security prototypes. The correlation algorithms of the European SMP allowed the coordinated nature of the attacks to be identified in less than one minute. Validation carried out on this exercise together with stakeholders and experts demonstrated that the GAMMA set-up was capable of ensuring the activation of countermeasures in less than 2 minutes,
All validation activities performed within GAMMA explored the technological and operational opportunities derived from the widely accepted principles of collaborative ATM security management. The geo-distributed platforms setup to perform these exercises reflect the real world security challenges of interconnected systems and point to the opportunities opened up by the distributed deployment of validation platforms. The validation exercises highlighted concrete advantages enabled by the implementation of the GAMMA concept through the prototypes developed in the project.
Potential Impact:
The impact of the GAMMA has been enhanced through dissemination activities aimed at ensuring that the results emerging from the project were widely recognized by stakeholders and users as a basis for continued research and follow up activities beyond the life of GAMMA. At a strategic level, GAMMA has targeted the main European institutions with a role in framing the structure of ATM Security Management in Europe.
To maximize the impact of GAMMA and alignment with the global research strategy in ATM, GAMMA was structured to enable a strong coordination with SESAR. For this purpose GAMMA has been devised to complement and extend the SESAR ATM Security approach. A continuous coordination with SESAR was therefore foreseen during the project in recognition of the evolving context set by SESAR in the ATM security domain. One of the most significant outcome of this activity has been the delivery to SESAR2020 of the Security Risk Assessment and architecture modelling performed in GAMMA. This work has the potential for being seamlessly integrated into any future work in the ATM security domain since it is based on the same tools and methodologies adopted in SESAR.
In addition to SESAR, other European institutions targeted by GAMMA were EASA, EDA, Eurocontrol and EUROCAE. Coordination with EASA was specially fruitful as this institution was also included into the GAMMA Advisory board together with SESAR. Various meetings were organize with EDA and Eurocontrol, also within the framework of NEASCOG.
Contacts with EUROCAE are especially noteworthy as this critical dissemination activity was associated with the continuing standardisation of GAMMA results. The GAMMA solution was accepted as a baseline for the EUROCAE WG-72 ED-205 standard and GAMMA ensured its active involvement and contributions to the standard through dedicated representatives.
A large range of papers and presentations were given by GAMMA in conferences as part of dissemination activities ensuring that the impact of the project extended to the wider scientific communities as well as stakeholders and users involved in ATM security. Of special significance was the organization of a GAMMA seminar during the ATM World Congress 2017, in Madrid. To increase the impact, GAMMA was also represented on various partner booths during the ATM congress.
Validation workshops were also organized with the aim of ensuring a wider engagement of outside users in the validation of the GAMMA solutions. Separate workshops were therefore organized to coincide with validation exercises providing the opportunity for a hands on view of the results and opportunities made available by the GAMMA solutions.
In addition to specialized conferences, GAMMA has strived to engage with the wider public. Of special note was the GAMMA presence at the Cybertech 2017 exhibition organised in Rome which represented an opportunity to widen significantly the audience towards the general public as well as experts in the cyber domain.
The most impressive dissemination action taken by the project was its final event organized in Rome in November 2017. This event represented the perfect occasion to showcase the project results and ensure a lasting legacy for the project. For this occasion a project film was prepared providing a broad vision of the GAMMA activities and results. In addition a GAMMA Handbook was published and distributed with a collection of scientific articles prepared by the project partners on the subject of ATM security.
Exploitation of GAMMA results depends widely on the specific activities. For many prototypes, exploitation falls within a clearly defined roadmap defined for instance by SESAR or Clean Sky. In other cases the roadmap is less well defined and exploitation relies on the buy-in from stakeholders of the innovative concepts and technologies developed by GAMMA. It is for this reason that the active dissemination and engagement with stakeholders carried out throughout the life of the project is strictly connected to the successful exploitation of results.
List of Websites:
www.gamma-project.eu
Project coordinator: Giuliano d'Auria
email: giuliano.dauria@leonardocompany.com
Phone: +39 0641504448
Mobile: +39 3351629954