ATC Notebook

Security in the NAS

In 32 of the last 35 years we have seen aircraft hijackings. How does our Air Traffic Control System combat these and other security threats?

maclawler
Verified
Gemini Sparkle

Key Takeaways:

  • The US National Airspace System (NAS) security has significantly evolved since 9/11, managed by the Air Traffic Organization's (ATO) System Operations Security through tactical, special, and strategic groups.
  • The Domestic Events Network (DEN) serves as a crucial 24/7 communication hub, connecting over 100 agencies for real-time threat detection, assessment, and coordinated responses within the NAS.
  • Air traffic control (ATC) is integral to identifying suspicious activities, such as prolonged loss of communication or unusual flight plan changes, and promptly reporting them to the DEN.
  • Aviation security also confronts modern cyber threats, including attacks on IT infrastructure, data breaches, and ransomware, demanding continuous vigilance and robust defenses.
Key takeaways sponsored by Aviator Pro | Start Your Training ->
See a mistake? Contact us.

Maintaining safe, secure skies is the name of the game for air traffic control. We have a responsibility to protect not only the people in the air, but the people below. We are proud to accept this responsibility and deliver the safest airspace system in the world. Security in the US National Airspace System (NAS) has seen massive transformation over the last 20-plus years. From that tragic day on September 11, 2001, the world of aviation security has changed and grown into a system that has decreased the average number of yearly hijackings by almost 90 percent.

Airport security plays a large part in this, but air-traffic security procedures add a critical component to aviation security. The ATO (Air Traffic Organization), in partnership with other security groups, works around the clock and year around to monitor and protect the NAS. The many programs and procedures in place are a direct result of a constant effort to improve security in our skies. Understanding the nature of security in the world of aviation, particularly in air traffic control, is a great way to improve the overall safety of the NAS. After all, knowledge is power, and the strength of security in our aviation system protects us all.

Security Landscape

System Operations Security is the organization that “leads the Air Traffic Organization’s use of the agency’s Air Navigation Services (ANS) authorities, expertise, and operational capability to help protect the United States and its interests from Air Domain related threats and hazards in the national defense, homeland security, law enforcement, and disaster response arenas. System Operations Security is also responsible for leading the ATO’s Air Traffic Management (ATM) security efforts to mitigate the impacts of those threats and hazards on the safety and efficiency of the National Airspace System (NAS).” (FAA)

System Operations Security also leads the ATO’s Air Traffic Management (ATM) system in their security efforts. Their objective is to mitigate threats and hazards that would impact the safety and efficiency of the NAS. There are three specific groups within the System Operations Security organization that contribute to the collaboration with Federal, State, and local interagency partners: Tactical Operations Security, Special Operations Security, and Strategic Operations Security. Each group plays a unique role in the safety of aviation.

Airport passenger screening by the Transportation Security Agency is but one small element in NAS security.

Four-Letter Acronyms

The Tactical Operations Security Group (TOSG) can be considered the boots on the ground for NAS security. They focus on detecting and responding to potential threats like suspicious flights. Their actions and attention are geared specifically towards real-time security measures and actions. They cooperate with the United States Secret Service (USSS), the Federal Bureau of Investigation (FBI), and other interagency partners to “implement ATM security measures used to protect security−sensitive locations (e.g., the DC Special Flight Rules Area and Flight Restricted Zone [DC SFRA and FRZ]); events (e.g., National Special Security Events [NSSE]); and activities, including Very Important Persons (VIP) travel.” (Ref. FAA JO 7210.3)

In addition to the USSS and FBI, the TOSG works with the North American Aerospace Defense Command (NORAD), the Transportation Security Administration (TSA), Customs and Border Protection (CBP), and other security partners.

The TOSG is the final approving authority for all real-time ATM security decisions in regards to all aviation operations within the NAS. These folks are the front line and immediate authority for security measures that protect our nation’s aviation security.

The Special Operations Security Group (SOSG) is similar to the TOSG in their focus and considerations. Meaning they are looking at the same security measures and actions taken by the TOSG to maintain security in the NAS. You can consider the SOSG to be the Officers in the same way that the TOSG are the Soldiers. The biggest difference between the two is that the SOSG develops and coordinates the plans and procedures for implementing security measures. The TOSG executes plans and procedures, the SOSG develops and coordinates them.

One of the more interesting roles of the SOSG is their coordination with NORAD and other interagency partners to facilitate fight intercept operations. So if you happen to find yourself on the receiving end of a fighter intercept, you can thank the SOSG for helping to make that happen. The SOSG also has the distinct privilege of coordinating and authorizing call signs for special aircraft missions. When you hear DEATH1 or TIGER69 on your frequency, it’s the SOSG that gave them the green light to call themselves that. I imagine they’ve denied some of the more imaginative call signs submitted by our military pilots.

