Digital cybersecurity and network protection

How EUROCONTROL responded to the ever-changing landscape of cybersecurity

Over the decades, stakeholders within the field of aviation have been forced to pay more and more attention to potential cybersecurity threats. EUROCONTROL is one such party.

“When I joined EUROCONTROL 25 years ago, cybersecurity was not a concern,” Patrick Mana, Cybersecurity Program Manager at EUROCONTROL and European Air Traffic Management Computer Emergency Response Team (EATM-CERT) Manager, told AeroTime in an interview at World Aviation Festival 2023. “I started trying to introduce it in 2009, but there was no appetite for it.”

After several attacks and/or incidents, attitudes started to change. Part of that has been digitalization “that we are all facing,” Mana said, adding that cyber threats “are part of digitalization”, with cyber criminals also undergoing their digitization revolution too.

“The world has completely changed, the IT environment has completely changed,“ Mana noted.

One of the signs that the world has changed is the more frequent attacks against the European aviation system since Russia invaded Ukraine in February 2022. According to Mana, the frequency has increased “significantly” since that time, more specifically distributed denial-of-service (DDoS) attacks. He pointed out that those DDoS attacks have been mostly aimed at airports of countries that have supported Ukraine.

But the system’s resilience comes back to the proudest moment of his 25-year-long career at EUROCONTROL, namely the creation of the EATM-CERT. Supporting EUROCONTROL’s services that it provides to the air traffic control sector, EATM-CERT helps stakeholders “protect themselves against cyber threats that would impact the confidentiality, integrity, and availability of their operational IT assets and data”.

“It was something I pushed for at the beginning, we started from scratch, and we had to create everything,” Mana said, adding that the service is now helping stakeholders supporting the European aviation market and is being recognized for adding value.

“I am really happy about that,” Mana said.

Proactively countering threats

But there are ways to proactively counter cybersecurity threats, even within the realm of aviation.

By way of example, Mana pointed out that they were able to anticipate attacks on EUROCONTROL by finding threats from hacktivist groups on Telegram. Still, according to the EATM-CERT Manager, that does not mean that companies can come up with “miracles” and improve their systems’ resilience, “but at least people are ready”.

“From a human point of view and from a psychological point of view, it changes your mindset,” Mana continued, noting that knowing an attack is very likely coming can certainly change your mindset.

According to Mana, aviation, like any other sector, is prone to cyber attacks. Some attacks are aimed at the corporate level, with phishing activities, while others could impact the operational side of an organization.

“Air Navigation Services Providers [ANSP] are not the top targets,” Mana commented, adding that the reason is that they are “not commercially exposed”. The EUROCONTROL representative pointed out that the vast majority of cyber attacks are financially motivated, which is why attacks against ANSPs are hard to monetize.

“[ANSPs] do not hold, for example, passenger data, including credit card data,” he continued. While they are not immune from attacks, the greater proportion of the attacks can be compared to those affecting airspace users, airports, or aviation, including aircraft manufacturers.

Focusing on responding to cyber attacks

Still, cyber incidents within the domain of air traffic control have been rare, at least on the surface.

According to Mana, that is a good thing, because during a time of crisis, cybersecurity teams want to control the situation as much as possible. “We want to be the first to disclose information and to explain certain problems and there are cyber attacks that can take weeks or months to understand,” he said.

“The less you are in the media, the more you can work in a quiet way and focus on the cyber attack itself,” he added. Another reason Mana highlighted as to why some of those incidents might go under the radar, at least in terms of the general public, is that many people have no knowledge about the roles of ANSPs, even if they understand airlines and airports.

But for ANSPs and EUROCONTROL, the threats are similar to those that other industry service providers have continued to face.

“We are subject to attacks like phishing or malware because some cyber threat actors are randomly sending out emails, trying to enter a system, scanning, and they do not even know what kind of entity it is,” Mana explained. “But if they have a grip, they use it.”

However, the industry is also facing operational attacks, with hacktivists flooding systems with DDoS attacks, which is also seen due to the “geopolitical context” within Europe.

Regulations are also hard to navigate, Mana noted. “We have two sides of regulations, one from the International Civil Aviation Organization [ICAO] or from the European Union Aviation Safety Agency [EASA] and from the European Union [EU],” he noted.

“We have to reconcile the two and it is a challenge, not only from a compliance point of view but also from the reconciliation of the two, since [ICAO and/or EASA and the EU] can request nearly the same things in two slightly different ways,” Mana expressed.

