AIS-AIMSG/3-SN/10
29/10/09
AERONAUTICAL INFORMATION SERVICES-AERONAUTICAL
INFORMATION MANAGEMENT STUDY GROUP (AIS-AIMSG)
Third MEETING
Montréal, 9 to 12 November 2010
Agenda Item 13: Any other business
EUROPEAN FINDINGS ON THE GUIDELINES ON THE USE OF THE PUBLIC INTERNET
FOR AERONAUTICAL INFORMATION APPLICATIONS (Doc 9855)
(Presented by Paul Bosman)
SUMMARY
This study note presents European findings on the Guidelines on the Use of the Public
Internet for Aeronautical Applications (Doc 9855). The group is invited to review this study
note and provide comments.
1.
INTRODUCTION
1.1
In 2005 ICAO published Guidelines on the use of the Public Internet for Aeronautical
Information Applications (Doc 9855) which were developed with the assistance of the Aviation Use of
Public Internet Study Group.
1.2
This document provides guidance on the use of Public Internet as a means of
communication for non-time critical aeronautical ground-ground communications with a view to prevent
or minimize the adoption of divergent procedures to be adopted by States and International Organisations
on certain operational applications used over the Public Internet.
1.3
The document recalls the obligations of the States under the Convention for International
Civil Aviation and its Annexes and provides guidance to the accreditation criteria for Internet aviation
service providers, on charging, on performance indicators and intellectual property.
1.4
The document further details some technical considerations such as categorization of
messages, content, risk assessment and management.
1.5
Matters related to Meteorological Information, Aeronautical Information Services and
Flight Plans are given a more detailed attention.
AIS-AIMSG/3-SN/10
-2-
1.6
The document has been drawn up in 2005. Technology is developing at an ever
increasing pace and the EUROCONTROL Aeronautical Information Operations Subgroup did discuss the
issue of the Use of Public Internet for the provision of Aeronautical Information. This Subgroup also
decided to perform a survey among its members having a best practice.
1.7
This Study Note reports on the findings of the discussions within the EUROCONTROL
Aeronautical Information Operations Subgroup and results of the survey performed by it and reflections
made within EUROCONTROL.
2.
2.1
DISCUSSIONS
The results of a survey performed amongst the members of the Subgroup indicated:

an increasing interest by clients to access Aeronautical Information through the
Public Internet;

that most States apply an authorization practice (user registration and authentication),
this practice may differ on the type of information (e.g. dynamic/static data);

that most States do not apply a code key authentication procedure;

that none of the States implemented an accreditation procedure for Internet Aviation
Service Providers (IASPs);

that there is a difficulty to understand where Public Internet should or should not be
used for aeronautical applications;

that there is a different understanding on the notion of ‘time criticality of
information’;

that States apply other concepts than time criticality, like declaring information
accessed through the Public Internet as “not for operational use”, and;

that no States currently apply a charging mechanism for accessing Aeronautical
Information through the Public Internet.
2.2
The clarification of certain aspects of the Guidelines on the use of the Public Internet for
Aeronautical Information Applications (Doc 9855) seems therefore necessary, in particular with regard
to:
2.2.1
Public Internet
With regard to Internet the following differentiation as regards security can be made:

very high security: an Internet infrastructure (on which all the required security
features can be added and which and does not appear as Public Internet) (e.g. VPN);

high security: an Internet access using SSL and authentication procedure which is
close to the above and should not be considered as Public Internet (i.e. https:// ), and
-3
AIS-AIMSG/3-SN/10
low security: an Internet where no particular security measures are applied except for
a registration procedure (e.g. the EAD Basic, the Public EUROCONTROL Network
Operations Portal, and most of the ANSPs AIS websites).
It is the third category only which should be considered as Public Internet.
2.2.2
Accreditation of IASP
There are no accredited specific Public Internet Aviation Service Providers for AIS in the
EUROCONTROL Member States footprint and none of these surveyed States applied so far any
particular accreditation procedure for IASPs in the context of AIS service provision.
The existing rationale behind the accreditation of IASPs is in ensuring that information provided via the
Internet meets current best practice for confidentiality, integrity, authenticity and availability. Whilst
these aspects are extremely relevant, it is believed that the current understanding on information
management and the supporting technology may render such accreditation procedure less necessary to be
included in full detail and potentially redundant with respect to currently valid information management
notions and technologies.
2.2.3
Time criticality
Doc 9855 implies that timely availability of information could be an issue with internet based technology
and / or when transmitted through the Public Internet rather than AFS/ATN. Practice has shown that this
is most often not the case. It seems therefore worth considering to put less emphasis on the data
communication perspective, perhaps eliminating this viewpoint all together and to insist more on the
operational user context for the information.
This operational context is still linked with the notion of time criticality but more in the sense of the
rationale provided in Doc 9855, ‘non-time critical information is the information being communicated
with no immediate effect on an active flight’. So clear recognition for the fact that information could be
differentiated on the basis of its use case, as such time criticality is one aspect to consider. This needs to
be supported by guidance on clear requirements for latency, integrity, security, authenticity, etc. without
prescribing the AFS/ATN as the sole means for delivering what is now called time-critical information.
Whilst time criticality is an extremely valid notion, it may be worth considering putting the emphasis
more on the fact that information drawn from the Public Internet (as discussed in 2.2.1) should not be
used (or at least not as the sole means) for any safety critical decisions/actions. It could be argued that
information being communicated with an immediate effect on an active flight is safety related. End-users
will have to take into consideration other official and/or more reliable sources than Public Internet for any
decisions that may have an impact on the safety of air navigation (e.g. flight preparation).
2.2.4
Operational use
A majority of States introduced the notion of ‘(non) operational use’ of the data in developing national
policies for accessing information through Public Internet. Whilst the guidance only differentiates on the
basis of time criticality, it is interesting to observe that this is almost everywhere transformed in national
policies to differentiate on the basis of the operational use of the data. This is mainly dictated by liability
considerations.
Future guidance could be helpful to explain and distinguish better between the use-case viewpoint, where
time-criticality is the major differentiating factor and the quality of service viewpoint, the latter being
more relevant from a liability considerations perspective.
AIS-AIMSG/3-SN/10
-4-
As it will not be possible in practice to prevent an operational use by end-users and
3.
3.1
ACTION
The AIS-AIMSG is invited to:
a) review this study note and provide comments;
b) request the secretariat to coordinate with the other relevant ICAO domains and to
consider to review Doc 9855, and;
c) provide its comments with a view to:
i. obtain further guidance on where the Public Internet should and should not be
used for aeronautical applications;
ii. obtain further clarification as what constitutes Public Internet;
iii. review the definition of “time-critical”;
d) consider the introduction of the notion of “safety critical” to prevent Aeronautical
Information drawn from the Public Internet (as described in 2.2.1) to be used as sole
means for safety critical decisions.
— END —