Overview

This Implementation Project (IP) consists of the implementation of local PKI infrastructure including appropriate cyber security measures/systems in line with requirements based on the result from the ongoing work related to SWIM governance. Furthermore it encompasses the implementation of SWIM infrastructure as basis for the implementation of ATM information exchanges according to the PCP regulation (aeronautical, meteorological, cooperative network and flight information exchange) which is vital for the air transport business. This in turn will support enhanced connectivity which is fundamental element in achieving social and economic growth.
Furthermore this project will liaise with projects run by Eurocontrol regarding common SWIM infrastructure (Family 5.1.3) and Common SWIM PKI and cybersecurity (Family 5.1.4). This is essential for local preparation and adoption. Being part of the NM Airport network common SWIM activities will have a major effect on how local adoptions are made.
Modern ATM systems design is using more and more common and open components, services and standards. This trend exposes systems to increased cybersecurity risks, it is therefore paramount to identify these risks, assess their possible impacts and mitigate them with appropriate measures. Some components of this family are particularly exposed to these cybersecurity risks and this IP addresses this and appropriate actions to mitigate them.

Specific objectives:
The Implementing Project specifically aims at developing the systems needed to operate a PKI and its associated trust framework in order to produce and manage digital certificates, e.g. Certification Authorities, validation services such as OCSP (Online Certificate Status Protocol) or CRL (Certificate Revocation List), user interfaces, systems supporting the Registration Authority and Policy Management Authority roles.

Expected Results:

• Trusted environment (PKI) is established

• Cyber resilience requirements are implemented

• Training, Education and Cyber Security Awareness is carried out

• Governance structure (in alignment with SWIM governance) is defined

• The initial Certificate Policy/Certification Practices Statement(s) is developed and approved.

• Membership Agreement is developed.

• Better integration between systems that support API Integration Solutions with the cloud services used by customers, partners or employees is ensured.

• policy based network access restrictions and authentication of connected LAN or Wi-Fi endpoints across the Swedavia network infrastructure are improved with 802.1x/ISE.

• Implementation of 802.1x/ISE to the endpoints includes, among other information, network accessibility limitations that Swedavia wants to enforce at the endpoint.

Performance Benefits:

• Avoidance of expensive redesigns using proven methodologies: The number of approved architectural reviews is expected to be increased with 105

• Accelerated successful implementation (API): The number of successful API-implementations in terms of time, money with expected result, is increased with 30% per year.

• Mitigated risk during implementation: The number of successful API-implementations in terms of time, money with expected result, is increased with 30% per year.

• Improved productivity by designing proper coverage and capacity. It is expected to be 35% less point to point integrations per year, (measured as API calls translated to amount of integrations needed without this design).

• Faster migration to next-generation Network (802.1x), which would mean 100 % access control on publically exposed network interfaces by 2020

• Identity and Access Management (IAM), 100 systems linked to the Single Sign on function by the end of 2020 and 200 by the end of 2022.

• 100 % access control on publically exposed network interfaces by 2020

• Reduced deployment time through extensive planning and design, which would lead to 40% time improvement from registered change to production by 2022.