This is especially true as, at the end of the day, EUROCONTROL as well as all aviation stakeholders have a single information security management system that they operate, which makes navigating regulatory hurdles a challenge.

At times another challenge could be the lack of data from aviation stakeholders of EUROCONTROL member states. While Mana noted that EATM-CERT has “a reasonable view of what is happening”, the more information the stakeholders share, the better. This would also help understand “variations across time and geographical areas” when aviation stakeholders are facing a cyber attack.

The landscape continues to change, too, not least with the dawn of the era of Artificial Intelligence (AI).

According to Mana, “the bad guys are using AI to generate more efficient attacks that are also less expensive, while also opening up the capability to conduct a cyber attack on a wider audience”.

“For us, that is an issue, because that will disrupt our understanding of who can attack and what motivated them to do so,” he said. “It is a change in the threat landscape, we maybe have new motivating factors and ways of executing cyber attacks that are generated by AI”.

Original article: How EUROCONTROL responded to the ever-changing landscape of cybersecurity

Author: Rytis Beresnevicius

First published on AeroTime

Single European Sky: EASA’s Air Traffic Management responsibility consolidated through new regulations

COLOGNE, September 15 – Personnel, procedures and equipment for Air Traffic Management (ATM) and Air Navigation Services (ANS) will in future all fall under the regulatory framework of the European Union Aviation Safety Agency, laying the basis for a more efficient and consistent approach to evolution of operations in support of the deployment of the Single European Sky.

The European Commission published five regulations comprising the new regulatory framework to manage the interoperability of systems and constituents used to provide ATM/ANS, which were adopted on the basis of EASA Opinion No 01/2023, in the Official Journal of the European Union today.

The package reinforces the role of EASA by bringing ATM/ANS equipment under the EASA certification framework, therefore ensuring that all elements impacting the performance of ATM/ANS services are consistently managed from an end-to-end perspective.

‘This publication marks a key milestone for the modernisation of the European air traffic management system,’ said EASA Acting Executive Director Luc Tytgat. ‘For the first time, there will be a single EU regulatory framework covering all aviation domains on the ground and in the sky, driving the transformation of the air transport system.’

The framework introduces harmonised requirements for the certification or declaration of ATM/ANS equipment, as well as the procedures for the approval of organisations involved in the design or production of such equipment. The driving principle is the essential need to achieve a single and mutually recognised compliance demonstration methodology for the equipment used to support ATM/ANS service provision.

This addresses previous interoperability shortcomings and enables a more efficient EU market for this equipment, resulting in a safer, more secure, interoperable, and efficient operation of the European ATM network for all phases of flight.

The new approach recognises the essential role and responsibility of the equipment suppliers in bringing solutions to the EU market that are fit for purpose and meet the required level of operational performance.

Finally, the new rules will strengthen the value of industrial standards in the demonstration of compliance with the Single European Sky needs and requirements. EASA is working intensively with all relevant industry partners to support the implementation of the package.

Original article: Single European Sky: EASA’s Air Traffic Management responsibility consolidated through new regulations

Author: European Union Aviation Safety Agency – EASA

First published on EASA News

US supports Vietnam in air traffic management

US supports Vietnam in air traffic management

An aircraft takes off at Noi Bai Airport in Hanoi on July 18, 2023. Photo by VnExpress/Giang Huy

The Vietnam Air Traffic Management Corporation (VATM) and the United States Trade and Development Agency (USTDA) signed a funding agreement on technical support on Monday.

The agreement focuses on building advanced concepts of operations (ConOps) and functional requirements for air traffic management automation system and requirements of air traffic flow management system in Vietnam

According to the VATM, the agreement contents were approved by the Ministry of Transport on August 15. The agreement is implemented by the U.S. Government through the USTDA, and the VATM is the recipient.

Under the deal, the USTDA will provide the grantee with US$3 million for technical assistance for building advanced concepts of operations and functional requirements for air traffic management automation system and requirements of air traffic flow management system in Vietnam. The U.S.’s MITRE Corporation will be the technical support provider.

Disbursement of the funding will be made directly by the USTDA to the MITRE. Payment will be made in accordance with the deliverables approval by the VATM.

The VATM said that the assistance aims to provide functional requirements and technical specifications that an air traffic flow management system (ATFM) needs for integrated delivery and enable VATM to meet Vietnam’s unique ATFM operational requirements.

It also provides functional requirements and technical specifications that the VATM needs to upgrade and purchase the ATFM system in short, medium and long terms.

