A.6. Cybersecurity capabilities roadmap

The roadmap in Figure 25 defines priority cybersecurity capabilities, which need to be developed and deployed to enhance the cybersecurity posture of ATM systems, protecting critical infrastructure, data and operations from cyberthreats.

As described by the vision, future ATM will rely on increased information flows between more stakeholders and higher levels of automation, all against a backdrop of an increasingly hostile environment prone to cyberattacks. A homogeneous and holistic approach to security risk management will be critical to tackling increased exposure to cyberthreats and ensuring cyber resilience. This will allow interconnected components to trust the information flow they receive. Effective and efficient risk management, using the latest updated security risk assessment methodology (SECRAM) and threat catalogue, will be based on identifying the risks associated with any compromise of key security attributes: confidentiality, integrity, availability, authenticity and non-repudiation.

An oversight mechanism will be implemented, enabling the evaluation of security risk assessments, applied consistently among SESAR Solutions.

Once the appropriate risk level is established for each security attribute, specific security requirements can be identified. For example, a strong digital signature mechanism may be necessary for high-integrity requirements, while a simple checksum may suffice for low-integrity needs. Similarly, with regard to confidentiality, a medium level of risk may require encryption with a standard algorithm, while a high level of risk would necessitate using advanced encryption methods and stricter access controls. In this way, a secure and trusted communication infrastructure will be available.

Vision and key milestones for cybersecurity capabilities

By 2030, the European aviation ecosystem will be resilient to cyberthreats. It will maintain its ability to deliver the intended outcome continuously, even when regular delivery mechanisms are under cyberattack.

By 2035, the European aviation ecosystem will transition from resilience to a state of anti-fragility, where its cybersecurity infrastructure actively learns from attacks and becomes stronger in the face of new threats, ensuring a safer and adaptive aviation ecosystem. This approach relies on proactive systems that not only withstand attacks and disruptions but also evolve to anticipate and neutralise future cyber risks, thereby enhancing the overall security and reliability of European aviation.

By 2045, European aviation cybersecurity reaches the enlightened state, a fully predictive model in which advanced AI algorithms analyse extensive data and emerging cyber trends to forecast and pre-emptively counteract potential cyberattacks before they occur, establishing an unparalleled level of proactive digital security.