Digitalisation offers many benefits to air traffic management (ATM). Yet, with these technological innovations come challenges in managing new cyber vulnerabilities. The SEC-AIRSPACE will apply an innovative concept of people analytics (PA) to boost cyber security awareness within ATM. In this interview, Karin Bernsmed, Project Coordinator, offers a brief overview about the SEC-AIRSPACE project.

What is the rationale of the SEC-AIRSPACE project and what are its main objectives?

The rationale of SEC-AIRSPACE is the need to put more focus on cyber security in aviation. Our objective is to enable a more secure and resilient ATM, and we will do this by improving the way the SESAR Solutions do security risk assessment and by increasing the cyber security awareness and maturity amongst the involved stakeholders.

Can you describe the cyber security components used to combat cyber vulnerabilities?

SEC-AIRSPACE will enhance the existing methodologies and the best-practices for cyber security risk assessment currently adopted in ATM with prominent building blocks. Our baseline SESAR’s Security Risk Assessment Methodology (SecRAM). Much has evolved since its publication; we think it needs to be revised to help the ATM community reduce new risks associated with, for example, virtualisation and increased data-sharing scenarios. We will identify relevant threats and vulnerabilities and suggest countermeasures for addressing them. Our approach to security will be holistic, meaning that we will includes social, human, and organizational factors, in addition to the technical aspects.   

Can you describe the importance of applying the concept of people analytics in increasing cyber security awareness?

People analytics is a data-driven approach for developing insights for improving the work force in organizations. Our hypothesis is that it can also be used to increase cyber security awareness, which will a crucial part of any holistic approach to protect a system. We are thrilled to see to what degree People Analytics can help, for example, air navigation service providers and air traffic controllers, to be in a better position to detect and react to cyber security threats.   

How has this project built on the work of previous SESAR innovation projects?

This project builds on the partners' collective experience from cyber security research in ATM, including addressing security in previous SESAR projects (PJ05-W2, PJ14-W2, etc.), as well as working with security as a transversal topic in SESAR 2020.

What are the expected benefits of this project?

Our long-term ambition is to help make the Digital European Sky more robust, resilient, and secure!