Understanding the Nature of Electrostatic Discharge

Managing ESDS in an Aviation Environment

We sometimes feel static electricity which builds up as we walk for example across a nylon carpet at the moment we touch something which permits an electrostatic discharge.

This may be a door knob or indeed another person. This voltage if measured would be any thousands of volts. It is this electric charge which can destroy electronic circuits.

While this sudden Electrostatic Discharge of static electricity does not usually result in any harm to humans, it can for sure deliver significant damage to an electronic circuit which has a particular sensitivity to electrostatic discharge (ESD).

It is claimed that problems associated with Static first came to light many centuries ago. In the 15th Century Static electricity was a known phenomenon which caused explosions in the gun powder stored in Caribbean forts. Possible this was the earliest form of static control procedures.

Moving into modern times where technology is everywhere in our daily lives the issues connected with Electrostatic Discharge remain a serious threat. It is demonstrated that as electronic devices become every smaller their sensitivity increases with the possibility of damage occurring at voltages as low as 10V.

Managing ESDS in an Aviation Environment is assured by delivering Effective Static Control Procedures. Particularly in the Stores environment during the inspection phase, and during the time components are being transported or installed and removed.

Static control can be achieved by adhering to Static Control principles, circuit and component design being an important element of mitigation. The most important element of handling electronic components is to make sure that the no difference in potential is allowed to build up. Typically, this is achieved by building ESDS work stations and wearing ESDS wrist straps.

Wrist straps must be correctly worn and connected to ground through a safety resistance, in this way the person and the component under work is kept at the same potential.

In this way there is no potential for a discharge as no potential difference exists.

In aviation We have –or should have – procedures for just about everything. Procedures are connected to policies and the need to demonstrate regulatory compliance.

Procedures belong within the QC environment but facilitate the functioning of the QA process. Without procedures auditing becomes very challenging.

In maintenance we have the Maintenance Organization Exposition MOE Procedures and the Continuing Airworthiness Management Exposition plus a myriad of other documents.

Sofema Aviation Services deliver Electro Static Discharge Sensitive Training ESDS as a stand-alone ½ Day Training.

PPT PRESENTATION OF GROUND AVIONICS DME

ATSEP DME TUTORIAL

The purpose of Distance Measuring Equipment (DME) is to provide distance information between a flying aircraft and a DME ground station. The distance is determined by measuring the propagation delay of a radio frequency (RF) pulse that is emitted by the aircraft transmitter and returned at a different frequency by the ground station.

DME equipped aircraft transmit encoded interrogating RF pulse pairs on the beacon's receiving channel. The beacon replies with encoded pulse pairs on the airborne equipment’s receiving channel, which is 63 MHz apart from the beacon’s channel.

The aircraft’s receiver receives and decodes the transponder’s reply. Then it measures the lapse between the interrogation and reply and converts this measurement into electrical output signals. The beacon introduces a fixed delay, called the reply delay, between the reception of each encoded interrogating pulse pair and the transmission of the corresponding reply. The interval between the interrogation emission and the reply reception provides the aircraft with the real distance information from the ground station; this information displays on the cockpit indicator.

Click HERE for PPT tutorial

Click FULL tutorial

Airlines step up efforts to tackle cyber security risks

Airlines step up efforts to tackle cyber security risks

BY VICTORIA BRYAN

The aviation industry is stepping up efforts

to enlist coordinated international

support in the battle against the threats

posed to airlines and passengers by

hackers and those seeking to exploit IT

systems

The security of commercial airlines and

whether the systems crucial to fly

planes are vulnerable to cyber attacks

hit the headlines in April after a security

researcher claimed that he had been

able to hack into flight controls via his

under seat entertainment unit.

Along with Wi-Fi and electronics on

board, airlines, airports and air traffic

management companies are sharing

more information than ever before to

make flying more efficient and deal with

increasing numbers of passengers.

But that provides more interfaces that

can be exploited by attackers, aviation

industry representatives said at the

AVSEC World aviation security conference

in Dublin on Monday. Those seeking

to do mischief also know that

attacking an airline will guarantee maximum

impact, they said.

As part of initiatives to shore up the industry's

defenses, a team has been put

together by leading aviation industry associations

to work on a declaration on

cyber security to put to members of the

United Nations' aviation safety arm next

year.

One of the issues being looked at, for

example, is the security of the ADS-B

system on aircraft, which sends information

on a plane's position. The data

is unencrypted, which could make it

susceptible to outside interference.

