Thursday, 22 September 2016

Understanding the Nature of Electrostatic Discharge

Managing ESDS in an Aviation Environment
We sometimes feel static electricity which builds up as we walk for example across a nylon carpet at the moment we touch something which permits an electrostatic discharge.
This may be a door knob or indeed another person. This voltage if measured would be any thousands of volts. It is this electric charge which can destroy electronic circuits.
While this sudden Electrostatic Discharge of static electricity does not usually result in any harm to humans, it can for sure deliver significant damage to an electronic circuit which has a particular sensitivity to electrostatic discharge (ESD).
It is claimed that problems associated with Static first came to light many centuries ago. In the 15th Century Static electricity was a known phenomenon which caused explosions in the gun powder stored in Caribbean forts. Possible this was the earliest form of static control procedures.
Moving into modern times where technology is everywhere in our daily lives the issues connected with Electrostatic Discharge remain a serious threat. It is demonstrated that as electronic devices become every smaller their sensitivity increases with the possibility of damage occurring at voltages as low as 10V.
Managing ESDS in an Aviation Environment is assured by delivering Effective Static Control Procedures. Particularly in the Stores environment during the inspection phase, and during the time components are being transported or installed and removed.
Static control can be achieved by adhering to Static Control principles, circuit and component design being an important element of mitigation. The most important element of handling electronic components is to make sure that the no difference in potential is allowed to build up. Typically, this is achieved by building ESDS work stations and wearing ESDS wrist straps.
Wrist straps must be correctly worn and connected to ground through a safety resistance, in this way the person and the component under work is kept at the same potential.
In this way there is no potential for a discharge as no potential difference exists.
In aviation We have –or should have – procedures for just about everything. Procedures are connected to policies and the need to demonstrate regulatory compliance.
Procedures belong within the QC environment but facilitate the functioning of the QA process. Without procedures auditing becomes very challenging.
In maintenance we have the Maintenance Organization Exposition MOE Procedures and the Continuing Airworthiness Management Exposition plus a myriad of other documents.

Sofema Aviation Services deliver Electro Static Discharge Sensitive Training ESDS as a stand-alone ½ Day Training.


The purpose of Distance Measuring Equipment (DME) is to provide distance information between a flying aircraft and a DME ground station. The distance is determined by measuring the propagation delay of a radio frequency (RF) pulse that is emitted by the aircraft transmitter and returned at a different frequency by the ground station.
DME equipped aircraft transmit encoded interrogating RF pulse pairs on the beacon's receiving channel. The beacon replies with encoded pulse pairs on the airborne equipment’s receiving channel, which is 63 MHz apart from the beacon’s channel.

The aircraft’s receiver receives and decodes the transponder’s reply. Then it measures the lapse between the interrogation and reply and converts this measurement into electrical output signals. The beacon introduces a fixed delay, called the reply delay, between the reception of each encoded interrogating pulse pair and the transmission of the corresponding reply. The interval between the interrogation emission and the reply reception provides the aircraft with the real distance information from the ground station; this information displays on the cockpit indicator.
Click HERE for PPT tutorial
Click FULL tutorial

