Cyber resilience is critical in Air Traffic Management (ATM) to ensure the security and continuity of operations in an increasingly digital environment. On 22 and 23 October 2024, partners in the SEC-AIRSPACE SESAR JU project met at the LFV Östgöta Kontrollcentral in Norrköping, Sweden, for the 'Exercise 4' validation, which focused on testing the attack simulator to enhance cybersecurity training and awareness among aviation stakeholders
The validation exercise was a joint effort of SEC-AIRSPACE partners, including Linköping University (LiU), represented by Gurjot Singh Gaba and Andrei Gurtov; Luftfartsverket (LFV), represented by Supathida Boonsong; and the German Aerospace Center (DLR), represented by Maria Hagl and Tim Stelkens-Kobsch.
The exercise uses an advanced cyber-attack simulator to test and enhance the cybersecurity awareness and readiness of air traffic controllers (ATCOs). By replicating realistic threat scenarios, it evaluates the effectiveness of current training methods, tracks performance, and identifies knowledge gaps. The data collected helps to refine cybersecurity strategies and training programmes to ensure a robust communications infrastructure.
The success of the simulator is marked by its recognition among stakeholders as a tool that boosts cybersecurity awareness and responsiveness among ATCOs. Key indicators include participants' enhanced capabilities to identify and respond to simulated cyber threats, as evidenced by performance metrics from the simulator. In addition, the training and simulation are helping to refine ongoing training programmes and operational protocols, thereby strengthening the cybersecurity resilience of the aviation sector.
This pilot study is a crucial step in the preparation for the final validation at the LFV ATCC Malmö (Sweden) in February 2025. During this initial phase, valuable insights have been gained, bugs within the simulator have been identified, and both verbal and written feedback has been collected from ATCOs on the effectiveness of the simulator in improving cyber awareness. These findings allow the project partners to refine the approach, strengthen the training materials, and making the content as interactive and engaging as possible. By addressing these issues, the consortium is building a robust foundation for the final validation exercise.
The project is co-funded within the framework of Horizon Europe and brings together the following organisations: Sintef, Deutsches Zentrum für Luft- und Raumfahrt, Deep Blue, Advanced Laboratory On Embedded Systems ALES, Cefriel , Zenabyte, Luftfartsverket, Skyway Air Navigation Sevices, Linkopings Universitet