"Protecting our industry from cyber

threats is hard, probably one of the

hardest things we are facing because

we do not know what we are facing or

for what we have to prepare," said Jeff

Poole, director general of the Civil Air

Navigation Services Organization

(CANSO), highlighting the swiftness

with which the threat is changing.

UNITED NATIONS

Poole is part of the team coming up with

recommendations that will be presented

to the International Civil Aviation Organization

(ICAO) next September, when

the U.N. body holds its regular triennial

meeting.

It will then be up to ICAO member

states whether to sign the declaration or

not, though this would not impose any

mandatory standards.

Jim Marriott, the ICAO's deputy director

aviation security and facilitation,

said that signing a declaration would be

a statement from member states that

they are taking the issue seriously.

States are also free to take action at a

national level before then, he said.

"We can only go so far ourselves as an

industry. States have an important role

to play," Poole said.

Aircraft manufacturers can also do their

bit, said Tony Tyler, director general of

the International Air Transport Association

(IATA), particularly as they often

have experience in the military sector.

Boeing's director for aviation security,

James Vasatka, told the conference that

his company hires hackers to test the

systems and software it puts on its

planes.

"They (the hackers) are absolutely

stunned at the quality we put in our software

and products. It would be very difficult

in today's environment to disrupt

that for the flight-critical systems," he

said.

Remotely Piloted Aircraft Systems (RPAS) - the unstoppable future of aviation and its impact on ATSEP

Remotely Piloted Aircraft Systems (RPAS) - the unstoppable future of aviation and its impact on ATSEP

Carlos Viegas IFATSEA - SESAR SJU Liason

As all who read last year’s installment

in this ATSEP magazine will remember,

it was promised that a second installment

would bring into focus the introduction

to the subject of RPAS then

made.

The time spanning these two articles

has been well spent; at the time for example

when we spoke of the need to

have mandatory detect and avoid systems

and software on all small RPAS

and very especially the line of sight variety,

the response at the time was: “too

heavy, too expensive…not possible!”.

Today all are unanimous; yes, it is absolutely

necessary and unavoidable.

This can be used to Gage the extreme

speed at which the RPAS are being understood

and their unstoppable potential

is being made clear.

But…as always the aeronautical community

and its institutions need to have

a cool collective head and look further

down the time line to be able to regulate

adequately, this is no easy task because

the regulator for the first time is

put at the door of an as yet unseen scenario:

..the regulator from now on needs

to be proactive in the case of RPAS but

also in all other highly automated ATM

systems.

Tradition dictated that regulation would

come into force in a scenario of well-known

variables which were not foreseen

to change in the near future…

..that was until we all started to think of

new highly automated ATM systems deployment.

Then we realized that today change in

ATM is possible and demanded at a

breakneck speed, so the regulator

needs to adapt its regulated strategy

too and deployment needs to give the

regulator feedback on issues found in

change management so that regulation

may be reviewed, this is an endless

cycle from now on.

Another issue of concern…and this

might be odd coming from an engineer,

who is above all a concerned human

being, we cannot let ourselves be

driven by our capability to produce new

and cheap solutions…with no time to

test them thoroughly and certainly no

time to evaluate what are the consequences

of a huge paradigm shift: integrating

an ever increasing number of

RPAS in non-segregated airspace

The economic appeal is easy to see but

the initial investment to guarantee

safety and security to all RPAS in their

access to non-segregated airspace is

not trivial as is the method in which this

takes place.

As yet no clear answers come up on

how the communications, telemetry and

payload of RPAS that take off from platforms

not situated at airports are controlled

or logged.

Recent documents state that the operator

of the RPAS is responsible…. well

yes, we know that! it would always be

so.

Probably the most important question

would be: does he care?

Plug and Fly springs to mind as a solution

to the communications and telemetry

part but the payload issue is clearly

very different and more complex.

Small RPAS cannot be seen isolated

from the universe in which they fly, the

dimensions of these, while small, interacts

with huge and passenger carrying

airliners and as such represent a huge

potential to disrupt safe and secure passenger

carrier operations.

This is of course only true if proper regulatory

measures are not put in place

before they take to the skies in droves.

The Impact on ATSEP roles and responsibilities:

This depends hugely on how and what

technologies are used to integrate the

digital communication network that will

serve all the air systems.

