Security risk analysis of the data communications network proposed in the NextGen air traffic control system

Abstract

Scope and Method of Study: Aerospace Security Stakeholder Qualitative Interviews.

Interests internal and external to the United States could wreak havoc by manipulating, impairing, or data mining the digital information being exchanged by aircraft and controllers in the proposed NextGen air traffic control system.

The purpose of this study is the analyze potential security risks imposed by implementing the active network technologies utilized by ADS-B in NextGen, and more specifically the air-to-air, air-to-ground, and satellite-to-air links used. The purpose of this study was to provide a risk analysis of the NextGen active network compared to industry standards and best practices for information systems security. Data obtained through interviews was used to determine the effective security categorization and provide a risk analysis of the ADS-B portion of the proposed NextGen active network.

Findings and Conclusions: Based on this research, there are both significant similarities and differences between the NextGen Active Network and industry standard computer networks. Both the ADS-B and computer networks operate in a wireless environment. Both are designed to move information between local devices, though the ADS-B devices may cover 200-300 miles at altitude where the computer networks are designed to cover a range of 200- 300 feet. Both have methods of insuring a high level of data integrity using FEC, CRC, 24-bit parity, or MAC codes. It is at this point that the similarities diverge, as the missions of the two networks are markedly different. Specific conclusions and recommendations cover the differences between the designed mission requirements of NextGen and existing computer security standards focusing on the security objectives within the Federal Information Security Management Act of 2002 and other pertinent government standards and industry best practices.