Cyber Security in ATM (Air Traffic Management) is addressed in Directive EU 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. In this perspective, Commission Implementing Regulation EU/716/2014 on the establishment of the Pilot Common Project supporting the implementation of the European Air Traffic Management Master Plan is linked to this topic, mainly in relation to cybersecurity and information exchange, which may have an impact on the overall ATM community. In relation to the introduction of SWIM services and its capability of sharing information in a more connected aeronautical environment, cyber security risks are becoming relevant and it is therefore paramount to identify these risks, assess their possible impacts and mitigate them with appropriate measures. In this context, the main objective of this implementing project is to implement new and state-of-the-art approaches to cyber security, which will cover the identified gaps, as well as introduce a common and harmonised cyber security approach in Rome Fiumicino Airport, in order to continuously ensure that the proper measures are in place to secure uninterrupted operation.

Specific objectives:
The Implementing Project specifically aims to:

• Assess the current status of Rome FCO internal architecture and Cyber security defences, duly considering the foreseen future capabilities and technical features of SWIM infrastructure;

• Identify gaps to be closed and elaborate a detailed plan for the gap closure, taking into account the business objectives from other families;

• Define how PKI (Public Key Infrastructure) is intended to be used, identifying the connection to be established;

• Define requirements for external service providers and interrelation;

• Select cyber security framework;

• Reach an initial level of Cybersecurity standard by implementing two initiatives at local level.

Expected Results:

• the local level project necessary to apply the SWIM concept to ADR infrastructure is identified;

• the intervention necessary to reach the adequate security level is identified;

• actual cyber security defences are increased reducing the risk of errors and incidents and ensuring the full time availability of the firewall services, such as certification authority, rules management and VPN (Virtual Private Network) remote access;

• a state-of-the-art Firewall technology is implemented as a primary security measure, forming a virtual checkpoint to protect computers and other network devices from attack;

• continuous compliance and auditability are ensured;

• proactive risk analysis is performed to avoid security policy & compliance violations.

Performance Benefits:
The following benefits are expected to be provided by this Implementation Project:

• to integrate current and future cybersecurity policies, providing an initial alignment to SWIM service architecture with a high level of security

• paramount benefits provided to the airport IT infrastructure by protecting the overall IT systems
  against cyber-attacks, and in the meanwhile, making an assessment of the airport architecture and
  business requirements in order to be aligned with SWIM policies and technical requirements

• 20% reduction in working time for firwall rules management

Interdependencies with other projects:
The current project will improve the reliability of ADR network security infrastructure for the following projects:

• ASMGCS (Action 2016-EU-TM-0117-M, IP 2016_117_AF2)

• NOP (IP 2017_052_AF4)

• AOP (IP 2017_052_AF4)"

Read more