On Sunday 09.10.2022, the commander of the German Bundeswehr's Territorial Command General Breuer has warned of increasing attacks on the infrastructure in Germany. According to Breuer "every substation, every power plant, every pipeline can be attacked, can be a possible target" of these hybrid threats.
We live in a situation between not being completely at peace, but not really being at war either - the new security situation in Europe since the Russian attack on Ukraine. Hybrid threats are effects of a phenomenon called hybrid warfare. Hybrid Warfare employs political warfare and blends conventional warfare, irregular warfare, and cyberwarfare. Breuer describes the goal of such hybrid warfare as "needlesticks that are supposed to fuel uncertainty". According to Breuer, attacks and influence from abroad could increase. The security authorities need to adjust to this threat, Breuer told the newspaper. (Source: Bild am Sonntag, 09.10.2022).
"This is not about an enemy army with soldiers and tanks attacking our country," emphasized Breuer. "But there are influence measures, with attacks on infrastructure and cyber attacks, or, for example, reconnaissance flights with drones over barracks. In other words, pinpricks that are intended to stir up uncertainty among the population and shake confidence in our state" (Source: Tagesschau.de 09.10.2022).
Modern democracies are heavily relying on the free movement of labour and the exchange of goods. Aviation is a key enabler. ATSEP need to be vigilant. There are 2 axes where activity is needed:
The increased attack surface of modern interconnected ATM structures creates penetrable flanks to cyber-attacks due to its decentralized infrastructure. A major step to protect such infrastructures is a focus on protected identity of humans and systems, as well as protected data in transit and at rest. Read more.
The unnoticed obstruction of Northstream I and II within one day as well as the paralyzation of the northern German rail traffic in September / October 2022 show that surveillance infrastructure needs to be improved. Physical protection becomes difficult in times of omnipresent drones. Fences are not really a strong defense mechanism anymore. Nevertheless, physical protection of ATM infrastructure should be revised. Digital Watchdogs, e.g., monitoring through an SNMP bus allow rapid detection and switch over to backup systems.
Important for uninterrupted aviation is the redundant availability of ATM infrastructure. Parallel VPNs connecting decentralized infrastructure like radar towers, dual provision of UPS but also redundancy in surveillance and navigation infrastructure (e.g., increased development of Satellite based surveillance supporting terrestrial primary and secondary radars.
Ground based jamming devices to obstruct surveillance and navigation architecture are easily available in the Internet. ATSEP working positions need to be equipped with anti-jamming infrastructure. Read more about electronic warfare.
Improved Monitoring and Control across various vendor architectures is important to give the ATSEP a tool to limit system downtimes and to rapidly switch over from compromised sub-systems to back up systems. Automated, escalation-routine driven SMCs will allow to generate speedy escalation routines.
Current ATC SMCs are pretty much limited to vendor systems and local. Rapid improvement is necessary. SMCs needs to be comprehensive and vendor-agnostic. Like a cyber-security meshing, embracing all cybersecurity components, we need an SMC mesh. Service oriented SMCs, and watchdogs (e.g., SMNP network clients) are required at all critical system elements. ATSEP require an updated competence and skill profile. This included clearly defined authorization profiles and authorization features in the SMC infrastructure.
Read more articles about SMC.
Cybersecurity lives on continuous thread defense and response. This is reached by an active, sufficiently financed, equipped and trained cybersecurity incident response team (see webinar: CSIRT). The question whether CSIRT is part of ATSEP ir a parallel structure will remain an ongoing question and probably finds different answers in different ANSPs. But CSIRT alerts need to be propagated into the SMC software with related advise on immediate action and subsequent architectural improvements if needed.
Read more articles about cybersecurity in ATM.
Stay tuned to be always the first to learn about new use cases and training solutions in SMC and cybersecurity qualification for ATSEPs.
Or simply talk with us to discuss your training solution.