Air Traffic Threat and Error Management

It is no secret that the aviation industry is under constant threat. In recent years, we have seen a rise in terrorist activity targeting aircraft and airports. This has led to increased security measures, both at the airport and onboard the aircraft. Yet, there is another threat that does not get as much attention: the air traffic control management system threat.

ATC systems are information systems that are exposed to cyber threats as any other, so making sure no ATC system falls into the hands of cyber threats is critical.

If you want to learn more about the threats that can impact an air traffic management system, we invite you to keep reading to discover all the details.

Air Traffic Control systems under threat

Air traffic control is responsible for ensuring the safe and efficient flow of air traffic. Every year, millions of passengers fly on commercial airlines, and it is the job of air traffic controllers to make sure that these flights are coordinated safely. Unfortunately, an ATC system can be constantly under different types of threats, from simple communication errors related to ATC work stress to heavy cyber attacks.

The Threat of Cyber Attacks

There are many reasons why hackers might want to target an air traffic control system. For example, they could be looking to cause chaos by disrupting flight operations. Or, they could be trying to gain access to sensitive information such as flight plans or passenger manifests. Regardless of their motive, the fact remains that air traffic control systems are extremely vulnerable to cyber attacks.

One of the biggest problems is that many air traffic control systems are outdated and use outdated software. This makes them more susceptible to attacks, as older software often has known security vulnerabilities that can be exploited by hackers.

Additionally, an air traffic control system is often connected to other systems even outside the ATC facilities, such as weather conditions forecasting systems or flight information displays. This creates even more opportunities for hackers to gain access to it.

Another problem is that there is a shortage of qualified cybersecurity professionals, and those who are qualified often do not want to work in the aviation industry because it does not pay as well as other industries. As a result, many air traffic management systems do not have adequate protection against cyber attacks.

For example, in 2018, there was a major incident in which hackers gained access to the air traffic control system of a small regional airport in the United States. The hackers were able to disrupt flight and ATC operations for over an hour before they were finally caught and stopped. This incident highlights the fact that even small airports are vulnerable to cyber threats.

Threats to air traffic management in the National Airspace System (NAS)

The air traffic management system within the National Airspace System (NAS) is a complex and fragile web of air-traffic controllers, communication networks, flight paths, and controlled airspaces.

Therefore, there are plenty of threats to air-traffic management on every level—from airspaces becoming overcrowded to pilots failing to follow air traffic control instructions and losing their flight path or hackers stealing personally identifiable information as we mentioned above.

One threat is the increasing complexity of air navigation services, due to a combination of rapidly rising air traffic demand, limited capacity within airport infrastructure, and ever-tightening regulations.

Additionally, air traffic controllers must be able to manage aircraft across different airspace types, from uncontrolled airspace to controlled airspace, with varying flight paths and airspeed restrictions which makes ATC operations even more complex.

As the number of aircraft continues to grow, air traffic controllers must be able to monitor multiple planes simultaneously without compromising the safety or efficiency of their users.

As we mentioned above, ATC operations are still conducted under some outdated technology that poses another challenge. The oldest ATC systems may not be able to accurately track or keep up with upgraded aircraft models.

What the Federal Aviation Administration (FAA) says

The Federal Aviation Administration (FAA) considers cyber threats against air traffic control (ATC) systems, and other cyber security risks, to be of the utmost importance. As such, it is constantly monitoring cyber threats that could potentially damage its systems or interfere with the operation of aircraft.

The agency has developed rigorous cyber-security standards for its ATC systems, designed to protect not only the ATC system itself but also those aircraft that depend on the information provided by ATC for safe operation.

At the same time, the FAA works closely with government and industry partners to ensure that cyber-security protocols are kept up to date in order to preempt potential cyber threats. In an era where cyber threats loom large on many fronts, knowledge of what steps are being taken to protect ATC from cyber security risks is of paramount importance.

The FAA does its part by implementing robust cyber-security measures and promoting cyber awareness among both aviation stakeholders and the public at large, thus helping maintain a safe flying environment for all travelers and crew alike. This gives U.S. citizens peace of mind when they fly each day and trust that their safety is always prioritized.

With cyber threats ever-growing each day, ensuring aircraft safety through proactive cyber security measures will always have a place within the FAA’s agenda going forward. Such measures are essential components in guaranteeing U.S. citizens’ confidence in aviation as well as being vital pieces towards promoting safe flights whenever people hit the skies.

What about the European Union?

The European Union Aviation Safety Agency (EASA) recently published a report on cyber threats posed to the air traffic control (ATC) system in Europe. According to the report, cyber attacks can range from compromising an ATC system and causing operational disruptions, such as aircraft grounding, to smaller-scale criminal activities like identity theft or data acquisition.

EASA also highlighted the potential for cybercriminals to target multiple ATC systems simultaneously, which could lead to greater disruption of airline operations. As more airlines transition to increasingly automated processes, cyber criminals may come up with new methods of exploiting vulnerabilities in air traffic control networks and systems.

The EASA report emphasizes that cyber security must remain a priority for all aviation stakeholders, from national operators to airports and air carriers. This is especially important given that cybercriminals are becoming increasingly sophisticated in their techniques and have demonstrated the ability to find gaps in cybersecurity measures.

