If you are an ANSP dealing with the transition to virtualized data sharing—this project developed updated risk assessment methods that prevent catastrophic system failures. It ensures your digital infrastructure remains resilient against cyber attacks.
Cyber Security Risk Management for Virtualized Air Traffic Control Systems
Imagine the air traffic control system as a giant digital network where planes and towers talk constantly. As this network moves to the cloud and shares more data, it opens new doors for hackers to cause chaos. This work creates a better way to spot these digital traps and trains the people running the system to recognize threats before they happen.
What needed solving
Modern air traffic systems are becoming too complex and interconnected, creating digital vulnerabilities. Current risk assessments don't sufficiently cover cyber threats or the human element of security awareness.
What was built
Updated cyber security risk assessment methods and a People Analytics approach to increase staff awareness, validated via two use cases.
Who needs this
Who can put this to work
If you are a software developer dealing with complex interconnected ATM systems—this project developed security requirements and guidelines. This allows you to build cyber-secure products that meet the 2026 resilience standards.
If you are an auditor dealing with outdated risk models for airspace—this project developed a method using People Analytics to measure staff awareness. This helps you provide more accurate security maturity reports to clients.
Quick answers
What is the cost or price for implementing these results?
Based on available project data, no commercial pricing or implementation costs are listed; the project received an EU contribution of EUR 999,764 for research and development.
Is this solution ready for industrial scale?
The project aims to provide guidelines and procedures for Initial Operational Capacity by 2026, meaning it is moving toward industrial scale but is not yet a turnkey product.
What are the IP and licensing terms for the risk assessment tools?
Based on available project data, specific licensing terms are not provided, though results are intended for dissemination to the ATM community and ongoing SESAR solutions.
How does this integrate with existing ATM systems?
It integrates by enhancing current risk assessment methodologies with cyber security components and providing requirements to mitigate identified risks in service-oriented architectures.
What is the timeline for the final results?
The project period runs from 2023-09-01 to 2026-02-28, with cyber-resilience guidelines expected for the 2026 Initial Operational Capacity.
Who built it
The consortium is well-balanced for technology transfer, consisting of 9 partners across 5 countries. With an industry ratio of 44% (4 industrial partners, 4 of which are SMEs), there is a strong link between the research conducted by SINTEF and the practical needs of the aviation market.
Contact SINTEF AS in Norway for technical inquiries regarding ATM risk assessment.
Talk to the team behind this work.
Contact us to connect with the SEC-AIRSPACE consortium for early access to 2026 resilience guidelines.