Other objectives include defining the ConOps of the air traffic management (ATM) automation system and the high-level functional requirements for modernizing the ATM automation systems with integration into the vision of the air traffic flow management system and airspace design, while helping the VATM develop specific requirements and technical details of the ATM system to obtain air traffic management automation systems that best suit Vietnam’s flight information region (FIR) airspace design, and ensuring that operations and air traffic management systems and air traffic flow management systems in Vietnam are integrated.

Earlier in September 2017, the USTDA provided technical assistance worth over $915,000 to Vietnam to develop a master plan on air traffic flow management in Vietnam.

Established in 1961, the USTDA is an independent agency of the U.S. Government, aiming to promote the economic development and trade interests of the U.S. in developing and middle-income countries. It also helps U.S. businesses export their products and services, thereby creating jobs.

Original article: US supports Vietnam in air traffic management

Author: VNA

First published on VnExpress English

Digital towers, artificial intelligence, and the next generation of airport air traffic management

Not long before the pandemic, if you can remember such a time, I attended a Eurocontrol artificial intelligence (AI) summit in Brussels, at which people from across the industry gathered to attempt to cut through the hype and look at real, practical ways in which this disruptive technology could help transform how the aviation industry works.

Fast forward the best part of three years and our world has been transformed in a way that none of us could ever have anticipated. And even now, with the recovery still so fragile, talk of investing in new and what is often perceived to be a risky technology, would be further away than ever.

Using AI to support the return to long-term growth

But, of all the transformational technologies surrounding our industry, to my mind AI, especially when coupled with our ever-maturing application of digital tower concepts, remains the best placed to support the return to long-term growth in terms of improving efficiency, safety, and resilience. Those are issues that still matter today and will matter even more tomorrow.

One figure at that event that really resonated with me was the fact that less than 10 per cent of the data produced by the industry in Europe is used. That’s a massive, untapped resource and, long-term, a much more open approach to how data is stored and shared will be needed to unleash its latent value.

It is the ethos of harnessing the power of operational data that’s been the cornerstone of the work AI and digital tower specialists, Searidge Technologies, has been leading on for the past few years. Searidge began considering the ATM applications of AI by building on the technical expertise developed using machine learning and neutral networks to enhance tracking and detection capability in image processing.

Neural networks work by analysing datasets to ‘train’ and create an understanding of what normal operations look like. Once a period of training has taken place, the next stage is for outlier or marginal data to be highlighted in what is referred to as ‘anomaly detection’. This ability to detect operational events which are outside normal parameters is a key differentiator between machine learning and the traditional system development and coding, meaning the time between development and operational deployment can be shortened from years to months.

Working together with Searidge, our focus is on using AI and machine learning within the environment of a digital tower to identify ways of supporting controller decision making. This might be by using it to simultaneously monitor multiple areas of interest across an airport – like runway exit points e.g., something that humans simply aren’t physically capable of doing.

This ability can then be used to reduce the impact of external factors, such as weather, by creating a more predictable operation in terms of aircraft spacing and runway throughput. This focus doesn’t reduce the importance of people in the process, but rather looks at how to support the optimisation of human performance.

Reducing weather-related delays

To give a practical example, before the pandemic, we started a project looking at whether we could apply a combination of AI and digital tower camera technology to help cut airport weather-related delays.

We installed 18 ultra-high definition 4K cameras on the tower at London Heathrow and an additional 4K cameras at exit points on the airport’s northern runway. The images from those cameras were then fed live into Searidge’s AI platform, known as AIMEE.

When trained on enough data, AIMEE can identify the exact moment when an aircraft safely leaves the runway and then notify the controllers. The intent was to prove that when a tower like Heathrow’s disappears into low cloud, despite the taxiway and runways remaining clear, known as ‘VIS 2 conditions’, AIMEE could inform the controllers that the runway was free for the next arrival, something that would help recoup the landing capacity that’s lost in these circumstances.

Not only would this reduce delays for the airlines and their passengers, but it would also ensure safety is maintained and reduce the monitoring workload on the controllers. This would free them up to make other key decisions, whether that’s in support of capacity growth, resilience, safety, or efficiency.
During our trials, AIMEE continually monitored arrivals on Runway 27R/09L, identifying over 40,000 arrivals in all. Data analysis proved hugely exciting, showing AIMEE performed extremely well, including being able to identify aircraft in poor weather conditions and in darkness, when the 4K cameras were shown to perform better than the human eye.

