• Subscribe to our newsletter

ANSP's checkerboard - Cyber security in ATM, step-by-step

Dec 12. 2023  Cyber security is like playing chess. At the best of times, multiple moving parts, endless possibilities, and constant uncertainty all contribute to keeping each player on their toes. Now imagine playing chess without knowing the rules, without fully understanding the role of each chess piece… how do you know what to move next and where? Wouldn’t it feel more comfortable having an expert by your side explaining the rules and guiding you toward a more efficient strategy? In the world of ATM, Thales is that seasoned player who can walk you through the rules (and regulations) of cyber security and support you in protecting every moving part. Like it did for this European ANSP…

In the ATM world, cyber security is relatively new, and like any other new domain it is in constant, sometimes swift, evolution. New threats, new players, new systems, new regulations… with chess pieces in perpetual flux, it can be disorienting for unseasoned ANSPs to know how, exactly, they can best protect themselves.

For Thales, protection comes, first and foremost, from knowing one’s own strengths and vulnerabilities. Only then is it possible to understand how rules and regulations apply to increase cyber security.

A couple of years ago, for instance, one of Thales’ ANSP clients reached out to its Thales point of contact with an important query: new EU cyber security regulations were entering into force and it was not sure where or how to start implementing them.

Initial discussions between the client and Thales’ ATM cyber security teams revealed the client was attempting to put the cart before the horses. Before implementing any regulation, it was crucial to understand the ANSP’s cyber security situation.

Both parties agreed that the first step forward was to carry out a cyber risk assessment on two important aspects. First, Thales teams worked closely with their client to assess their cyber security management structures, if any – the who and the how. Second, the teams proceeded to reviewing the client’s existing cyber security protection measures and technologies – the what, a critical step when a system is not cyber secure by design.


Like a chess expert teaching its game to an eager apprentice, Thales and its client moved step-by-step, piece-by-piece, across the board. It took six months (not full-time), and throughout that time the ANSP was able to gather a much more in-depth understanding of its organisation’s and system’s strengths and vulnerabilities.

It was critical, for the client, to have a sparring partner that not only knew the rules of the game – cyber security regulations – but also what each piece meant in its context – the role and criticality of each ATM system.

Following the initial cyber risk assessment, Thales made a number of recommendations. A sort of roadmap that the client could follow at its own pace, in its own terms, to increase cyber security and be ready to implement EU regulations. In fact, the ANSP chose to continue working with Thales and its vulnerability management service as the next step in its cyber security strategy.


Feel like your cyber security game could be upgraded as well and wish to work with teams whose expertise crosses over ATM and cyber security? Get in touch at cyber.aero@thalesgroup.com and visit our website


#ATM #aviation #Better Skies Together #betterskiestogether #BST #cybersecurity