A practical example for validation of ATM security prototypes
Tim H. Stelkens-Kobsch
Received: 21 March 2017 / Revised: 20 November 2017 / Accepted: 27 November 2017 / Published online: 24 January 2018
Ó The Author(s) 2018. This article is an open access publication
The insights presented in this article are outcomes of a security research project that was initiated to collate and interpret
the latest ﬁndings gathered in the domain of air trafﬁc management security. The concept of a holistic approach to security
management has been evaluated. Due to the large scope of the project, only an excerpt of the ﬁndings is provided in this
article. This article focuses on a brief description of a security prototype validation methodology, developed within the
project. To provide tangible application of the methodology, the adoption to a security prototype is developed, which is
intended to enhance security of the air trafﬁc control voice communication system.
Keywords ATM security Á Validation Á Security prototype Á ATC radio communication
One underestimated challenge to the existing air trafﬁc
management (ATM) is the existence of security threats
imposed by intentional attacks on the infrastructure.
Security measures to avoid exploitation of vulnerabilities,
or to mitigate successful exploitation, have increased both
in number and in their effectiveness over time . Nev-
ertheless, since the main impact on ATM on September 11,
2001, the awareness about new and serious threats has
increased. This consequently results in the need for security
solutions which propose (1) security controls to avoid the
penetration of the ATM system, (2) measures to mitigate
the inﬂuence of successful intrusion, and (3) countermea-
sures to keep the impact on the ATM system at
Programs to toughen up ATM for the future such as
SESAR, NextGen, or CARATS provide extensive guid-
ance material for enhancing safety and security [2–4].
However, when it comes to implementation, the number of
projects or initiatives is extremely small.
The Project GAMMA
marked the ﬁrst implementation
of SESAR (Single European Sky ATM Research) guidance
material regarding security risk assessment and treatment.
The work in the project followed the Security Risk
Assessment (SecRAM)  and treatment postulated by
SESAR. This was accompanied by the application of the
minimum set of security controls (MSSC) . As a sum-
mary, the following steps were taken in the development
phase of GAMMA regarding all kinds of processes
throughout the known ATM:
• Identify the primary and supporting assets.
• Identify vulnerabilities.
• Invent the attack scenarios.
• Name the security objectives.
• Analyze and treat the risks.
• Deﬁne security controls.
This article discusses a subset of the project outcomes. It
brieﬂy describes the postulated security prototype valida-
tion methodology and, more comprehensively, its practical
application. This may be used as the blueprint and an
example for validating other ATM security-oriented
A dedicated prototype for secure air trafﬁc control
(ATC) voice communication shall serve as a practical
example for applying the described validation methodol-
ogy. This prototype will close the known security
& Michael Finke
Deutsches Zentrum fur Luft- und Raumfahrt e.V.,
GAMMA, http://www.gamma-project.eu. The research leading to
the results presented in this article has received funding from the
European Union’s Seventh Framework Programme under Grant
Agreement no. 312382.
CEAS Aeronautical Journal (2018) 9:157–170