SciTransfer
SEC-AIRSPACE · Project

Cyber Security Risk Management for Virtualized Air Traffic Control Systems

transportTestedTRL 5

Imagine the air traffic control system as a giant digital network where planes and towers talk constantly. As this network moves to the cloud and shares more data, it opens new doors for hackers to cause chaos. This work creates a better way to spot these digital traps and trains the people running the system to recognize threats before they happen.

By the numbers
999,764
EU Contribution in EUR
2
Realistic use cases for validation
2026
Year for availability of cyber-resilience guidelines
The business problem

What needed solving

Modern air traffic systems are becoming too complex and interconnected, creating digital vulnerabilities. Current risk assessments don't sufficiently cover cyber threats or the human element of security awareness.

The solution

What was built

Updated cyber security risk assessment methods and a People Analytics approach to increase staff awareness, validated via two use cases.

Audience

Who needs this

Air Navigation Service ProvidersATM Software VendorsAviation Regulatory BodiesAirport Infrastructure Operators
Business applications

Who can put this to work

Aviation Infrastructure
enterprise
Target: Air Navigation Service Provider (ANSP)

If you are an ANSP dealing with the transition to virtualized data sharing—this project developed updated risk assessment methods that prevent catastrophic system failures. It ensures your digital infrastructure remains resilient against cyber attacks.

Aerospace Software
SME
Target: ATM Software Developer

If you are a software developer dealing with complex interconnected ATM systems—this project developed security requirements and guidelines. This allows you to build cyber-secure products that meet the 2026 resilience standards.

Cybersecurity Consulting
mid-size
Target: Aviation Security Auditor

If you are an auditor dealing with outdated risk models for airspace—this project developed a method using People Analytics to measure staff awareness. This helps you provide more accurate security maturity reports to clients.

Frequently asked

Quick answers

What is the cost or price for implementing these results?

Based on available project data, no commercial pricing or implementation costs are listed; the project received an EU contribution of EUR 999,764 for research and development.

Is this solution ready for industrial scale?

The project aims to provide guidelines and procedures for Initial Operational Capacity by 2026, meaning it is moving toward industrial scale but is not yet a turnkey product.

What are the IP and licensing terms for the risk assessment tools?

Based on available project data, specific licensing terms are not provided, though results are intended for dissemination to the ATM community and ongoing SESAR solutions.

How does this integrate with existing ATM systems?

It integrates by enhancing current risk assessment methodologies with cyber security components and providing requirements to mitigate identified risks in service-oriented architectures.

What is the timeline for the final results?

The project period runs from 2023-09-01 to 2026-02-28, with cyber-resilience guidelines expected for the 2026 Initial Operational Capacity.

Consortium

Who built it

The consortium is well-balanced for technology transfer, consisting of 9 partners across 5 countries. With an industry ratio of 44% (4 industrial partners, 4 of which are SMEs), there is a strong link between the research conducted by SINTEF and the practical needs of the aviation market.

How to reach the team

Contact SINTEF AS in Norway for technical inquiries regarding ATM risk assessment.

Next steps

Talk to the team behind this work.

Contact us to connect with the SEC-AIRSPACE consortium for early access to 2026 resilience guidelines.

More in Transport & Mobility
See all Transport & Mobility projects