The European Organisation for the Safety of Air Navigation

UASSecurity

Antonio Nogueras

Head DSS/CM/ATM Security Unit

EU UAS Panel Workshop, 13-14th September 2011

BackgroundStudies carried out to identify

security requirements

• Security Risk Assessment of UAS within European Airspace (EUROCONTROL)

• UAS Security (NEASCOG – NATO EUROCONTROL ATM Security Coordinating Group)

• Vulnerability study on exploitation of ADS-B signal for air attacks against aircraft in flight using UAVs (NEASCOG)

Existing conclusions on UAS security

• The use of UAS shall not increase the security risk above those currently experienced with manned aircraft • Physical security: same standards as for manned aircraft

• Aircraft protection; tampering• Access control to remote pilot station

• Cyber security: same standards as for CNS systems• protection of software and data links from hacking, spoofing,

interference or malicious hijack• Airspace security: positive identification of UAVs

• UAVs must remain at all time under legitimate control; this implies the control of aircraft must not be delegated to anybody but the authorized owner/operator

• Where possible, additional requirements to address the risks shall be imposed on the UAS• If necessary, UAVs could be neutralised i.e. sent to a safe area to land

or destroyed/crashed in a controlled manner.

Experiences at national and international organisations

Not much available. But general policies can be extrapolated to security:

• Generic: UAS to meet same level of security as manned aircraft • US: strict policy on UAS; very limited access of UAS to NAS• NL (JARUS): start with ‘light’ UAS (< 150 Kg.). Coordinated with

EASA• NATO: guidelines on cross-border operations of UAVs in non-

segregated airspace• EUROCAE WG/72: security is part of its work programme

• SG-3 Command & Control, Communications & Spectrum, and Security

• RTCA SC 203: security is part of its work programme

Recommendations for EC regulations

• Human Resource security controls; operators & pilots• Technical build standards for aircraft, control stations and

critical sub-systems• Roles and responsibilities of ATM authorities and operators;

security policy/guidance, incident management, minimum security standards, security oversight

• Physical security controls• Cyber security controls• Technical controls, general engineering (comms, SW, HW, …)• Command and Control requirements; positive identification• Acquisition & development controls

possible calendar

Calendar: transposition of existing regulations could speed up the process; i.e. EC 2096/2005 (Security Management Systems for ANSP Sec MS for UAS operators?

Thank you

Questions?