Resilience best practices in the aviation field ERNCIP

Resilience best practices in the aviation field - ERNCIP Workshop Matias KREMPEL 27. April 2016

Matias Krempel Business Graduate, (Dipl. -Betriebswirt) 10 years banking industry System development & operations 6 years IT-industy Consulting & Project Management 22 years DFS German Air Traffic Control Project & Security Management Process & Quality Management Crisis & Contingency-Management External activities • • Member of SESAR definition and development phase Convenor of CEN TC 377 WG 1 (ATM Cyber Security) Member of National Critical Infrastructure Working Groups German Armed Forces Reserve (LTC)

Lessons from the Times of Sailing Ships Consider all hazards („TAHOI“) Run the company and their ships as functional systems Consider the life cycle Maintain proper trade-offs ISPRA 2016 Page 3

Air Traffic – Element of the Transport Sector Passengers Priorities? Cross Cutting Effects? Safety Capacity Cargo ISPRA 2016 Page 4

Resilience in Aviation Safety view: „Avoiding harm to people“ Organisation Security view: „Surviving attacks“ Upstream Design Maintenance Downstram Technology Capacity View: „Maintaining Critical Services“ „Managing the Risk Appetite“?

Resilience & Accident Analysis & Risk Assessment methodology Systematic since 2009: FRAM, STAMP Organisational since 1980 MORT, STEP, MTO, TRIPOD, CREAM, MERMOS, Acci. Map A (new) challenge: integrating safety & security Human Factor since 1930 /1980 (Domino) Swiss cheese, HPES, HERA, TRAEr, AEB Technical since 1950, i. e. FMEA, HAZOP, Fault tree, FMECA

The Operational View: Phases of a Flight ISPRA 2016 Page 7

The Technical View - ATM & CNS Systems Command & Control Sensors & Actors

The Technical View - ATM & CNS Systems

Resilience - Communication Technical • Multiple redundancy & diversity Organisational • Formalized communication procedures • Readback / Retransmission • Procedures for communication failure situations (COMLOSS)

Resilience - Navigation Technical • Diversity of sensors (ground & space based)

Resilience - Surveillance Technical • Overlapping of Sensors • Meshing of sensor networking Organisational • Controlled reduction of service • Airspace capacity reduction • Adjustment of maintenance schedules

Resilience – Command & Control COMMUNICATE – NAVIGATE - AVIATE Technical • Fall-Back-Systems • Aiding-Failing units • Safety Nets Organisational • Capacity reduction • Organisational Fallback • Crisis management Humans • Emergency & crisis managementtraining • Staff management

ARIEL – An Air Traffic Resilience Project Coping with complexity in resilience Structured Threat Information Expression (STIX™)

Outlook: Drones - „game changers“? Is there an ethical dimension of resilience ? ISPRA 2016 Page 15

There is nothing new under the sun Kohelet

BACKUP SLIDES (PROVIDED A DIFFERENT FOCUS IS NEEDED) ISPRA 2016 Page 18

Air Traffic Management - Architectural Elements

Challenges in the aviation age ISPRA 2016 Page 20

Potential Impacts (SESAR) Personnel Stress, minor injury, …, fatality Capacity Reduction, loss Performance Reduction, loss Economic Financial loss Branding Reputation Regulatory Breach of requirement Environment Impact on environment

Risks – Security - Safety

Treatment

Resilience Meet Ongoing Operational Requirements Recovery Response Continuity Response Preparedness Prevention Emergency Response Pre-incident Initial response Post-incident t=0 Disruptive Incident Meet Critical Operational Objectives Time

Services & Security Business Objectives ATM-Safety – Capacity - Financial Security-Management Sicherheitsmanagement Risk Management Concepts Sec. Mgmt. Process Services & Processes "CNS/ATM" "PDCA" Architecture Technology Security Architecture Assets "BITOP" "NEC" Availability, Integrity (Confidentiality) "CIA" Threats "TAHOI" Security objective Security. Risk Analysis Options Vulnerabilities Risks Transfer Avoid Reduce Accept Preventive Measures DFS Deutsche Flugsicherung Gmb. H VY, Unternehmenssicherheitsmanagement-25 Special Protection Basic Protection Security-Systems "TARA" Reactive Emergency & Crisis mgmt Contingency/ Continuity