cyber security in the world of virtualised atc presentations/virtual... · to organize air traffic...
TRANSCRIPT
PublicSafety
PublicTransport
Air TrafficManagement
Maritime
Defence Cyber Security in the world of virtualised ATCMaarten van der LeeSenior lead product manager - Frequentis
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|2
Deliver more safe and secure capacity for airspace users at lower cost.
ModernisationNextGen
North AmericaModernisation and efficiencyPerformance and growth
South AmericaAirspace fragmentationCost and efficiencySESAR
EuropePassenger and traffic growthAirport congestionModernisation
MEAPolitical situationModernization and cost
RussiaDiversity
Fastest growth / capacity limitsSafety and modernisation
Asia-Pacific
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|3
Virtual centre operations deliver the gain needed by the ANSPs to master future ATM targets
Virtual centreCollaboration and
contingency scenarios within an ANSP
Cross ANSP collaboration on
international level
Collaboration by sharing assets
Increased ATM service flexibility
Reduced operational cost
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|4
Designed for dynamic demand and flexible airspace structures
© by SESAR JU
Contingency and business continuity operations
Dynamically sized airspace
and flexible frequency allocation
Seamless integration with other
ANSPs
Safe handover of operations
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|5
Need for collaboration in and between ANSPs
TodayLimited
collaboration
Foreseeable futureSubstantial
collaborationConnectivity
via VoIPCollaboration
between networked VCSVirtual centres
based on open standards
§ ED-137 based§ Basic interoperability
(radio, phone, intercom)
§ VoIP radio networks§ Eliminates legacy
lines
§ Shared assets and cross-center sector handover
§ Collaboration based on standards
§ Improves efficiency
§ Communication services in the ATM network
§ Accesses services from where controllers are
§ Eliminates traditional VCS silos & costs
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|6
Different ADSP’s provide data and voice services to ANSP’sData sources like flight plan data, surveillance information are shared on the network
Also voice is provided as a shared service, abstracting the local implementation of safe air-ground communication infrastructure
The working position is implemented to follow the rule sets and operational model of each individual ANSP
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|7
§ Airspace will also in the future be structured in Flight Information Regions (FIRs)
§ FIRs might use sectors or not to organize air traffic control within their area of responsibility
§ The radio infrastructure and locations will not change as they determined by physics and not organization
SECTOR 1SECTOR 2
SECTOR 6
SECTOR 5
SECTOR 3
SECTOR 7
OPS Center 1
OPS Center 3
OPS Center 2
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|8
§ Today the radio infrastructure connects directly to the center VCSs
§ Groups of such radios are logically organized in frequencies
§ Controllers just use frequencies and seldom individual radios
§ Collaboration is implemented by center to center VCS links
SECTOR 1SECTOR 2
SECTOR 6
SECTOR 5
SECTOR 3
SECTOR 7
OPS Center 1
OPS Center 3
OPS Center 2
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|9
§ Frequencies can also exist as individual services within the network
§ Access to and usage of frequency services is independent of VCS
§ Frequency services reside wherever the network bandwidth cost is optimal
§ Frequency services are a shared asset on the network
SECTOR 1SECTOR 2
SECTOR 6
SECTOR 5
SECTOR 3
SECTOR 7
OPS Center 1
OPS Center 3
OPS Center 2
Frequency service f2
f1
f3
f4
f5
f6
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|10
§ Technical Centers concentrate technical assets and make them available within the network
§ Interoperable services realize the ATM functions for ANSP collaboration
SECTOR 1SECTOR 2
SECTOR 6
SECTOR 5
SECTOR 3
SECTOR 7
OPS Center 1
OPS Center 3
OPS Center 2
TechnicalCenter 1
TechnicalCenter 2
Frequency service f2
f1
f3
f4
f5
f6
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|11
§ Independent controller working positions in control rooms implement ATC operations by any ANSP in any FIR using anyinfrastructure by any technical center
§ Remoting of ATC operations is automatically built in
SECTOR 1SECTOR 2
SECTOR 6
SECTOR 5
SECTOR 3
SECTOR 7
OPS Center 1
OPS Center 3
OPS Center 2
TechnicalCenter 1
TechnicalCenter 2
Frequency service f2
f1
f3
f4
f5
f6 This is Frequentis vision of the „virtual center“
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|12
Centre “North”
Radio sites | N
3rd party VCS /SIP Phone
Radio sites | S
MISSION OP-N1ROLE N1 (F1|F2)
MISSION OP-S1ROLE S5 (F3)
High perf. VoIP LAN
RLS
501.000
Other FRQs Other FRQs
120.000
RLSVMCS
OP
High perf. VoIP LAN
High perf. VoIP LAN
VMCS
OP
IP IF10.17.25.50
IP IF10.18.25.75
Centre “South”
IP WAN
Role delegation
Sector delegation initiated from VCMS(acknowledged procedure)
Role ContactN1 [email protected] [email protected]
RLSREGISTRATIONS
2
1. OP-N1 operates mission with role N12. Role N1 is at RLS with contact address at IPIF of centre north
Role locationsstored in RLS 1
New sector responsibility integrated into receiving centre, using RLS updates
Handover is failsafe and seamless for both A/G and G/G communication partners
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|13
§ ADSP‘s and ANSP‘s will use the ATM-Grade network to interconnect and share voice and data services
§ This infrastructure is vital. Loss or impairment of it means degradation or loss of the virtual centre service
§ An appropriate security and safety case is required for operational use
IP
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|14
§ … a technical solution§ … an add-on§ …something that
comes by itself!
§ …never finished § …a culture§ …a holistic approach
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|15
§ ATM is critical infrastructure and needs to be protected
§ Change to all IP networks increases the threat level
§ A High Tech business with little worldwide regulations and little experience at ANSPs
§ SWIM on international level only thinkable if TRUST in information exchange is in place
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|16
with (inter)national regulations
UncertaintyComplexity
of implemen-tation
Highly technical & organisational
Lack of ANSP
collaboration
and nationalinterest
§ Many ANSPs have only limited responsibilities in place that implement protection within the ANSPs and with their suppliers
§ Diversity of technical systems in place
§ Lack of critical mass of experts
§ Collaboration is a pre-requisite for efficient protection and enforced by the nature of ATM and CyberSecurity
§ Trusted relationships between all participants need to evolve
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|17
Provide security evidencesShow that the ANSP infrastructure
is secured and compliant
Implementing security and safety
is a harmonised endeavour to ensure business continuity
This open infrastructuredemands for availability, integrety and
confidentiality - Security is paramount for the virtual centre concept
Rapid closing of new attack vectors
Know what is going on in- and outside ofyour infrastructure and react appropriately
© 2016 Frequentis AGCyber Security in the world of virtualised ATC|18
Virtual centerconcepts
Bilateralharmonisation
Demands foravailability,
integrity andconfidentiality
Safety & Security
are key for business continuity
§ of providers (ADSP‘s) and ANSP‘s work with a service oriented model
§ of operational procedures to handover airspace responsibility
§ driven by open infrastructure
§ Security is paramount forthe virtual centre concept
§ by separating the data and voice sources from the controller HMI– without major changes
to the local operational procedures
– without vendor lock-in