ANSP's checkerboard - Cyber security in ATM, step-by-step
In the ATM world, cyber security is relatively new, and like any other new domain it is in constant, sometimes swift, evolution. New threats, new players, new systems, new regulations… with chess pieces in perpetual flux, it can be disorienting for unseasoned ANSPs to know how, exactly, they can best protect themselves.
For Thales, protection comes, first and foremost, from knowing one’s own strengths and vulnerabilities. Only then is it possible to understand how rules and regulations apply to increase cyber security.
A couple of years ago, for instance, one of Thales’ ANSP clients reached out to its Thales point of contact with an important query: new EU cyber security regulations were entering into force and it was not sure where or how to start implementing them.
Initial discussions between the client and Thales’ ATM cyber security teams revealed the client was attempting to put the cart before the horses. Before implementing any regulation, it was crucial to understand the ANSP’s cyber security situation.
Both parties agreed that the first step forward was to carry out a cyber risk assessment on two important aspects. First, Thales teams worked closely with their client to assess their cyber security management structures, if any – the who and the how. Second, the teams proceeded to reviewing the client’s existing cyber security protection measures and technologies – the what, a critical step when a system is not cyber secure by design.
Like a chess expert teaching its game to an eager apprentice, Thales and its client moved step-by-step, piece-by-piece, across the board. It took six months (not full-time), and throughout that time the ANSP was able to gather a much more in-depth understanding of its organisation’s and system’s strengths and vulnerabilities.
It was critical, for the client, to have a sparring partner that not only knew the rules of the game – cyber security regulations – but also what each piece meant in its context – the role and criticality of each ATM system.
Following the initial cyber risk assessment, Thales made a number of recommendations. A sort of roadmap that the client could follow at its own pace, in its own terms, to increase cyber security and be ready to implement EU regulations. In fact, the ANSP chose to continue working with Thales and its vulnerability management service as the next step in its cyber security strategy.
Feel like your cyber security game could be upgraded as well and wish to work with teams whose expertise crosses over ATM and cyber security? Get in touch at firstname.lastname@example.org and visit our website.