The use of ICT in civil aviation has increased exponentially in the last years. Digitalisation and the technological tools and systems often connected to the internet constitute serious risks for aviation cyber security. The Government Accountability Office (GAO) has recently stated that air traffic management and control (ATM/ATC) vulnerabilities could be used to undermine national security. Against this backdrop, several related questions arise: what technologies do air traffic management and control systems rely on? Are these systems vulnerable? Which actors could pose a threat to these systems? Do they have the technological skills to conduct attacks that could compromise them? The low technical skills of the non-state actors analysed in this research, the cyber security countermeasures adopted by ENAV and the preventive activities conducted by Italian authorities make the risk for Italian ATM/ATC systems low. However, it is necessary to keep a high level of attention and awareness on possible future developments of the cyber threat.
Final report of the research project “The defence of civilian air traffic systems from cyber threats”, conducted by the Istituto Affari Internazionali (IAI) with the support of Vitrociset. Presented at the conference “Protezione del traffico aereo civile dalla minaccia cibernetica”, Rome, 9 December 2015. This report was translated from Italian to English with the support of ENAV.
List of Acronyms
1. Cyber Security and Civil Aviation
1.1 Significant events
1.2 International efforts
1.3 Main arguments and scope of the study
2. Function and Components of ATM/ATC Systems
3. Cyber Threats to ATM/ATC Systems
3.1 Attack or not? Two views compared
3.2 Actors, objectives and modus operandi
3.3 Status of the cyber threat to ATM/ATC systems
4. The Italian Case Study
4.1 ENAV and air traffic management in Italy
4.2 Cyber threats to Italy
4.3. What danger to ATM/ATC systems in Italy?
4.3.1 Short-term assessment
4.3.2 Medium- to long-term assessment