Using Simulations to validate Security Prototypes in ATM

Kurzfassung

Simulations used for validation tasks provide a reliable means to evaluate the applicability and suitability of new procedures, processes and systems. The area of application spans from simple software simulations of isolated system functionalities over more complex simulations of whole processes and systems to human in the loop simulations of complete system of systems. This applies for nearly all areas of life and several methodologies have already been developed to standardize the validation approach. For air traffic management research this is also true and with the European Operational Validation Methodology a powerful and widely applicable list of measures is available. Following the developments and experiences of the past the above is valid despite for security related applications and processes. Security in ATM is an ever emerging topic, which is not only paramount since the attacks of 9/11/2001. In recent years there have been a lot of incidents caused by accidental, deliberate or even malicious actions. Within SESAR and comparable programs the security aspect and especially the validation of security concepts and prototypes was of low visibility if not absent until today. Just in the shorter history this topic gains more and more interest, which is proven by several task forces and ad hoc working groups dealing with security issues. Applying human in the loop simulations to validate security prototypes is therefore a new approach in validations. To achieve meaningful results the Institute of Flight Guidance of the German Aerospace Center (DLR) developed new strategies, because the impact and success of security events depends a lot on the expectations of the exercise participant. In order to create a realistic simulation environment and an intuitive reaction, interfering training effects must be avoided by all means to keep the surprise effect within these simulation campaigns. The exercises have been conducted within the Air Traffic Validation Center of the DLR, which provides a complete setup for simulated radar control amongst others. The approach to the experimental work started with the application of risk assessment and treatment methodologies, which however will be explained just briefly. The next steps were to identify suitable security controls to setup a tailor made prototype for the security research question at hand. Furthermore a dedicated simulation environment for the validations had to be provided. A parallel task was the transformation of identified security threats to a storyline of the conceived attacks. This storyline is used as a stencil for defining the scenarios and the subsequent conduction of the single prototype validations. The result analysis will evaluate if it is possible to make security-related validations available. The paper will report about the achieved repeatability and give an insight to the variety of incidents which were provoked by the proposed simulation setup. The paper will finish with conclusions about the simulation approach and discuss the relevance for the dedicated application area.