How can SESAR stakeholders know that their methods for ensuring data security and operational integrity in the complex ATM domain really work? Would additional expensive security analysis and measures be worth the cost?
Evaluation and validation methodologies are integral parts of Air Traffic Management (ATM). They are well understood for safety, environmental and other cases – for which operational validation guidelines exist which are well defined and widely used. In contrast, the effectiveness of risk assessment practices for security, as well as comparative evaluation of such practices, is largely uncharted territory. There is limited information about the degree the practices and their corresponding activities provide security and whether or not these practices give return on investment.
Furthermore, there is limited knowledge about how to evaluate or compare security practices; there are no accepted metrics to decide that activity X works better than activity Y in a given setting. This becomes even more true in an uncertain and rapidly changing environment with changing demands by users and changing threats. EMFASE will investigate the above questions by applying different risk assessment methods on different application scenarios e.g. Airport Collaborative Decision Making and Remotely Operated Tower and by evaluating them with respect to their performance, security impact, usability, and economy.
EMFASE results will be: a) a framework for empirical evaluation of security risk assessment methods; b) guidelines to help security experts to select security risk assessment methods and c) Causal explanations of why selecting a risk assessment method in given circumstances will be the best decision.