Aerospace and Electronic Systems Magazine November 2017 - 7

Asgari et al.
sistent cross-border coordination capability. This is to relay
relevant information across different European nations and
to ensure timely coordination with international parties (e.g.
other ICAO regions), regional/global organizations (e.g.
European Network and Information Security Agency - ENSIA), and incident management functions (e.g. European
Aviation Crisis Coordination Cell - EACCC).
The operators represent the actors who directly interface with
the specific security system in order to perform the regular and
continuous security incident/situation management activities. The
users include the relevant stakeholders connected through specified interfaces. They are provided with relevant security information concerning the state of ATM system/s in the form of the
need-to-know principle. The security information shared between
ATM stakeholders includes alerts, countermeasure actions, and
reports with the possibility of sanitizing sensitive information at
each level.

RISK ASSESSMENT METHODOLOGY
GAMMA has adopted the methodologies developed by SESAR in
Work Package 16 including SecRAM (Security Risk Assessment
Methodology) [11] and MSSC (Minimum Set of Security Controls) [12].
In this work, the scope and boundaries of the ATM system are
defined using SecRAM, which is based on ISO 27005 [13]. This
methodology requires establishing the context for defining the
boundaries of what one wants to analyze; sets out the scope of the
security analysis; and specifies the criteria that will be used to assess the risk, in order to provide consistent and defensible results.
The process adheres to the following steps.
1. Establish the context and an accurate scope: describe the system that is the target of the study, boundaries, and the dependencies on other systems and infrastructure.
2. Identify the assets: there are two types of assets: primary assets
(PA) and SA. PA are the main resources that are the targets of
attacks, i.e., functions, processes, activities, information, and services that need to be protected; SA are tangible entities that enable
and support the existence of PA. Entities involved in storing, processing, and/or transmitting PA are classified as SA. SA have vulnerabilities that are exploitable by threats aiming at impairing PA.
3. Impact assessment: for each PA the required level of confidentiality (C), integrity (I), and availability (A) must be identified. This
evaluation is based on a scale ranging from 1 to 5 (defined in SecRAM) to be associated to each of the C, I, and A criteria related
to each PA. To perform this assessment, the impact is evaluated
due to the loss of C, I, and/or A for each of its PA on each of the
impact areas (safety, capacity, environments, costs, etc.).
4. Evaluate the assets: all PA are linked with at least one SA, and
all SA are linked with at least one PA. They will inherit the C,
I, and A levels of the PA they support.
5. Identify the threats and threat scenarios: identify possible (or
credible) threat sources and the related threat scenarios to highNOVEMBER 2017

light all routes through the system that an attacker may use to
access an SA.
6. Evaluate the impact of attacks: assess the harm resulting from
each SA being targeted by an attack by taking into account the
value of the asset in terms of the C, I, and A pertinence of the
threat.
7. Evaluate the likelihood (probability) of each threat scenario:
estimate the chance that the threat occurs and that the threat
scenario sequence is completed successfully.
8. Assess the security risk: evaluate the risk level associated to
each combination of threat and threat scenario based on their
likelihood and impact on the assets. Risk is defined as a function of the likelihood of a given threat source exercising an
action on a particular potential vulnerability, and the resulting
impact of that has adverse effect on the network system.
9. Verify the risk level against the security objective: evaluate
and verify the evaluated risk level against the defined security
objectives as a measurable statement of intent relating to the
protection of a PA. Security objectives correspond to the level
of risk that a PA is prepared to accept on the C, I, or A criterion,
before any action is deemed necessary to reduce it.
10. Risk treatment: define the action to take, which can be to accept or tolerate the risk, reduce the risk, avoid the risk by withdrawing from the activity, or transfer the risk to another party
to manage it. If the action is to reduce the risk, define a set
of security controls and the associated requirements to reduce
the risk to an acceptable level (i.e. within the risk appetite, see
[11]).
11. Security controls: implement and put in place the security controls and functions identified during the risk treatment step.
The prerequisite for performing a risk assessment is to clearly
define the system under threat, which is represented in this study
by the reference model. We now apply the above process.

CONTEXT, SCOPE AND ASSETS
OPERATIONAL CONTEXT - FUNCTIONAL ARCHITECTURE
SESAR planned its work in operational focus areas that comprise
a series of projects and developments. Given the large perimeter
of European ATM context and the project time frame, we focus
on security aspects ensuring consistency across the defined ATM
system of systems but have limited the scope to the most relevant
functional entities with the highest impact attack scenarios.
Hence, a federated architecture is considered for realizing the
conceptual model specified in the previous section. The core of
this architecture is formed by the SMP. SMP specifies the technical
security functions corresponding to the NGSMP and EGCC levels.
It is intended to provide a number of functions including cyber security intelligence, attack effect prediction (AEP), and situational
awareness by applying techniques for cross-correlation of events,
decision support, and support for the coordinated management and

IEEE A&E SYSTEMS MAGAZINE

7



Table of Contents for the Digital Edition of Aerospace and Electronic Systems Magazine November 2017

