Security Analysis of Remote Tower Control

Abstract

The main target of the analysis is the Remote Tower control center. This will provide Air traffic control services for more than one airport by a single operator in a remote location therefore eliminating an individual control tower located on the individual airport premises. The Remote tower is expected to offer a full range of air traffic services such that the airspace users are not negatively impacted compared to the traditional local control tower. Furthermore, the analysis focuses on the Identity & access management, web application & database, networking and infrastructure. In order to analyse the threats and risks of the remote tower control center, the following assumptions were considered. ● All the already existing features ,services and systems etc are secured ● All the new features, services and systems need to be secured ● There is also some channel of communication between the Remote tower and the airport ● The new features are compatible with the current airport system In identity and access management, some of the main identified assets included, domain naming service, directory service, information server and out of the window system. these assets can be affected by the unauthorised access to data by employees and denial of service attack launched by an attacker or malicious employee. The proposed controls to these threats include installation of intrusion detection systems and segregation of duties For web application and database security, system identification information, encryption and decryption service and the network configurations were considered to be the main assets. These assets face crosssite scripting and SQL injections as some of the main threats. These threats could be mitigated or eliminated by integration of the database server into the security gateway and eliminating flaws Routers and switches, remote tower control communication and operating systems were the main assets identified in the networking and infrastructure. All these assets are faced by a risk, loss and destruction of infrastructure which can be brought about by malicious employees or hackers manipulating management parameters, however these threats can be controlled by installation of firewalls, setting up security policies and installation of electronic access control systems.