Application of cyber security to ANSP and SWIM services at LFV
The overarching goal of the Implementing Project (IP) is to implement SWIM cyber security, including Identity and Access Management with Public Key Infrastructure (PKI), and SWIM infrastructure to enable initial SWIM services at LFV. The Implementing Project will implement a robust, harmonised and systematic approach to cyber security, which will cover the identified gaps. Cyber security controls are to be implemented at both, strategic, operational and technical levels, using a combination of top-down and bottom-up approaches to improve LFV's cyber resilience, enabling future SWIM tasks and integrations to be performed safely and securely.
This Implementing Project will be performed in close coordination with IP 2017_066_AF5 (Implementing harmonised SWIM (Y) solution in COOPANS ANSPs and general PCP compliance), which will develop a harmonised cyber-security framework across the five COOPANS ANSPs (including LFV) for the harmonised COOPANS SWIM yellow profile infrastructure. The technical capabilities covered by this project will be developed within this harmonised framework.
Though the work undertaken through IP 2017_066_AF5 will develop a COOPANS-level framework to guide the harmonised implementation of SWIM cyber-security in each COOPANS ANSP, this Implementing Project is necessary to implement robust technical and organisational capabilities to ensure the security of SWIM services within the Yellow Profile at LFV. This Implementing Project will therefore provide near-complete coverage of PCP Family 5.2.3. within Sweden (with the future introduction of the SWIM Blue Profile to close the small remaining part of the gap for 5.2.3, not funded under this Action), enabling the implementation of safe and secure SWIM-compliant FIXM, AIXM and WIXM data exchange.
There is an additional interdependency with IP 2017_084_AF5 - SWIM Common PKI and policies & procedures for establishing a Trust framework, which is led by EUROCONTROL. This Implementing Project is dependent on consistency with the common Public Key Infrastructure (PKI), covering policies and procedures that will be established in the EUROCONTROL project.
This IP specifically aims to:
1 - Develop a cybersecurity policy and roadmap to protect Swedish air navigation services, which will be performed in coordination with IP 2017_066_AF5 (Implementing harmonised SWIM (Y) solution in COOPANS ANSPs and general PCP compliance).
2 - Enable initial SWIM services within the Yellow Profile at LFV
3 - Fill the gaps in PCP Family 5.2.3 in Sweden (except for those related to SWIM blue profile).
4 - Enable the implementation of safe and secure SWIM-compliant FIXM, AIXM and WIXM data exchange.
A robust and secure cyber security baseline is implemented. In addition to this, overall policies, procedures and technical functionality needed to establish robust cyber resilience are implemented.
Implementation of cyber security measures (including policies, procedures and technical functionalities such as firewalls, network security monitoring, malware defenses and added threat intelligence capabilities) that enable the introduction of a more robust, safe and secure SWIM services for Yellow SWIM TI Profile data exchanges and SWIM
Enablement of the deployment of secure and safe services, conducted as part of Action 2015-EU-TM-0196-M #2015_118_AF5. The cyber security measures will align to the upcoming EU Common PKI solution and support the following areas addressed in 2015-EU-TM-0196-M #2015_118_AF5:
o Efficient flight planning and efficient and secure exchange of information and data within LFV, via the Yellow SWIM TI Profile
o Exchange of data related to other Yellow Profile SWIM services, including Aeronautical Information Management
Enablement of cyber security measures (at an Yellow SWIM TI Profile level) that will support and be a part of implementation of technical solutions for deployment Families 5.3.1, 5.4.1, 5.5.1, and 5.6.1 within Sweden.
Laying the foundation in design and functionality needs of cyber security baseline measures, related to demands extracted from the SWIM TI profile specification. Acquisition of knowledge, experience and expertise to inform and facilitate the implementation of functionalities from the families 5.3.1, 5.4.1, 5.5.1, and 5.6.1.
This is crucial as LFV, and European Air Traffic Management more generally, is becoming much more inter-connected, which introduces new cyber-risks to safety-critical operations. Vitally, migrating unprotected legacy systems to a network connected to the internet may introduce vulnerabilities and new risks into the overall network. The deployment of SWIM will involve the connection of legacy systems to the internet, and so the implementation of SWIM cyber security is imperative to ensure the security of both the future SWIM network and other connected systems. The performance benefit is reducing security risk, the readiness to deploy new ATM functionalities, and the flexibility to adapt further in the future.
From a SWIM perspective, the project enables safe and secure SWIM services at LFV. The near-term goal is connecting systems through SWIM services to allow for more efficient flight planning and delivering efficient exchange of information and data within LFV and its stakeholders. This project therefore is facilitating Action 2015-EU-TM-0196-M #2015_118_AF5, which involves the implementation of an Integration Platform within Swedish airspace, allowing for more efficient flight planning and delivering efficient exchange of information and data within LFV, and using the Yellow SWIM TI Profile. This Action is necessary to close the gap for family 5.5.1 (Cooperative Network Information Exchange system) within Sweden. Following on from this already-defined action, the medium-term task is then to use the same secure integration platform for LFV's transition to using the Yellow Profile for other SWIM services, including Aeronautical Information Management, by enabling the ability of the platform to integrate and perform within the AIM functionality, in line with the objectives outlined in the family 5.3.1. Similarly, the platform will then support WIXM data exchange.Cyber controls need to be sufficient and robust enough to be compliance with expected SWIM Governance mechanisms.
Overall, the expected outcomes and benefits to LFV are:
Availability of safe, secure and resilient services
Enabling defence in depth
Lower costs from less legacy equipment
Better information sharing
Agility to change and adapt
Reduced security risk
Compliance with PCP
Better security posture for regulatory requirements
These expected benefits will be translated into the following performance benefits:
Improvement of Safety – EnRoute by 10% in the DK-SE FAB;
Improvement of Safety – TMA by 10% in the DK-SE FAB;
Improvement of Capacity – EnRoute by 5% in the DK-SE FAB;
Improvement of Capacity – TMA by 5% in the DK-SE FAB;
Improvement of ANS Cost Efficiency - Airport Ground by 2% in the DK-SE FAB;
Improvement of Flight Efficiency in Time - EnRoute by 1% in the DK-SE FAB;
Improvement of Flight Efficiency in Time - TMA by 1% in the DK-SE FAB;
Improvement of Flight Efficiency in Fuel- EnRoute by 1% in the DK-SE FAB;
Improvement of Flight Efficiency in Fuel- TMA by 1% in the DK-SE FAB."
- Project Type: Air Navigation Service Provider
- CEF Call Year: 2017
- Civil/Military: Civil
- Multistakeholder: No
- Main AF: AF5 - Initial System Wide Information Management
- Sub AF: S-AF 5.2 - SWIM Technical Infrastructure and Profiles
- Progress Percentage: 24%