New study reports on the cyber-security of SESAR’s airport operations centre
SESAR’s airport operations centre (APOC) concept
Airports are increasingly data driven and rely upon accurate and timely information for efficient operations. Seamless exchange of information across integrated systems supports real-time decision-making for the benefit of all aviation stakeholders.
Increased connectivity has enabled resources to be used more efficiently, irregular operations to be overcome quicker and disruption has often been avoided altogether.
SESAR’s airport operations centre (APOC) concept is at the leading edge of these developments. APOCs are expected to become the nerve centres of future airports, allowing an unparalleled overview of operations and facilitating effective, fast decisions on how the airport can function most efficiently, especially under challenging circumstances.
Information integrated by APOCs will also contribute to network-level decisions, thereby making them a critical part of the future European aviation system.
Risk of malicious cyber attack
However, increased reliance on data and increased integration also increases the risk of malicious cyber attack that disrupts airport operations. It is therefore crucial that both input and output data is available, accurate and resistant to malicious manipulation.
Given that airport interconnectivity and integration is increasing, and cyber threats are becoming ever more sophisticated, understanding and managing cyber risk is a key concern. It is also vital that different airport and network partners are aware of cyber-threats and able to mitigate them together.
A bridge between SESAR 1 and SESAR 2020
A study undertaken within the context of SESAR (Project 06.03.01) has explored how cyber-security should be addressed in the APOC. Led by SESAR member, Eurocontrol, in collaboration with Helios, Groupe ADP and Professor Chris Johnson of the University of Glasgow, the study presents cyber-attack scenarios, ways of building trust between APOC partners, and approaches of sharing information on cyber-threats and risk. It also acts as a bridge between SESAR 1 and new work in SESAR 2020 which will focus on APOC-enabled total airport management (TAM).
Secure by design
In late October a final workshop was held with industry stakeholders, including members of the European Commission, SESAR Joint Undertaking, Eurocontrol, ACI Europe, partners from relevant SESAR projects, and airport operators. The study presented known and potential vulnerabilities, highlighting how reliance on insecure legacy systems and/or unprotected infrastructure components (eg heating, lighting and power) makes securing more advanced concepts harder.
Airports will need to manage cyber-vulnerabilities and threats across an extended supply chain. The study also revealed how physical airport security is increasingly reliant on security-security. Finally, a cyber-security maturity assessment tool was also offered to airport operators.
Subsequent discussion concluded that ‘secure by design’ is a key principle, and one that is being adopted in SESAR 2020 research and innovation activity.