What’s in the Standard
The SESAR is considered the NEXTGen of Europe in the Aviation industry. The study was undertaken by Aeroports de Paris (Groupe ADP) and EUROCONTROL. This report is addressing cybersecurity protection of Airport Operations Centers (APOC) and Total Airport Management (TAM). Appropriately, it recognizes the current legacy systems and services, unauthenticated data sources and industrial control systems found in most global airports as insecure foundation of airport operations centers. To protect against the ensuing vulnerabilities which come from the aforementioned problems, unidirectional technology is listed as key technical control for protecting APOCs.
The SESAR program seeks to deliver new procedures and systems that provide tighter integration of stakeholders with European air traffic management.
Unidirectional technology is recommended throughout the document, specifically in sections entitled “Airports’ utopian future”, key technical controls, assurance levels, and summary of security architecture. This is big news for aviation cybersecurity, as it is the first document within that vertical we’ve come across to prioritize unidirectional gateways as key control system security. Unidirectional gateways are also mentioned in the context of read-only data, but what they mean here is a replication of their data to a less protected network such that the original data and control cannot be touched. Overall, if this guidance is widely followed within the aviation industry, the safety and security of passengers, crew, data, and aircraft would be dramatically improved.