As air traffic management (ATM) undergoes a digital transformation, the growing reliance on data-driven systems brings new cybersecurity challenges. Ensuring that air traffic controllers (ATCOs) are equipped to recognize and respond to cyber threats is critical to maintaining a secure and resilient ATM network. This is precisely the focus of the SEC-AIRSPACE project, which has developed a state-of-the-art cyber-attack simulator to enhance cybersecurity awareness and preparedness among aviation stakeholders.

From 3 to 7 February 2025, eight air traffic controllers participated in the final validation exercise of the cyber-attack simulator of the SEC-AIRSPACE project, to assess and improve their cybersecurity awareness and preparedness using an advanced cyber-attack simulator. The exercise took place at the LFV air traffic control centre (ATCC) in Malmö, Sweden, in collaboration with project partners Gurjot Singh Gaba and Andrei Gurtov from Linköping University (LiU), Supathida Boonsong from Luftfartsverket (LFV), and Maria Hagl and Tim Stelkens-Kobsch from the German Aerospace Center (DLR).

The final validation exercise

In the framework of SEC-AIRSPACE’s Use Case 1: Future communication infrastructure, the partners prepared the final validation exercise replicating realistic threat scenarios, evaluating the effectiveness of training programs, tracking performance and identifying knowledge gaps.

Following the successful pilot studies at LFV Östgöta Kontrollcentral (ÖKC) in Norrköping (Sweden) (22^nd and 23^rd October 2024), the final validation exercise at LFV ATCC Malmö (Sweden) in February 2025 was a significant improvement over the pilot studies incorporating structured methodologies, refined training materials, and enhanced participant engagement strategies. In fact, the restructuring of the exercise framework eliminated ambiguities, ensuring a smooth and well-defined simulation experience. The training material was significantly improved, replacing static screenshots with interactive video-based content, which made the learning process more intuitive. Additionally, more time was dedicated at the beginning of the session to familiarize participants with the simulator through a hands-on practice phase. This adjustment ensured that the ATCOs felt comfortable and confident before engaging in the actual simulation, ultimately enhancing the effectiveness of the training.

These refinements were driven by direct feedback from the controllers during the pilot study, demonstrating a strong commitment to iterative development and user-centred training design. As a result, the overall experience of the participants was highly positive, with preliminary (non-processed) results indicating that the validation exercise successfully met its objectives.

The validation platforms and equipment used in the exercise to collect data were the attack simulator, the ISA/OSAT Tool to evaluate perceived instantaneous workload and stress, the Polar H10 Heart Rate Monitor Chest Strap and LimeSurvey to gather feedback from the ATCOs.

Short-term and long-term significance

This research holds both immediate and long-term significance. In the short term, the insights gained will enhance existing training programs, making them more interactive, engaging, and effective in improving cybersecurity awareness among ATCOs.

In the long term, the data collected—including simulator action logs, heart rate measurements, workload and stress scales, questionnaires, and verbal feedback—along with performance metrics from this exercise, will contribute to the development of more reliable, trustworthy, and effective cybersecurity training, policies and frameworks. These insights will influence industry-wide best practices and ultimately strengthen resilience within the aviation sector.

By continuously refining training programs and integrating advanced simulation technologies, SEC-AIRSPACE aims to cultivate a robust cybersecurity culture, refining cybersecurity strategies and optimizing training methodologies, ensuring a resilient communication infrastructure in Air Traffic Management (ATM). This initiative will not only benefit ATCOs but also play a crucial role in ensuring the safety and security of air traffic operations in an increasingly digitalised ATM ecosystem.

A successful validation with a successful team

The validation session was successfully completed on time and without disruption. The data collected from the attack simulator, heart rate belt and stress and workload scale have now been sent to the laboratory for analysis. This successful validation is an important milestone in the research process, made possible by the cooperation and expertise of all partners involved.

The contribution of the participating organisations can be acknowledged as follows: LFV provided participants for the exercise and secured all necessary permissions. LiU contributed by developing the simulator and ensuring that it met the specifications required for validation. DLR provided the necessary materials and equipment to assess the operator status during and after the simulation runs.

The project is co-funded within the framework of Horizon Europe and brings together the following organisations: Sintef, Deutsches Zentrum für Luft- und Raumfahrt, Deep Blue, Advanced Laboratory On Embedded Systems ALES, Cefriel , Zenabyte, Luftfartsverket, Skyway Air Navigation Sevices, Linkopings Universitet

Connect with SEC-AIRSPACE on LinkedIn.

More about the project