For safety we need security


Dr. Andreas Gerstinger, Safety Manager, Frequentis AG, provides the ATM supplier perspective on safeguarding ATM operations.

In an increasingly automated world, the aviation industry is looking across its supply chain to develop and secure its operations both now and in the future. What this means is we need to find new solutions and ways of working to mitigate risk and uphold the highest standards of safety.

With the rise in use of networked functionality and commercial-off-the-shelf components in air traffic management, there is a growing requirement to address security vulnerabilities in operations.

Industry suppliers, including organisations like Frequentis, have always placed safety as top priority of our systems. As the industry is evolving and systems have become more complex however, it is also clear that we need security to provide safety; indeed security is an essential prerequisite for safety.

Safety and security

While it is acknowledged that safety and security are a priority this is not without it challenges. It can sometimes be the case that safety and security contradict each other. For example:

  • Patch vs. no patch: From a security point of view, patches must be applied as soon as possible, as an attacker may exploit a recently published vulnerability at any time. From a safety point of view, all changes to a system must be assessed in detail, and only applied after the safety case with all its related evidences has been approved.
  • Fail-safe vs. fail-secure: In case of a detected potential problem (e.g. by an intrusion detection system), shall the system shut down for security reasons, or maintain limited services for safety reasons?
  • Usability: Security measures often decrease safety and increase the failure potential (e.g. multifactor authentication at an operator panel), which contradicts safety principles (quick and efficient access, especially in time-critical situations).

These examples show areas of conflict, but we should not forget that in most cases safety and security go hand-in-hand

Both safety and security are risk-based activities. Both have to be considered from the beginning and along the whole lifecycle. And both require management attention and an appropriate organizational culture including awareness campaigns and sufficient training.

Ensuring cyber safety in ATM

Air traffic management is a classic safety-related field, and in the current world we need to provide equally secure solutions. CANSO’s Cyber Safety Task Force deals with safety and security in ATM systems; areas of conflict are considered, harmonization approaches evaluated, and appropriate guidelines are published on how to deal with safety and security in today’s world. This includes the CANSO Emergency Response Planning Guide and CANSO Standard of Excellence in Cybersecurity.

The CANSO Emergency Response Planning Guide helps ANSPs plan for the orderly and efficient recovery from emergency to normal operations, while the CANSO Standard of Excellence in Cybersecurity helps ANSPsassess and improve their cybersecurity performance, as well as their suppliers. These documents bring together the latest in safety and security best practice, and demonstrate how to navigate the two simultaneously.

Frequentis is proud to be an active member of the CANSO Cyber Safety Task Force, contributing its knowledge and experience to the development of global best practice. By working alongside other key players in the ATM industry, we can stay on the forefront of key issues and together develop comprehensive solutions and processes for the industry. This collaboration is vital in safeguarding operations, and key to ensuring that both safety and security are tackled effectively.

To find out more about the CANSO Cyber Safety Task Force or join, please get in touch via

Cyber security Safety