the european organisation for the safety of air navigation uas security antonio nogueras head...
TRANSCRIPT
The European Organisation for the Safety of Air Navigation
UASSecurity
Antonio Nogueras
Head DSS/CM/ATM Security Unit
EU UAS Panel Workshop, 13-14th September 2011
BackgroundStudies carried out to identify
security requirements
• Security Risk Assessment of UAS within European Airspace (EUROCONTROL)
• UAS Security (NEASCOG – NATO EUROCONTROL ATM Security Coordinating Group)
• Vulnerability study on exploitation of ADS-B signal for air attacks against aircraft in flight using UAVs (NEASCOG)
Existing conclusions on UAS security
• The use of UAS shall not increase the security risk above those currently experienced with manned aircraft • Physical security: same standards as for manned aircraft
• Aircraft protection; tampering• Access control to remote pilot station
• Cyber security: same standards as for CNS systems• protection of software and data links from hacking, spoofing,
interference or malicious hijack• Airspace security: positive identification of UAVs
• UAVs must remain at all time under legitimate control; this implies the control of aircraft must not be delegated to anybody but the authorized owner/operator
• Where possible, additional requirements to address the risks shall be imposed on the UAS• If necessary, UAVs could be neutralised i.e. sent to a safe area to land
or destroyed/crashed in a controlled manner.
Experiences at national and international organisations
Not much available. But general policies can be extrapolated to security:
• Generic: UAS to meet same level of security as manned aircraft • US: strict policy on UAS; very limited access of UAS to NAS• NL (JARUS): start with ‘light’ UAS (< 150 Kg.). Coordinated with
EASA• NATO: guidelines on cross-border operations of UAVs in non-
segregated airspace• EUROCAE WG/72: security is part of its work programme
• SG-3 Command & Control, Communications & Spectrum, and Security
• RTCA SC 203: security is part of its work programme
Recommendations for EC regulations
• Human Resource security controls; operators & pilots• Technical build standards for aircraft, control stations and
critical sub-systems• Roles and responsibilities of ATM authorities and operators;
security policy/guidance, incident management, minimum security standards, security oversight
• Physical security controls• Cyber security controls• Technical controls, general engineering (comms, SW, HW, …)• Command and Control requirements; positive identification• Acquisition & development controls
possible calendar
Calendar: transposition of existing regulations could speed up the process; i.e. EC 2096/2005 (Security Management Systems for ANSP Sec MS for UAS operators?
Thank you
Questions?