Monday, 19 September 2016

Airlines step up efforts to tackle cyber security risks

Airlines step up efforts to tackle cyber security risks
The aviation industry is stepping up efforts
to enlist coordinated international
support in the battle against the threats
posed to airlines and passengers by
hackers and those seeking to exploit IT
The security of commercial airlines and
whether the systems crucial to fly
planes are vulnerable to cyber attacks
hit the headlines in April after a security
researcher claimed that he had been
able to hack into flight controls via his
under seat entertainment unit.
Along with Wi-Fi and electronics on
board, airlines, airports and air traffic
management companies are sharing
more information than ever before to
make flying more efficient and deal with
increasing numbers of passengers.
But that provides more interfaces that
can be exploited by attackers, aviation
industry representatives said at the
AVSEC World aviation security conference
in Dublin on Monday. Those seeking
to do mischief also know that
attacking an airline will guarantee maximum
impact, they said.
As part of initiatives to shore up the industry's
defenses, a team has been put
together by leading aviation industry associations
to work on a declaration on
cyber security to put to members of the
United Nations' aviation safety arm next
One of the issues being looked at, for
example, is the security of the ADS-B
system on aircraft, which sends information
on a plane's position. The data
is unencrypted, which could make it
susceptible to outside interference.
"Protecting our industry from cyber
threats is hard, probably one of the
hardest things we are facing because
we do not know what we are facing or
for what we have to prepare," said Jeff
Poole, director general of the Civil Air
Navigation Services Organization
(CANSO), highlighting the swiftness
with which the threat is changing.
Poole is part of the team coming up with
recommendations that will be presented
to the International Civil Aviation Organization
(ICAO) next September, when
the U.N. body holds its regular triennial
It will then be up to ICAO member
states whether to sign the declaration or
not, though this would not impose any
mandatory standards.
Jim Marriott, the ICAO's deputy director
aviation security and facilitation,
said that signing a declaration would be
a statement from member states that
they are taking the issue seriously.
States are also free to take action at a
national level before then, he said.
"We can only go so far ourselves as an
industry. States have an important role
to play," Poole said.
Aircraft manufacturers can also do their
bit, said Tony Tyler, director general of
the International Air Transport Association
(IATA), particularly as they often
have experience in the military sector.
Boeing's director for aviation security,
James Vasatka, told the conference that
his company hires hackers to test the
systems and software it puts on its
"They (the hackers) are absolutely
stunned at the quality we put in our software
and products. It would be very difficult
in today's environment to disrupt
that for the flight-critical systems," he

Remotely Piloted Aircraft Systems (RPAS) - the unstoppable future of aviation and its impact on ATSEP

Remotely Piloted Aircraft Systems (RPAS) - the unstoppable future of aviation and its impact on ATSEP
Carlos Viegas IFATSEA - SESAR SJU Liason

As all who read last year’s installment
in this ATSEP magazine will remember,
it was promised that a second installment
would bring into focus the introduction
to the subject of RPAS then
The time spanning these two articles
has been well spent; at the time for example
when we spoke of the need to
have mandatory detect and avoid systems
and software on all small RPAS
and very especially the line of sight variety,
the response at the time was: “too
heavy, too expensive…not possible!”.
Today all are unanimous; yes, it is absolutely
necessary and unavoidable.
This can be used to Gage the extreme
speed at which the RPAS are being understood
and their unstoppable potential
is being made clear.
But…as always the aeronautical community
and its institutions need to have
a cool collective head and look further
down the time line to be able to regulate
adequately, this is no easy task because
the regulator for the first time is
put at the door of an as yet unseen scenario:
..the regulator from now on needs
to be proactive in the case of RPAS but
also in all other highly automated ATM
Tradition dictated that regulation would
come into force in a scenario of well-known
variables which were not foreseen
to change in the near future…
..that was until we all started to think of
new highly automated ATM systems deployment.
Then we realized that today change in
ATM is possible and demanded at a
breakneck speed, so the regulator
needs to adapt its regulated strategy
too and deployment needs to give the
regulator feedback on issues found in
change management so that regulation
may be reviewed, this is an endless
cycle from now on.
Another issue of concern…and this
might be odd coming from an engineer,
who is above all a concerned human
being, we cannot let ourselves be
driven by our capability to produce new
and cheap solutions…with no time to
test them thoroughly and certainly no
time to evaluate what are the consequences
of a huge paradigm shift: integrating
an ever increasing number of
RPAS in non-segregated airspace
The economic appeal is easy to see but
the initial investment to guarantee
safety and security to all RPAS in their
access to non-segregated airspace is
not trivial as is the method in which this
takes place.
As yet no clear answers come up on
how the communications, telemetry and
payload of RPAS that take off from platforms
not situated at airports are controlled
or logged.
Recent documents state that the operator
of the RPAS is responsible…. well
yes, we know that! it would always be
Probably the most important question
would be: does he care?
Plug and Fly springs to mind as a solution
to the communications and telemetry
part but the payload issue is clearly
very different and more complex.
Small RPAS cannot be seen isolated
from the universe in which they fly, the
dimensions of these, while small, interacts
with huge and passenger carrying
airliners and as such represent a huge
potential to disrupt safe and secure passenger
carrier operations.
This is of course only true if proper regulatory
measures are not put in place
before they take to the skies in droves.
The Impact on ATSEP roles and responsibilities:
This depends hugely on how and what
technologies are used to integrate the
digital communication network that will
serve all the air systems.
If these are integrated with other highly
automated ATM systems in a future
SMC, then the ATSEP have their work
cut out for sure.
The monitoring and control of this network
as well as its systems health management
is critical to maintain the RPAS
operating safely and predictably.
This is true only for the small systems
foreseen to fly below approach level because
above that the RPAS will have to
take off and land in airports due to their
dimension and this means that they will
use the same systems that the manned
aircraft use.
In both case it is however very important
to retain the fact that the criticality
of the ground systems that the ATSEP
monitor and control is of a very much

higher level than is true today.


