Integrated System for Safety of Air Traffic Control Infrastructure for ENAV

An Air Traffic Control security system must help ensure, at the highest level, operational continuity and reliability of the flight assistance service.

The basic idea is that of a SOC (Security Operation Center) which is a centralized logical and physical structure that has the aim of

  • proactively control the safety infrastructures, by monitoring and supervising the devices that provide protection (security) to the operating sites and ENAV personnel and the systems / devices that perform the functions for air traffic control (safety of the ATC systems);
  • effectively prevent and manage security incidents;
  • contribute to the governance and management of security by providing specific services and data relating to the performance and behavior of security systems.

Given the distribution on the national territory of the Customer's organization, the integrated security system whose model is proposed assumes a structure distributed on several levels which as a whole is called the Supervision and Control System (SSC) and for this reason it is used the acronym SSC rather than SOC.

CODIN, in RTI with Leonardo and ELECTRON Italia, has carried out consultancy activities for the definition of the IT and architectural ICT solution. The solution offers an SSC system powered by information from ATC infrastructures and systems and from equipment and control systems for physical security. The result of the consultancy is summarized in a study that was delivered to the Client's Security Function.

Environmental, organizational and regulatory requirements were analyzed (mainly those deriving from the competent bodies for ATC safety such as EuroControl, ICAO, ECAC). This activity led to the identification of four macro-areas of interest on which the Integrated Security System is structured.

  • Infrastructure and Site Protection.
  • Passive protections.
  • Active protections.
  • Protection of the Air Traffic Control Service.
  • Operational Equipment Protection.
  • Protection of Operative and Operational Supervision Stations.
  • ATC Data Transport Protection.
  • Integration of safety alarms with security information.
  • Protection from electromagnetic and similar interference.
  • Protection of the Data Transport Service and IT infrastructure (ICT Security).
  • Protection of the safety of personnel assigned or otherwise present in the structures.

Definition of Objectives and Services

The objective of the consultancy is to define an organizational and technological model and to identify, starting from the standards in use (for example COBIT 4.1), a map or catalog of services that could be implemented in the long term:




Obviously, in terms of priorities in the development of these services, priority should be given to Monitoring services, i.e. those typically related to security control and supervision such as:

  • Real Time Device Monitoring.
  • Incident Identification and Classification.
  • Fault Monitoring.
  • Service Impact Analysis.
  • Vulnerability and Risk Assessment.

The model of Integrated Security System that has been proposed is based on a hierarchical and modular architecture, structured by levels of responsibility and competence, in order to achieve the maximum degree of efficiency and effectiveness in the management of safety. The main objective is to increase the level of protection of infrastructures and services and to provide surveillance centers with the opportunity to collect, integrate and analyze information relating to all the elements to be protected.

The issue of synergies between the two concepts of security and safety in the ATC area deserves particular attention, since by integrating the monitoring of the control systems of both of these aspects, each of the two systems can bring added value to the other and vice versa, operating jointly as two parts of the same functional whole.

The information coming from the monitoring systems of the ATC equipment will allow to link the intrusions within the sites with any attacks on the ATC service that manifest themselves with the damage to the operating equipment. In this way it is hoped to strengthen the defenses and to identify in real time the nature of the attacks.


With the advice received during the analysis, the customer is aware of the gap between the current situation and the expectations that it can actually have. The study highlights, in fact, variously evolved solutions, among which the Customer can identify those that allow the best safety rate in relation to the economic commitment and time requirements. The Customer can draw the indications to perfect a path of improvement of security and safety, obtaining a result amplified by the synergies between these two aspects.

The Customer has at his disposal an architectural design solution for a Supervision and Control System articulated on various levels, with proposals for functional separations and skills. This structure facilitates the redundant management of information and the distribution of control skills.