Cyber security management projects

SESAR Cross transversal area security support to WP 16.06.02. Long-running support for SESAR and EUROCONTROL’s work in the ‘ATM Security Support and Coordination Function’. The work encompassed developing security methodologies, guidance material, supporting risk assessments and integrating the security transversal area with the SESAR Business Case and Master Plan updates. The nature of the work also requires a good understanding of SESAR Solutions and technology enablers.

Road-test of ED-201 aeronautical information systems security. For UK Government, Winsland conducted a road-test of the EUROCAE ED-201 framework guidance. ED-201 provides guidance for different aviation organisations to cooperate on aeronautical information systems security (AISS). The aim is to reduce risks to the safety of flight and significant disruptions to operations. Winsland worked with a group of airport partner organisations to understand system interfaces and develop a multilateral external agreement to support information sharing on security wherever there is shared responsibility for systems and operations.

Security database application. Allied to the SESAR programme support, Winsland developed a security database application, ‘CTRL_S’, to capture security risk assessments carried out under the SESAR ATM modernisation programme. The tool also allows ‘cross-sectional’ analyses of multiple risk assessments to support gap analyses.

Development of Threat Assessment methodology. Winsland played a major role in a project to develop a number of tools for EUROCONTROL’s Security Domain in 2009. These were: a method for determining critical assets; a threat appraisal method; and a ‘horizon scanning’ method. Winsland also developed a draft ‘security viewpoint’ to be consistent with enterprise architecture methods, including the European ATM Enterprise Architecture Framework.

Implementation of a security management system at a UK airport. In collaboration with Griffin Security, Winsland developed a security management system at a UK airport. The project was aimed at proving the application of the EUROCONTROL Security Management System as a means of compliance with the Single European Sky Common Requirements (EC 2096/2005). The project was conducted in collaboration with EUROCONTROL and the UK CAA.