Protecting ATM systems


The industry’s digital transformation makes cybersecurity a priority for air navigation service providers.

Aviation cybersecurity issues haven’t gone away despite the catastrophic downturn in air traffic. Numerous incidents have been reported with financial gain and intellectual property theft the main motivations.

Though troubling, it is a far cry from a worst-case scenario where malevolent actors take control of a connected aircraft.

Already, so-called white hat hackers – who work with authorities to find vulnerabilities – have demonstrated spoofing a traffic collision avoidance system (TCAS). The aim was to show ghost flights on a radar and fool the TCAS into erroneous decisions. Though still technically very difficult to achieve and likely to be spotted, it is possible.

Drone position spoofing attacks alerting air traffic control or a rogue drone compromised by a cyberattack are other possibilities that could affect situational awareness and decision-making.

Simply put, as the aviation digital landscape expands, so the potential vulnerabilities grow. Information sharing and open architecture are becoming commonplace increasing the surface area vulnerable to attack.

Defence and resilience

As the aviation value chain becomes ever more connected, it must continue to improve the defence and resilience of its technological systems. As CANSO notes in its new Standard of Excellence in Cybersecurity publication, “cybersecurity is not a choice but a requirement”.

There are standards and recommended practices contained in Annex 17 of the Chicago Convention. And various other authorities have weighed in too. European Organisation for Civil Aviation Equipment (EUROCAE) is reportedly working on updates to its Aeronautical Information System Security (AISS) Framework Guidance, Guidance on Security Event Management and new standards dedicated to ground systems.

Suppliers and academia are also striving to curtail the cyber threat. Indra, for example, has made cybersecurity a key part of its air traffic management (ATM) systems. The company estimates it can take companies some 240 days to detect and neutralise a threat. To prevent this lag, its Minsait unit simulates cyberattacks on ATM systems, reviewing the results.

Embry-Riddle Aeronautical University, meanwhile, is researching artificial intelligence (AI)-based technologies as a means to prevent or mitigate cyber threats.

The work is using a technique called deep learning, which can leverage highly unstructured data from a variety of sensors monitoring an airspace and identify previously unrecognised patterns.

CANSO’s Standard of Excellence in Cybersecurity, however, is an excellent starting point for air navigation service providers (ANSP) and can help an organisation develop through evolving levels of maturity.

“We believe that it is a useful and effective tool, easy to apply, and one which we can use to gradually approach the complexity of cybersecurity of critical processes, systems and technologies involved in the provision of air navigation services,” says Gerardo Sarmiento Fernández of ENAIRE’s Security Division.

“We are convinced that, as the model evolves, it will become increasingly useful, practical and it will be widely used by multiple aviation stakeholders,” he continues.

CANSO Standard of Excellence in Cybersecurity


The CANSO Standard of Excellence in Cybersecurity outlines thirteen elements contained within six functions that would be expected in an organisation with an effective approach to cybersecurity (see panel).

Moreover, there are five maturity levels, ranging from A to E. Level A signifies an informal arrangement, with responsibility on an individual rather than organisational basis. Level E represents international best practice, with actions measured and evaluated against defined criteria.

The Standard of Excellence in Cybersecurity states: “Achieving ‘Level C – Managed’ should provide an acceptable level of cybersecurity assurance for many ANSPs and is seen as the minimum target level. However, the target maturity level for each element should be based on a variety of factors, including an ANSP’s business objectives, threat environment and cybersecurity risks, regulatory and other requirements.”

The 13 elements

• Leadership and Governance
• Information Security Management Systems
• Asset Management
• Risk Assessment
• Information Sharing
• Supply Chain Risk Management
• Identity Management and Access Control
• Human-Centred Security
• Protective Technology
• Anomalies and Events
• Response Planning
• Mitigation
• Recovery Planning

The 6 functions

• Lead and Govern
• Identify
• Protect
• Detect
• Respond
• Recover


The CANSO Standard of Excellence in Cybersecurity allows an ANSP to see what measures should be in place once an organisation reaches a particular level of maturity.

It is important to fulfil all elements of one level before moving to the next level. Even if it is possible to fulfil one element at a higher level, an ANSP’s assessed level is the one in which all elements are fulfilled. In cybersecurity, an organisation is only as strong as the weakest link.

Furthermore, it should be understood that the selected elements, functions and maturity definitions comprise a framework for action. It should not be seen as a replacement for detailed audits and system analyses and an ANSP should still carry out tailored threat and risk assessments. The CANSO Cyber Risk Assessment Guide can help in this respect.


The CANSO publication lists three main benefits of a cybersecurity standard of excellence.

Firstly, it highlights what is necessary to manage cybersecurity risk in a systemic manner. All the main requirements – based on existing guidelines and standards – are listed clearly but the model is capability and process-based. Each ANSP can therefore determine its own way forward.

Secondly, the standard acts as a reference point for comparison, both internally and externally. It is especially useful as a summary for top management as it facilitates a harmonised approach across the ATM industry.

Thirdly, the guidance is the sum of inputs from across the aviation industry and other safety-critical industries. As such, it shows “what excellence in cybersecurity in aviation looks like”. It gives appropriate goals for every ANSP.

Fundamental element

Cybersecurity cannot be solved through a single solution. Rather, it is a commitment to continuously address weaknesses in policy, processes, technology and people to ensure data integrity and availability.

It is also a fundamental element in consumer trust of the industry. Every aspect of a journey is expected to be safe and secure and that includes the transfer of data. Any breaches of systems – even if minor – could affect trust in aviation and dampen air traffic demand. More than ever, it is crucial to get people flying again and good cybersecurity is one of the cornerstones of that ambition.

How ANSPs perform in cybersecurity is therefore crucial to the entire industry. They must ensure their ATM systems are not only resilient to attack but also that they collaborate with partners to uphold overall safety.