No label
Aerospace and Electronic Systems Magazine November 2017 - No label
Aerospace and Electronic Systems Magazine November 2017 - Cover2
Aerospace and Electronic Systems Magazine November 2017 - 1
Aerospace and Electronic Systems Magazine November 2017 - 2
Aerospace and Electronic Systems Magazine November 2017 - 3
Aerospace and Electronic Systems Magazine November 2017 - 4
Aerospace and Electronic Systems Magazine November 2017 - 5
Aerospace and Electronic Systems Magazine November 2017 - 6
Aerospace and Electronic Systems Magazine November 2017 - 7
Aerospace and Electronic Systems Magazine November 2017 - 8
Aerospace and Electronic Systems Magazine November 2017 - 9
Aerospace and Electronic Systems Magazine November 2017 - 10
Aerospace and Electronic Systems Magazine November 2017 - 11
Aerospace and Electronic Systems Magazine November 2017 - 12
Aerospace and Electronic Systems Magazine November 2017 - 13
Aerospace and Electronic Systems Magazine November 2017 - 14
Aerospace and Electronic Systems Magazine November 2017 - 15
Aerospace and Electronic Systems Magazine November 2017 - 16
Aerospace and Electronic Systems Magazine November 2017 - 17
Aerospace and Electronic Systems Magazine November 2017 - 18
Aerospace and Electronic Systems Magazine November 2017 - 19
Aerospace and Electronic Systems Magazine November 2017 - 20
Aerospace and Electronic Systems Magazine November 2017 - 21
Aerospace and Electronic Systems Magazine November 2017 - 22
Aerospace and Electronic Systems Magazine November 2017 - 23
Aerospace and Electronic Systems Magazine November 2017 - 24
Aerospace and Electronic Systems Magazine November 2017 - 25
Aerospace and Electronic Systems Magazine November 2017 - 26
Aerospace and Electronic Systems Magazine November 2017 - 27
Aerospace and Electronic Systems Magazine November 2017 - 28
Aerospace and Electronic Systems Magazine November 2017 - 29
Aerospace and Electronic Systems Magazine November 2017 - 30
Aerospace and Electronic Systems Magazine November 2017 - 31
Aerospace and Electronic Systems Magazine November 2017 - 32
Aerospace and Electronic Systems Magazine November 2017 - 33
Aerospace and Electronic Systems Magazine November 2017 - 34
Aerospace and Electronic Systems Magazine November 2017 - 35
Aerospace and Electronic Systems Magazine November 2017 - 36
Aerospace and Electronic Systems Magazine November 2017 - 37
Aerospace and Electronic Systems Magazine November 2017 - 38
Aerospace and Electronic Systems Magazine November 2017 - 39
Aerospace and Electronic Systems Magazine November 2017 - 40
Aerospace and Electronic Systems Magazine November 2017 - 41
Aerospace and Electronic Systems Magazine November 2017 - 42
Aerospace and Electronic Systems Magazine November 2017 - 43
Aerospace and Electronic Systems Magazine November 2017 - 44
Aerospace and Electronic Systems Magazine November 2017 - 45
Aerospace and Electronic Systems Magazine November 2017 - 46
Aerospace and Electronic Systems Magazine November 2017 - 47
Aerospace and Electronic Systems Magazine November 2017 - 48
Aerospace and Electronic Systems Magazine November 2017 - 49
Aerospace and Electronic Systems Magazine November 2017 - 50
Aerospace and Electronic Systems Magazine November 2017 - 51
Aerospace and Electronic Systems Magazine November 2017 - 52
Aerospace and Electronic Systems Magazine November 2017 - 53
Aerospace and Electronic Systems Magazine November 2017 - 54
Aerospace and Electronic Systems Magazine November 2017 - 55
Aerospace and Electronic Systems Magazine November 2017 - 56
Aerospace and Electronic Systems Magazine November 2017 - 57
Aerospace and Electronic Systems Magazine November 2017 - 58
Aerospace and Electronic Systems Magazine November 2017 - 59
Aerospace and Electronic Systems Magazine November 2017 - 60
Aerospace and Electronic Systems Magazine November 2017 - 61
Aerospace and Electronic Systems Magazine November 2017 - 62
Aerospace and Electronic Systems Magazine November 2017 - 63
Aerospace and Electronic Systems Magazine November 2017 - 64
Aerospace and Electronic Systems Magazine November 2017 - Cover3
Aerospace and Electronic Systems Magazine November 2017 - Cover4
http://www.brightcopy.net/allen/aesm/34-2s
http://www.brightcopy.net/allen/aesm/34-2
http://www.brightcopy.net/allen/aesm/34-1
http://www.brightcopy.net/allen/aesm/33-12
http://www.brightcopy.net/allen/aesm/33-11
http://www.brightcopy.net/allen/aesm/33-10
http://www.brightcopy.net/allen/aesm/33-09
http://www.brightcopy.net/allen/aesm/33-8
http://www.brightcopy.net/allen/aesm/33-7
http://www.brightcopy.net/allen/aesm/33-5
http://www.brightcopy.net/allen/aesm/33-4
http://www.brightcopy.net/allen/aesm/33-3
http://www.brightcopy.net/allen/aesm/33-2
http://www.brightcopy.net/allen/aesm/33-1
http://www.brightcopy.net/allen/aesm/32-10
http://www.brightcopy.net/allen/aesm/32-12
http://www.brightcopy.net/allen/aesm/32-9
http://www.brightcopy.net/allen/aesm/32-11
http://www.brightcopy.net/allen/aesm/32-8
http://www.brightcopy.net/allen/aesm/32-7s
http://www.brightcopy.net/allen/aesm/32-7
http://www.brightcopy.net/allen/aesm/32-6
http://www.brightcopy.net/allen/aesm/32-5
http://www.brightcopy.net/allen/aesm/32-4
http://www.brightcopy.net/allen/aesm/32-3
http://www.brightcopy.net/allen/aesm/32-2
http://www.brightcopy.net/allen/aesm/32-1
http://www.brightcopy.net/allen/aesm/31-12
http://www.brightcopy.net/allen/aesm/31-11s
http://www.brightcopy.net/allen/aesm/31-11
http://www.brightcopy.net/allen/aesm/31-10
http://www.brightcopy.net/allen/aesm/31-9
http://www.brightcopy.net/allen/aesm/31-8
http://www.brightcopy.net/allen/aesm/31-7
https://www.nxtbookmedia.com