GAMMA has laid the foundation for the development of a solution for ATM Security, opening the way for the next phase of the project, by completing the work on Security Risk assessment. This analysis, which has involved all GAMMA partners, started with the establishment of the context and proceeded with the risk identification, risk evaluation and the definition of security objectives and needs. The entire process was then closed with the elaboration of the risk treatment, which represents the last step in the process.
The approach followed by GAMMA relies on established methodology, such as ISO/IEC 27005 (Information security risk management), and follows the line developed by the SESAR programme (SecRAM).
The work performed in GAMMA adopts the SESAR SecRAM as methodology and the Minimum Set of Security Controls (MSSCs) as starting point to define the GAMMA security controls (both as refinement of MSSC and additional security controls) in order to be as consistent as possible with the SESAR security framework.
As a result of this work, the major risks targeting the ATM system have been identified and recommendations have been proposed for ATM risk reduction, retention, avoidance or transfers (of residual risks). The objective of this task is to reduce the security risks as much as possible by defining security controls.
This work represents the foundation of the GAMMA project, as the risk analysis will be used as an input to define the security framework as well as the architecture for an ATM Security Solution.