Security Risk Assessment and Risk Treatment for Integrated Modular Communication

Integrated Modular Communication (IMC) is an on-board platform to provide secure and reliable aircraft communications for a diverse set of applications. IMC is viewed as an important part of the future Air Traffic Management (ATM) infrastructure. Integrating communication links and combining diverse applications in a single platform (IMC) do come with some risks to the ATM communications that could potentially increase vulnerabilities and make the system more prone to security attacks. There are several types of attacks on network communications such as disrupting or blocking communication, intercepting, injecting fabricated packets, accessing and modifying the information. In this study, the Security Risk Assessment Methodology (SecRAM) is applied to IMC for identifying runtime threats, assessing the risks involved, and defining measures to mitigate them. The risk assessment is performed to evaluate the impact and likelihood of occurrence of attacks relevant to the identified threats and the resulting risk levels. Consequently, specific mitigation measures as IMC's security controls are proposed to provide cyber resiliency for the IMC. The IMC security controls will be validated in an emulated testbed environment in the GAMMA project.