Objectives
•The goal of the GAMMA project is to propose solutions to emerging Air Traffic Management threats supported by validation
activities and practical proposals for their implementation
•GAMMA builds on SESAR results, adding a new Security Service for the ATM system while remaining open for future
extensions, including SESAR 2020
GAMMA Concept
ATM Nodes
Concept validation in GAMMA
Local Security
Systems
Coordination
& Control
LGSOC
National GAMMA
Security Management Platform
NGSMP
LGSOC
NGSMP
European GAMMA
Control Center
EGCC
Systems
ATM Security
Management Platform
Information
Exchange
Gateway
ATM Security
Management Platform
Command
and Control
System
Information
Security
System
Cyber Security
intelligence
Secure ATC
communications
Cybersecurity
Intelligent
Platform
EGCC
Attack
Prediction
Satcom Security
LGSOC
Local
Secure
GNSS
communications
Information
Dissemination System
Integrated
Modular
Communication
Attack
Prediction
National
European
•The GAMMA concept builds on the principles and concepts
related to Security Management in a collaborative multi
stakeholder environment, while maintaining a strong link to the
current international and European legal framework and the
constraints given by the respect of national sovereignty.
•The GAMMA concept can be conceptualized as a network of
distributed nodes embedded within the ATM system and
providing interfaces to (ATM) internal and external security
stakeholders.
•GAMMA defines three different layers for managing
Security at Local (LGSOC), National (NGSMP) and
European levels (EGCC).
•The GAMMA concept is developed within the GAMMA project
by a central prototype named Security Management Platform
(SMP) and other security prototypes that support the validation
of the concept by acting as detectors of security events in the
ATM domain.
•SMP is the “core” of GAMMA solution, and provides a basis
for the management of security throughout phases, from
prevention to the identification of security incidents and the
efficient resolution of the resulting ATM crises.
Security Management Platform
SMP main functions
•
•
Rule Engine
Correlation Engine
Signature Based Support
Stream Based Event
Processing
Visualization Module
•
Coordination and Control
Data Collectors
Coordination & Control System: Provides Alarm Correlation, Security
Monitoring and Decision Support for Incident/Crisis Management
Attack Effect Prediction: Provides prediction for the adversary actions and
possible (expected) impact based on the information received from the SMP.
Cyber Security Intelligence Platform: provide information regarding
emerging threats to ATM security, Social and Political contingencies with a
possible impact on ATM security.
Information Dissemination System (IDS):
Disseminate automatically
security reports from the SMP at European level to connected SMPs at
National levels, applying (automatic) filtering conditions, and allow the SMP
operator at National level to disseminate manually security reports to other
connected Security Management Platforms at national or European level
Alerts in input to SMP
•
Anomaly Based Support
Decision Support
Historical
Analysis Support
DSS
Internal Event Bus
<IDS INTERFACE>
<ATTACK INTERFACE>
<INTELLIGENCE INTERFACE>
IDS
Module
Attack Prediction
Module
Cyber Security
Intelligence Platform
Visualization
Module
Visualization
Module
Visualization
Module
SMP proactive capabilities
•
•
•
Through the Cyber Intelligence Module the operator can find information affecting the security of the air traffic domain. Such information
can be disseminated to instances of SMP in other countries as well as to the SMP in the EGCC for European coordination
Through the Attack Effect Prediction module (AEPM), GAMMA operators can obtain a prediction for the adversary actions and possible
(expected) impact based on the information received from event detectors. The AEPM estimates the possible strategies which are most
probable, listing possible counter-actions, given the estimated attacker strategy and event detectors values
Through the Decision Support module, the GAMMA operator can obtain a list of possible countermeasures (that have been recorder
earlier) in relation to alarms received from ATM connected systems and Local Security systems
WebSite: www.gamma-project.eu/
This project has received funding from the European Union’s Seventh Framework Programme for research, technological
development and demonstration under grant agreement nr. 312382