If these are integrated with other highly

automated ATM systems in a future

SMC, then the ATSEP have their work

cut out for sure.

The monitoring and control of this network

as well as its systems health management

is critical to maintain the RPAS

operating safely and predictably.

This is true only for the small systems

foreseen to fly below approach level because

above that the RPAS will have to

take off and land in airports due to their

dimension and this means that they will

use the same systems that the manned

aircraft use.

In both case it is however very important

to retain the fact that the criticality

of the ground systems that the ATSEP

monitor and control is of a very much

higher level than is true today.

CYBER SECURITY IN AIR NAVIGATION SERVICES– A challenging new domain for ATSEP

CYBER SECURITY IN ANS

– A challenging new domain for ATSEP

By Theodore Kiritsis

IFATSEA Vice President

Editor Navaire

Until recently the technical and operational environment of Air Navigation Services was a secluded area with its proprietary technologies specifically made for purpose, such as CNS/ATM disconnected from the information flow of the rest of the aviation and other industries. Only recently we have moved towards a more and more distributed/networked environment. In any case the ‘legacy’ networks used so far e.g AFTN, AMHS and even IP based ones, are disconnected from outside users. Thus the possibilities of intrusions were minimal by architectural design and only randomly there were cases of malware.

However, it is worth noting that very few, if any, data exists on potential intrusions or cyber-attacks as no incident

collection has been done in an organized fashion so far. Under the current culture, the CNS/ATM environment of an ACC or

an Airport that is subjected to an attack will be addressed as a technical failure and be attributed to h/w or s/w failures by the operational technical personnel, the ATSEP. It is worth noting that if for a moment we confine the focus in the ACC or the Airport areas on an example of a cyber-attack such as e.g. denial of a service, the ATCO on duty will be deprived of critical data. The ATCO on duty will alert the ATC room supervisor will communicate the failure or degradation from the Ops room to the Technical SMC (Systems monitoring and Control room) and the ATSEP on duty will try detect, through symptomatic detection (as there are no tools to detector identify a cyber-attack) whether it is a failure or intrusion.

Therefore, in an ANSP, the ATSEP on duty will be requested to deal with the impact/symptom of a Cyber-attack, basically acting based on best practice and under the current maintenance culture. There are also cases where the Local Systems Supervision tools may identify some abnormal behavior through the monitoring of specific critical or crucial technical parameters, or intrusion in remote CNS installations which are simpler to interpret. Given that usually the distances of the remote CNS facilities, on mountain tops etc. the element of (response mitigation) time is introduced in an unknown,

so far, fashion and impact on the system resources as the response has to be able to mitigate the failure, the event and any potential interference, with the data provided from the facility. Of course if the intrusion is not detected, many security and consequently safety issues, can arise.

It is expected that, an advanced Local SMC Supervision with systems health management and cybersecurity tools will be researched and developed in SESAR2020 so as that the future concepts implemented through tomorrow’s elements of the Service Oriented Architecture (SoA) and distributed sociotechnical systems,

gain the capability level of ‘sniffing’ and proactively identifying

abnormal system behaviors whether they are of technical or cybersecurity nature (or both!).

This new anticipated technical environment will give the ATSEP of the future the ability to counter the potential threats and thus avoid service degradation at system level and even the propagation of the threat. As after the 11/09 it was decided to think ‘out of the box’, so we must do now in the ANS domain. It must be noted here that the

Resilience of the ANS technical and operational system to withstand external ‘perturbations’ being Security breaches/attacks but also to overcome and recover from them will be enabled by the above tools and of course the necessary competence levels of both ATSEP and ATCO on the ground and of course Pilots in the air. This may even expand further to cooperation with competent authorities on the boundary of the ANS domain.

It is worth noting that today the ACC and the Airport systems are fed with data from Sensors that are open with

no encryption whatsoever (e.g ADSB transmissions). The same goes for the communications which are still VHF with AM modulation and datalink with VDL xx modes that are also open

with no encryption. Therefore, it is very demanding trying to identify if the failure is a malfunction or an attack. In order to think out of the box, studies must be made in order to strengthen the CNS/ATM system and increase its Resilience. This would be a new element/approach as today the Research on System Resilience focuses not on the technical side but on the ATC service provision (indeed excluding even the Navigation failures – e.g EGNOS(?) provided directly to the pilot). Coming now to the SESAR and

NextGen technologies that rely mainly on networking (through SWIM) it easily realized (and it has been) that everything from the system design to the business model has to be scrutinized

for creating inherent security gaps. Sometimes this is even connected to proposed changes in the Business model.

