ENAV Information Security Operation Centre (iSOC) is operated since 2009 in Rome ACC (Italy) and since then the main responsibility of iSOC is the identification of security risks related to information, systems and networks in accordance with ISO 27001 processes and standards (ENAV is ISO 27001 certified). To accomplish these objectives, ENAV iSOC implemented procedural and technical controls operated today in a single data centre, based on legacy hardware. Most of operational security services are based on Open Source software.

Today Security in ATM (Air Traffic Management) is an important topic also in Italian and European regulations (as per Directive EU 2016/1148 the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union).

Every day ENAV adapts its security process and technologies to be compliant with national and international standards and to emerging threats. For this reason, ENAV is already expanding its security controls to extend centralised authentication and parsing of security logs to selected operational servers and services in all Italian Air Traffic Control Centres (ACC).

ENAV is also planning to extend Security controls to PENS (Pan European Network Services), NewPENS networks and to ATC European programmes (e.g. Coflight As a Service).

To accomplish these growing needs, ENAV iSOC infrastructure and systems shall be upgraded to new and modern systems and technologies that shall be also in a full high availability shape and granting business continuity, adapting also internal processes (incident handling and response, monitoring etc.), skills and capacity.

To extend and complete ENAV Security Services catalogue, ENAV will create also a CERT (Computer Emergency Response Team) division that will be responsible to anticipate and solve the ATM cybersecurity challenges that ENAV will face in the next few years working closely with iSOC operators.