With the continued development of technology in the aviation industry, it is essential that we remain vigilant against cyber threats and ensure our focus remains to prevent a successful cyber-attack on any ATC system.

The ICAO Threat and Error Management Framework

In order to provide a response to the different types of threats that may pose safety risks, the International Civil Aviation Organization has proposed what they call the Threat and Error Management Framework (TEM).

The Threat and Error Management (TEM) framework proposed by the International Civil Aviation Organization (ICAO) is a comprehensive safety model that focuses on proactively managing the hazards posed by threats and errors.

It provides an approach to reducing the risk of human-related incidents in aviation operations by providing an understanding of aviation risks, identifying strategies to reduce them, and using different tools to effectively manage them.

At its core, TEM focuses on predicting and mitigating threats in aviation operations through a proactive approach that systematically identifies potential threats, evaluates their associated risks and effects, predicts their likelihood of occurrence, develops appropriate control measures, and implements these measures in advance.

TEM also requires an evaluation of errors – both unintentional mistakes made by pilots or other personnel as well as deliberate breaches of procedures – and how those errors can be prevented. The goal is the implementation of preventive measures that minimize operational risks.

TEM framework components and principles

The main components of the TEM framework are threats, errors, and undesired states. It is expected that different users interpret these components with slight differences, but in general, they are defined as follows:

• Threats: events or errors that occur beyond the influence of the line personnel, increase operational complexity, and which must be managed to maintain the margins of safety.
• Errors: actions or inactions by the line personnel that leads to deviations from organizational or operational intentions or expectations. Unmanaged and/or mismanaged errors frequently lead to undesired states. Errors in the operational context thus tend to reduce the margins of safety and increase the probability of an undesirable event.
• Undesired states: operational conditions where an unintended situation results in a reduction in margins of safety. Undesired states that result from ineffective threat and/or error management may lead to compromised situations and reduce margins of safety aviation operations. Often considered the last stage before an incident or accident.

Of course, from the perspective of ATC, threats can be anticipated or unexpected, with the latter being the riskier ones.

Anticipated threats are those the ATC system can see in advance because it has access to the relevant data and other resources thanks to the network it belongs to. For example, having weather conditions data can help ATC to request runway changes or issue diversions to aircraft with the possibility of finding the undesired weather conditions.

When it comes to unexpected threats is when an adequate response can become more critical. Here is where training and operational experience play a vital role to support the ATC system. Therefore, it is clear that air traffic controllers must develop the required skills and gain enough experience to deal with this kind of threat.

Combined with a good system and the resources provided by the network, the possibility for a better response increases. An example of an unexpected threat could be a call sign confusion where a pilot carries out instructions that were intended for another pilot.

Also, the TEM framework sets out 14 principles that provide guidance for addressing issues related to threat management:

1. Setting goals
2. Developing a conceptual framework
3. Engaging stakeholders
4. Gathering data
5. Forecasting risk levels
6. Identifying threats
7. Assessing risk levels
8. Selecting control measures
9. Implementing control measures
10. Monitoring performance
11. Conducting reviews & assessments
12. Updating plans & procedures
13. Learning from experience
14. Knowledge sharing.

Each principle contains detailed guidance on how it should be applied in practice.

ICAO’S TEM tools

In addition to outlining the principles for effective threat management, the ICAO’s TEM framework also provides details on the tools used to identify human-related threats and errors in aviation operations.

These include training programs that focus on increasing situational awareness among personnel involved in aviation operations, technologies such as flight recorders that track flight data points during a journey, as well as fatigue management systems that ensure personnel are not overworked or exposed to undue levels of stress while flying.

Other tools and techniques that could be applied to the framework include:

• Risk Analysis Matrixes (RAMs) to provide a structured way for categorizing different types of risks.
• Line Oriented Flight Training (LOFT) that helps pilots get accustomed to handling difficult scenarios.
• Crew Resource Management (CRM) which focuses on improving communication between crew members.
• Human Factors Analysis & Classification System (HFACS) which identifies human-related factors that can lead to error.
• Maintenance Error Decision Aid (MEDA), that is designed to assist maintenance personnel in making decisions related to aircraft safety
• Probability Risk Assessment Modeling (PRAM), which is used for evaluating system performance against established norms
• Aviation Safety Information Analysis & Sharing (ASIAS), that is a centralized database with safety data from many airlines around the world that allows operators to compare their own performance against industry averages.

Ultimately, TEM offers an effective method for actively managing risks associated with human-related incidents in aviation operations so that they can be reduced significantly without compromising safety levels within the industry.

As well as reducing potential losses due to accidents or non-compliance with regulations, this approach can also lead to cost savings for airlines throughout their daily operations.

Some closing remarks

Ultimately, it is up to everyone involved in air-traffic management to combat these potential risks and ensure the safety of travelers and their flight crew. One way that this can be accomplished is by improving communication among air traffic controllers and training them extensively to identify and respond to potential threats quickly and efficiently.

Aircraft are also outfitted with sophisticated navigation systems that provide a clear picture of their location at all times, so air traffic controllers can keep an eye on them more easily, but they should also be improved with better protection against cyber threats.

Finally, it is important for pilots to receive proper training in order to fly safely in controlled airspaces as well as be aware of any changes or updates regarding air-traffic management regulations and procedures. By taking all these proactive measures we can protect ourselves from the various threats associated with ATC systems.