So successful were the initial trials that we are now intending to extend the work to include more varied weather conditions, giving further opportunities to refine the model and test whether the solution would work in full CAT II/III low visibility conditions. If AIMEE performs as well as expected, it will prove an enormous benefit given the impact Low Visibility Procedures (LVPs) have on operations at airports around the world.

Automated voice clearances

To give another example, automated voice clearances are something that the industry has dabbled with in the past, but the technical hurdles have always seemed insurmountable. Not only must a system be able to issue the clearance safely and correctly, but it would also need to be able to understand the pilot’s response and act appropriately.

Again, here machine learning and AI could provide the key. Using AIMEE, we’ve been experimenting as part of a non-operational trial, by training the system to successfully monitor incoming radio traffic and respond by giving aircraft route clearances and transponder codes, including being able to interpret and respond to the ‘read back’ from the pilot over the radio.

It’s that ability to interpret ambiguity, which might include the use of non-standard phraseology or accented English (something humans are so good at), that has always been the real technical hurdle to the idea taking off, but the unique nature of AI and machine learning mean the results of our non-operational trials have been very encouraging.

AIMEE was asked to interpret the pilot request, check the details against the existing flight strip system and then respond to the pilot with the appropriate clearance or request for clarification. Obviously, this is a long way off being ready to deploy, but our analysis shows that with the provision of enough training data, AIMEE performed very well when monitoring real pilot RT transmissions.
If the work continues towards achieving something that’s one day operationally deployable, it could be possible to automate some of the more routine tasks controllers undertake, helping reduce their workload and again, leave them free to concentrate on the things where their skills and training are best employed.

Potential game changer

These are two radical applications, and while they are not ready for full operational deployment, to me the combination of the digital tower technology and AI is the real potential game changer in terms of airport performance.

One thing that was very clear is that despite the pandemic, we remain in an era accelerating change, with pressure to increase the rate at which new systems can be introduced safely. Technology is going to play a huge part in the future of ATM, with AI, machine learning and digital tower applications freeing people of routine tasks and allowing them to concentrate on decision making and performance. 

https://ift.tt/jEMogI5

via International Airport Review https://ift.tt/mga5yql

Air traffic controllers want to extend schedule of nighttime flights over Lisbon

Portugal’s air traffic control company NAV wants to extend the schedule of nighttime flights in Lisbon due to the implementation of the new Top Sky control system, a company source told Lusa.

Notice for the consultation of interested parties was published on Wednesday to start the procedure to approve an ordinance allowing for an exceptional regime concerning the operation of aircraft at Lisbon airport.

NAV’s official source told Lusa it is a question of extending the schedule of flights in Lisbon for the night period, not increasing the volume of traffic. More a case of “distributing flights over more hours, allowing the air traffic control system to be updated, as of 18 October”.

None of this sounds very clear. Lisbon airport is restricted to 91 flights per week between the hours of 00:00 and 06:00 due to noise.

In July, environmental association Zero stressed that noise levels at Lisbon airport still exceeded legal limits and warned that the night flight restriction regime was also not being complied with.

ZERO cited readings taken in the week beginning July 11, which indicated a total of 140 movements between 00:00 and 06:00.

Thus what NAV’s announcement really means is open to question.

The Top Sky project, common to six other countries and coordinated by Eurocontrol, was presented by NAV in 2019 and foresees an investment of €103.8 million until 2023, says Lusa.

Elsewhere, it is described as “the world’s most advanced air traffic control automation solution, designated to control en route, approach and oceanic traffic, both in civil and military environments.”

interested parties – which will include groups like ZERO – now have 10 days to comment on NAV’s request, says Lusa “after which a government decree will enter public consultation and will be known in greater detail”.

natasha.donn@portugalresident.com

The post Air traffic controllers want to extend schedule of nighttime flights over Lisbon appeared first on Portugal Resident written by Natasha Donn

via Portugal Resident https://ift.tt/6oASpXO

Outgoing Eurocontrol DG Reflects on His Tenure

The selection of Eamonn Brennan in the summer of 2017 to lead Eurocontrol signaled a meaningful change at the Brussels-based intergovernmental organization that coordinates the air traffic control system of over 40 states across Europ

Created with adobe illustrator. It is a vector file scale it to any size.

Iris ready to support 4D trajectory concept for aircraft in Europe

Improving air traffic management is widely seen as the ripest near-term initiative that aviation can take to reduce its carbon footprint.