AoC number
Primary domain
Secondary domain
Description
NAS and aeronautical information will be available to users on demand. NAS and aeronautical information is consistent across applications and locations, and available to authorized subscribers and equipped aircraft. Proprietary and security-sensitive information is not shared with unauthorized agencies/individuals. OI 103305 On Demand NAS Information
Potential hazard
Compromise of information:
– Integrity
– Availability
– Confidentiality
Database obsolescence and challenges of manual cross-checks
When security incidents occur affecting SWIM, they will emerge in a particular context, and their rarity and even their uniqueness may give rise to unpredictable threats.
Corroborating sources and comments
2014 – Cloud computing:
The European Commission adopted in September 2012 the Communication “Unleashing the potential of cloud computing in Europe” to stimulate the uptake of cloud computing to the benefit of European customers and providers. One of the three Key Actions proposed in the Communication focuses on standardization. In December 2012 at Cannes, the European Commission and the European Telecommunications Standards Institute (ETSI) launched the Cloud Standardization Coordination initiative. The initiative was launched in response to a request to ETSI from the EC to coordinate with stakeholders in the cloud standards ecosystems and devise standards roadmaps in support of EU policy in critical areas such as security, interoperability, data portability and reversibility (ETSI)
Cloud computing as an enabler to SWIM (SITA ATI tool).
https://www.sita.aero/products-solutions/solutions/ati-cloud
The concept of SWIM – System Wide Information Management – covers a complete change in paradigm of how information is managed along its full lifecycle and across the U.S. and European ATM systems. The implementation of the SWIM concept will enable direct ATM business benefits to be generated by assuring the provision of commonly understood quality information delivered to the right people at the right time. Given the transversal nature of SWIM, which is to go across all ATM systems, data domains, and business trajectory phases (planning, execution, post-execution) and the wide range of ATM stakeholders, it is not expected that one solution and certainly not one single technology will fit all. Nevertheless, it is recognized that global interoperability and standardization are essential and SWIM is expected to be an important driver for new and updated standards.
For SWIM, it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine. It is also important for authenticity to validate that both parties involved are who they claim to be.
An important logical control in a SWIM environment that may be overlooked is the principle of least privilege. The principle of least privilege requires that an individual, program or system process is not granted any more access privileges than are necessary to perform the task.
Defense in Depth: SWIM information security must protect information throughout the life span of the information, from the initial creation of the information on through to the final disposal of the information. The information must be protected while in motion and while at rest. During its lifetime, information may pass through many different information-processing systems and through many different parts of information processing systems. There are many different ways the information and information systems can be threatened. To fully protect the information during its lifetime, each component of the information processing system must have its own protection mechanisms. The building up, layering on and overlapping of security measures is called defense in depth. The strength of any system is no greater than its weakest link. Using a defense in depth strategy, should one defensive measure fail there are other defensive measures in place that continue to provide protection.
Corroborating sources and comments
2014 – Cloud computing:
The European Commission adopted in September 2012 the Communication “Unleashing the potential of cloud computing in Europe” to stimulate the uptake of cloud computing to the benefit of European customers and providers. One of the three Key Actions proposed in the Communication focuses on standardization. In December 2012 at Cannes, the European Commission and the European Telecommunications Standards Institute (ETSI) launched the Cloud Standardization Coordination initiative. The initiative was launched in response to a request to ETSI from the EC to coordinate with stakeholders in the cloud standards ecosystems and devise standards roadmaps in support of EU policy in critical areas such as security, interoperability, data portability and reversibility (ETSI)
Cloud computing as an enabler to SWIM (SITA ATI tool).
https://www.sita.aero/products-solutions/solutions/ati-cloud
The concept of SWIM – System Wide Information Management – covers a complete change in paradigm of how information is managed along its full lifecycle and across the U.S. and European ATM systems. The implementation of the SWIM concept will enable direct ATM business benefits to be generated by assuring the provision of commonly understood quality information delivered to the right people at the right time. Given the transversal nature of SWIM, which is to go across all ATM systems, data domains, and business trajectory phases (planning, execution, post-execution) and the wide range of ATM stakeholders, it is not expected that one solution and certainly not one single technology will fit all. Nevertheless, it is recognized that global interoperability and standardization are essential and SWIM is expected to be an important driver for new and updated standards.
For SWIM, it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine. It is also important for authenticity to validate that both parties involved are who they claim to be.
An important logical control in a SWIM environment that may be overlooked is the principle of least privilege. The principle of least privilege requires that an individual, program or system process is not granted any more access privileges than are necessary to perform the task.
Defense in Depth: SWIM information security must protect information throughout the life span of the information, from the initial creation of the information on through to the final disposal of the information. The information must be protected while in motion and while at rest. During its lifetime, information may pass through many different information-processing systems and through many different parts of information processing systems. There are many different ways the information and information systems can be threatened. To fully protect the information during its lifetime, each component of the information processing system must have its own protection mechanisms. The building up, layering on and overlapping of security measures is called defense in depth. The strength of any system is no greater than its weakest link. Using a defense in depth strategy, should one defensive measure fail there are other defensive measures in place that continue to provide protection.