– A challenging new domain for ATSEP
By Theodore Kiritsis
IFATSEA Vice President
Editor Navaire

Until recently the technical and operational environment of Air Navigation Services was a secluded area with its proprietary technologies specifically made for purpose, such as CNS/ATM disconnected from the information flow of the rest of the aviation and other industries. Only recently we have moved towards a more and more distributed/networked environment. In any case the ‘legacy’ networks used so far e.g AFTN, AMHS and even IP based ones, are disconnected from outside users. Thus the possibilities of intrusions were minimal by architectural design and only randomly there were cases of malware.
However, it is worth noting that very few, if any, data exists on potential intrusions or cyber-attacks as no incident
collection has been done in an organized fashion so far. Under the current culture, the CNS/ATM environment of an ACC or
an Airport that is subjected to an attack will be addressed as a technical failure and be attributed to h/w or s/w failures by the operational technical personnel, the ATSEP. It is worth noting that if for a moment we confine the focus in the ACC or the Airport areas on an example of a cyber-attack such as e.g. denial of a service, the ATCO on duty will be deprived of critical data. The ATCO on duty will alert the ATC room supervisor will communicate the failure or degradation from the Ops room to the Technical SMC (Systems monitoring and Control room) and the ATSEP on duty will try detect, through symptomatic detection (as there are no tools to detector identify a cyber-attack) whether it is a failure or intrusion.
Therefore, in an ANSP, the ATSEP on duty will be requested to deal with the impact/symptom of a Cyber-attack, basically acting based on best practice and under the current maintenance culture. There are also cases where the Local Systems Supervision tools may identify some abnormal behavior through the monitoring of specific critical or crucial technical parameters, or intrusion in remote CNS installations which are simpler to interpret. Given that usually the distances of the remote CNS facilities, on mountain tops etc. the element of (response mitigation) time is introduced in an unknown,
so far, fashion and impact on the system resources as the response has to be able to mitigate the failure, the event and any potential interference, with the data provided from the facility. Of course if the intrusion is not detected, many security and consequently safety issues, can arise.
It is expected that, an advanced Local SMC Supervision with systems health management and cybersecurity tools will be researched and developed in SESAR2020 so as that the future concepts implemented through tomorrow’s elements of the Service Oriented Architecture (SoA) and distributed sociotechnical systems,
gain the capability level of ‘sniffing’ and proactively identifying
abnormal system behaviors whether they are of technical or cybersecurity nature (or both!).
This new anticipated technical environment will give the ATSEP of the future the ability to counter the potential threats and thus avoid service degradation at system level and even the propagation of the threat. As after the 11/09 it was decided to think ‘out of the box’, so we must do now in the ANS domain. It must be noted here that the
Resilience of the ANS technical and operational system to withstand external ‘perturbations’ being Security breaches/attacks but also to overcome and recover from them will be enabled by the above tools and of course the necessary competence levels of both ATSEP and ATCO on the ground and of course Pilots in the air. This may even expand further to cooperation with competent authorities on the boundary of the ANS domain.
It is worth noting that today the ACC and the Airport systems are fed with data from Sensors that are open with
no encryption whatsoever (e.g ADSB transmissions). The same goes for the communications which are still VHF with AM modulation and datalink with VDL xx modes that are also open
with no encryption. Therefore, it is very demanding trying to identify if the failure is a malfunction or an attack. In order to think out of the box, studies must be made in order to strengthen the CNS/ATM system and increase its Resilience. This would be a new element/approach as today the Research on System Resilience focuses not on the technical side but on the ATC service provision (indeed excluding even the Navigation failures – e.g EGNOS(?) provided directly to the pilot). Coming now to the SESAR and
NextGen technologies that rely mainly on networking (through SWIM) it easily realized (and it has been) that everything from the system design to the business model has to be scrutinized
for creating inherent security gaps. Sometimes this is even connected to proposed changes in the Business model.

