Cisco Blogs

Securing Air Traffic Control Systems

August 31, 2016 - 4 Comments

I fly quite a bit for my job as a Security Services consultant for Cisco. I’m one of billions of passengers traveling annually: according to the International Air Transport Association (IATA), passenger numbers are expected to reach 3.8 billion in 2016. The number of unique city pairs connected by airline networks will reach 18,243.

With numbers like these, you can understand why the job of an air traffic controller is considered to be one of the most stressful jobs.

Now consider the job of the aviation chief information security officer (CISO): they are charged with safeguarding the air traffic control systems in an era of hyper-connectivity in the Internet of Things (IoT) and constantly evolving cybersecurity risk.

Air traffic control (ATC) is collectively a set of regional, interconnected systems that perform numerous functions such as in-air flight separation and routing, on-ground traffic control, radar control, and runway lighting control. Working together, the network of regional ATC systems provides comprehensive coverage for the nation’s airspace and allows travelers to safely enjoy commercial and private air travel.

The interconnected network of ATC systems is part of the evolving IoT landscape. Various aspects of ATC interface with physical processes such as radar control and airport runway lighting. Without reliable radar and lighting, safe air travel wouldn’t actually be possible. Industrial control systems—and their components and networks—provide the ability to control these kinds of physical processes. If industrial control systems are disrupted or taken out of normal operation, ATC functions could be severely impacted.

Fortunately, aviation CISOs can implement an effective security program strategy by incorporating best practices from industrial security environment. A few to consider:

  • Obtain executive-level visibility and support for the security program
  • Implement robust internal network segmentation
  • Implement real-time cyber threat detection and response capability
  • Implement robust remote access controls
  • Regularly evaluate third-party and supply chain security risks

Aviation CISOs can build on this foundation to achieve higher levels of cybersecurity program maturity, and ultimately keep the 3.8 billion passengers in our skies safer.

For a more detailed review of my recommendations and other resources, read this blog I recently wrote for Homeland Security Today and visit Cisco’s Security Services for the Internet of Things web page.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Thanks for your comments Acaria! Cisco is leading the way in security in many respects with innovative and unique market-leading solutions. Many are still unaware that we won the SC Magazine award for #1 Security company at this year’s RSA Conference. I’m confident that homeland security and critical infrastructure protection will continue to be focus areas for many years to come, and we will lead development and delivery of solutions for this sector.

  2. Jose, thanks for your observations and comments, much appreciated!

  3. Securing Air Traffic Control as well as the implementation of a solid security program strategy in nowadays is a must have. Great article, as the one written for Homeland Security Today. Thank you for sharing it.

  4. I think Cisco’s solutions and focus on security has an advantage over our competitors and I hope Homeland security will stay relevant and procure our solutions best practices described in this article.