Cyber security is a key enabler for safe Air Traffic Management (ATM). This paper presents results from an empirical study, in which we have investigated and evaluated the use of the Security Risk Assessment Methodology for SESAR (SecRAM) in European ATM research and development projects. The study was performed with the intention to find and document common issues and aspects that could be improved in the methodology. The results from the study reveal that while most of the practitioners had a positive perception of the methodology itself, they were less satisfied with the process of applying it in their projects. Based on the results, we provide a number of recommendations, which aim to improve the security risk assessment process in the ATM domain.
CC BY 4.0
This project has received funding from the SESAR JU under the EU H2020 research and innovation programme under grant agreement 731765. The work has also been supported by the Science of Security in Agile Software Development (SoS-Agile) project, funded by the Research Council of Norway (grant number 247678).