I will explain with a small example.

“The SESAR2020 concept is investigating the splitting up of the Data Processing model in an ACC to individual Services that may be fed to the iCWP from potentially different data providers. Thus the final picture that will presented to a controller will be a product of synthesis of data from different originators or Data providers.

Assuming that a ‘false’ or ‘suspicious’ indication appears on the screen, the ATSEP that will be called to identify the cause of the problem and restore it, will have to identify the root cause and on top of that to identify whether it is a cyber-attack or not! “

In other words, while the Controller is facing a demanding safety critical situation the ATSEP has to trace back the causal analysis to the said data providers and/or potential interference with the unencrypted sensor data. Now, if we include in the system a new concept such as RPAS with their own sensors and failure modes for which no experience exists yet, then the cybersecurity equation becomes more and more complex. Remember a RPAS flying in non-segregated airspace is another target for the system. The new proposed business model for CNS provision and/or even a centralized critical functionality like a Central Tracker inherently creates single points of failure. Just imagine for a moment the case of a false alarm on the Centralized tracker and the impact it would have on the clients/ANSPs having to revert to their backup systems. Similar, clearly technical failures in ANSPs have created havoc for several hours in the European skies. If you want to elaborate a little more, include the Pilot in the awareness loop

in this time critical situation! So it is the ATSEP and the ATCO (if the failure reaches their screen) and the Pilot in the air and that is all. This incident I described above will be a battle against time!

Moreover, the issue needs to be resolved because Safety, security and even performance are threatened especially in the case of false alarms. The issue of False alarms and Probability of detection is a well-known problem for detecting potential threats especially in the Airport Security metrics. Addressing the Cybersecurity issues,

directly addresses the CNS/ATM system resilience and the

failure propagation to other interconnected systems and now in the

SESAR and NextGen era most, if not all, systems communicate through SWIM.

Speaking in Resilience terminology, the Cybersecurity attack when successful will be treated as a system Perturbation and Resilience will be the capability of the system to withstand the attack, limit and stop its propagation and Recover as soon as possible to nominal system operation and consequently tactical Operations

reach normal state. Although not directly related as it was a sabotage, just a few months ago a subcontractor cut the Communication lines of the Chicago ATC center and set fire to the housing of ANS systems. It took a lot of effort (18days?), miles of optical fiber and reinstallation of certain h/w and s/w elements, in order to restore the ACC Center back to normal operations. The cutting of communication lines had a severe effect on operations since no Surveillance and/or Data Processing picture was available (suddenly). The fact that the fire alarm rang mandated the evacuation of the premises with the ATSEP returning first to the site in order to try to evaluate the damage and draw a plan in order to begin restoring systems operation. This example may sound overstretched but please focus on the fact that, in cybersecurity terms, this event may be considered as an ‘insider’s job’ because he knew which communication lines to cut (at least) but, as the press reads, without realizing the effect it would have on the traffic. This could equally have been a deliberate insertion of a virus, or a ‘key logger’s/W patch that came in a piece of

COTS equipment.

In conclusion, mainly ATSEP are likely to spot a security breach (at data/network) level while it is evolving. Arming the SMC suites with security tools for detection and addressing (decision making tools), together with specialized training* for all involved stakeholders

(ATSEP, ATCO), clearly defined Roles and Responsibilities will be the basis for further work. Needless to say the Technical system Supervision will have to be standardized and formalized in such a way as to have the same Technical Supervision capability, including on Cybersecurity threats, is available in all deployed systems. Failure mode analysis (FMEA) will have to be revisited and of course Contingency Plans to say the least. Even a special Protocol (technical status Exchange Model) for systems supervision and monitoring will greatly facilitate for technical system awareness. On the Human side this will mean that in order to address a Security incident a meaningful TRM context for ATSEP/ATCO and Pilot coordination will have to be developed. EASA has identified this need for ATSEP security Training and included it in the NPA 2013-08

Theodore is an ATSEP, working for Hellenic Civil Aviation Authority. He is Vice President of IFATSEA and editor of Navaire. He has been

involved in SESAR since the early days of the definition phase in 2005. Currently he contributes in the IFATSEA SJU IVT Team and

represents staff associations in the ADMIN

Board of SJU.