DocumentCode
2131148
Title
Security Blind Spots in the ATM Safety Culture
Author
Chivers, Howard ; Hird, John
Author_Institution
Dept. of Comput. Sci., Univ. of York, York, UK
fYear
2013
fDate
2-6 Sept. 2013
Firstpage
774
Lastpage
779
Abstract
In 2008 EUROCONTROL published Information and Communications Technology (ICT) Security Guidance to Air Navigation Service Providers (ANSPs), to assist them in complying with regulatory security requirements. The validation of that guidance included surveys which were conducted to contrast current practice in European ANSPs with a baseline control set based on ISO/IEC 27001:2005. The surveys are confidential and unpublished, however, by identifying the controls that are missing in all the survey responses it is possible to identify potential ´blind spots´ in Air Traffic Management (ATM) security while maintaining the anonymity of the respondents. Key issues identified in this way include security management and senior management engagement, system accreditation, the validation and authentication of data used by ATM systems, incident management, and business continuity preparedness. Since little can be said about the original surveys these results are necessarily indicative, so the paper contrasts these findings with contemporaneous audit reports on security in US ATM systems. The two sources prove to be in close agreement, suggesting that the issues identified are systematic difficulties in introducing security into Air Traffic Management culture.
Keywords
air traffic control; business continuity; security of data; ATM safety culture; air traffic management; business continuity preparedness; data authentication; data validation; incident management; potential blind spots identification; respondent anonymity; security blind spots; security management; senior management engagement; system accreditation; Business continuity; FAA; ISO standards; Information security; Standards organizations; Accreditation; Air Navigation Service; Air Traffic Management; Authentication; Business Continuity; Incident Management; Security Management;
fLanguage
English
Publisher
ieee
Conference_Titel
Availability, Reliability and Security (ARES), 2013 Eighth International Conference on
Conference_Location
Regensburg
Type
conf
DOI
10.1109/ARES.2013.103
Filename
6657319
Link To Document