I will explain with a small example.
“The SESAR2020 concept is investigating the splitting up of the Data Processing model in an ACC to individual Services that may be fed to the iCWP from potentially different data providers. Thus the final picture that will presented to a controller will be a product of synthesis of data from different originators or Data providers.
Assuming that a ‘false’ or ‘suspicious’ indication appears on the screen, the ATSEP that will be called to identify the cause of the problem and restore it, will have to identify the root cause and on top of that to identify whether it is a cyber-attack or not! “
In other words, while the Controller is facing a demanding safety critical situation the ATSEP has to trace back the causal analysis to the said data providers and/or potential interference with the unencrypted sensor data. Now, if we include in the system a new concept such as RPAS with their own sensors and failure modes for which no experience exists yet, then the cybersecurity equation becomes more and more complex. Remember a RPAS flying in non-segregated airspace is another target for the system. The new proposed business model for CNS provision and/or even a centralized critical functionality like a Central Tracker inherently creates single points of failure. Just imagine for a moment the case of a false alarm on the Centralized tracker and the impact it would have on the clients/ANSPs having to revert to their backup systems. Similar, clearly technical failures in ANSPs have created havoc for several hours in the European skies. If you want to elaborate a little more, include the Pilot in the awareness loop
in this time critical situation! So it is the ATSEP and the ATCO (if the failure reaches their screen) and the Pilot in the air and that is all. This incident I described above will be a battle against time!
Moreover, the issue needs to be resolved because Safety, security and even performance are threatened especially in the case of false alarms. The issue of False alarms and Probability of detection is a well-known problem for detecting potential threats especially in the Airport Security metrics. Addressing the Cybersecurity issues,
directly addresses the CNS/ATM system resilience and the
failure propagation to other interconnected systems and now in the
SESAR and NextGen era most, if not all, systems communicate through SWIM.
Speaking in Resilience terminology, the Cybersecurity attack when successful will be treated as a system Perturbation and Resilience will be the capability of the system to withstand the attack, limit and stop its propagation and Recover as soon as possible to nominal system operation and consequently tactical Operations
reach normal state. Although not directly related as it was a sabotage, just a few months ago a subcontractor cut the Communication lines of the Chicago ATC center and set fire to the housing of ANS systems. It took a lot of effort (18days?), miles of optical fiber and reinstallation of certain h/w and s/w elements, in order to restore the ACC Center back to normal operations. The cutting of communication lines had a severe effect on operations since no Surveillance and/or Data Processing picture was available (suddenly). The fact that the fire alarm rang mandated the evacuation of the premises with the ATSEP returning first to the site in order to try to evaluate the damage and draw a plan in order to begin restoring systems operation. This example may sound overstretched but please focus on the fact that, in cybersecurity terms, this event may be considered as an ‘insider’s job’ because he knew which communication lines to cut (at least) but, as the press reads, without realizing the effect it would have on the traffic. This could equally have been a deliberate insertion of a virus, or a ‘key logger’s/W patch that came in a piece of
COTS equipment.
In conclusion, mainly ATSEP are likely to spot a security breach (at data/network) level while it is evolving. Arming the SMC suites with security tools for detection and addressing (decision making tools), together with specialized training* for all involved stakeholders
(ATSEP, ATCO), clearly defined Roles and Responsibilities will be the basis for further work. Needless to say the Technical system Supervision will have to be standardized and formalized in such a way as to have the same Technical Supervision capability, including on Cybersecurity threats, is available in all deployed systems. Failure mode analysis (FMEA) will have to be revisited and of course Contingency Plans to say the least. Even a special Protocol (technical status Exchange Model) for systems supervision and monitoring will greatly facilitate for technical system awareness. On the Human side this will mean that in order to address a Security incident a meaningful TRM context for ATSEP/ATCO and Pilot coordination will have to be developed. EASA has identified this need for ATSEP security Training and included it in the NPA 2013-08
Theodore is an ATSEP, working for Hellenic Civil Aviation Authority. He is Vice President of IFATSEA and editor of Navaire. He has been
involved in SESAR since the early days of the definition phase in 2005. Currently he contributes in the IFATSEA SJU IVT Team and
represents staff associations in the ADMIN
Board of SJU.