Cyber security and the future of safety-critical air traffic management: Identifying the challenges under NextGen and SESAR

This paper introduces the SESAR and NextGen programmes for the modernisation of Air Traffic Management (ATM) across Europe and North America. These initiatives were envisioned at a time when cyber-security was less of an issue than it is today. The US Government Accountability Office and the European Commission have subsequently raised significant concerns that the core components of SESAR and NextGen must be secured against new generations of malware, including mass-market attacks and state sponsored advanced persistent threats. There is an urgent need to retrofit security into those components that have already been deployed and to ensure the resilience of all future concepts of operation. Without urgent action there is a considerable risk of sustained disruption with significant impact on the travelling public while we work to recover in the aftermath of an attack. This paper identifies a number of common concerns - for example, neither SESAR nor NextGen have resolved the tensions that arise when trying to ensure both the safety AND security of complex ATM software. The aim is not to criticise individuals or teams within these programmes; there are cogent reasons for the problems that we now face. In contrast, the intention is to identify common opportunities, to coordinate mutual mechanisms for increasing confidence in the exchange of digital information across these future infrastructures and to provide mutual assistance if an attack ever undermines the safety of our aviation networks.