Finally, there is the Strategic Operations Security Group (StOSG). This group can be considered the Generals of security in the NAS. Their responsibilities are executed mainly by a selected staff at the FAA headquarters. They look at the large scale security threats to the nation. They work with FEMA, State Emergency Management Agencies (SEMA), the U.S. Northern Command (USNORTHCOM), State National Guard commands, and other federal, state, and local partners to develop and implement air-traffic management aspects of disaster response and other emergency operations plans.

The StOSG is also responsible for developing and supporting FAA ATO procedures that are written in the form of FAA security Orders. If you’re unfamiliar with FAA Orders, think of documents like the 7110.65 (ATC Rules and Regulations), only the Orders managed by the StOSG are specific to security procedures in the NAS.

One of the grander scale responsibilities of the StOSG is their coordination with stakeholders such as the U.S. Strategic Command (STRATCOMM) and FAA Spectrum Engineering to support GPS interference, Electronic Attack testing, and Identification Friend or Foe exercise within the NAS.

The StOSG encompasses the leadership of security matters with foreign counterparts like ICAO and foreign Air Navigation Service Providers. They plan and coordinate ATM security-related procedures for foreign aircraft overflights, which describe instructions for entry/exit, transit, and flight operation within U.S. controlled airspace.

DEN Isn’t in Denver

The last, and possibly most relevant security element for ATC, is the Domestic Events Network (DEN). The DEN was established in the aftermath of 9/11 to provide the FAA with a 24-hour line of communication between all stakeholders (over 100 agency partners) involved in NAS security. These agency partners use the DEN to monitor real-time activity to identity anomalies within the NAS. Through collaborative effort, they communicate to determine if such anomalies may pose a threat and to coordinate operational responses to thwart any such threats.

The DEN is a front-line defense that provides ongoing information sharing. For example, if an international flight goes NORDO, air traffic control will notify their watch supervisor who will then coordinate the information to the DEN who will in turn take appropriate actions and coordinate necessary action. This procedure also applies to any domestic flight that goes NORDO for an extended amount of time (more on that later). The level of interest that a flight receives is determined on a case-by-case basis through communication on the DEN. Depending on the situation, an event may trigger a higher level of scrutiny, as appropriate.

All ARTCCs are required to participate in the DEN, meaning they must maintain a continuous line of communication with the DEN. Additionally, all facilities must participate in the DEN if they are in the National Capital Region or they are approach control facilities during POTUS TFRs and National Special Security Events, or any other facility handling the arrival/departure phase of POTUS, VPOTUS, or the First Lady.

Suspicious Activity

Air traffic facility managers are required to make sure that their operational supervisors or controllers-in-charge report suspicious activities from aircraft in a timely manner. Reports of suspicious activity go directly to the DEN.

Of course, the goal of each piece of NAS security is the safety of all flights from takeoff to touchdown.

One of the most common things that occur in everyday operations is a loss of communications with aircraft in controlled airspace. This typically has a minimal impact to operations. However, when an aircraft is NORDO for an extended amount of time, the security gears are set into motion. When radio communications haven’t been established or reestablished with an aircraft after five minutes of the expected contact, ATC is required to consider the aircraft’s or pilot’s activity as suspicious. This applies to all aircraft. General aviation aircraft, law enforcement, military, and medevac are subject to this security procedure. Even if the aircraft is squawking 7600—an obvious coordination of radio failure—ATC is going to consider the circumstance as suspicious and report the event to the DEN. The DEN will then begin determining whether the situation warrants a higher level of security scrutiny.

Another common event that occurs daily that may require security investigation is a change of destination. Whenever an aircraft changes their destination, ATC must consider the action suspicious if the reason for the change of destination falls into one of several circumstances:

  1. If the aircraft is an air carrier, cargo, or schedule air taxi that diverts or changes their route for any reason other than weather or routine route changes.
  2. If the aircraft is general aviation arriving from an international departure point.
  3. Other general aviation aircraft and non-scheduled air taxi/charter services are considered suspicious when they request diversions from their original destination or routing for any unusual reason. An unusual reason is any reason other than weather, company request, passenger request, mechanical issue, emergency, etc.

ATC is also expected to be suspicious of any circumstance that might indicate a hijacked aircraft. They’re watching for unusual background noise, change in pilot’s voice characteristics, etc. Sometimes ATC facilities will learn of a hijack situation from other sources like the airline air operations center, local law enforcement that has been contacted by passengers, etc. and of course observing an aircraft squawking code 7500.

Cyber Security

In a world where information and communication technology (ICT) is routinely integrated into electronic devices used in aviation, we find ourselves at a high risk of cyber-security breaches. The biggest concern regarding cyber-security is malicious attacks to gain unauthorized access to critical systems. These sorts of attacks are commonly directed at the IT infrastructure.

In a recent study by MDPI, 71 percent of attacks are focused on systems that secure sensitive information like administrative passwords, and attempt to gain access to the IT infrastructure. “Denial-of-service attacks, such as Distributed Denial of Services (DDoS), which compromise data availability” (MDPI) comprise 25 percent of the attacks. The other four percent of attacks are targeted at corrupting files. These files can be intercepted while in transit or at rest in their local file location.

One of the most concerning and financially crippling types of cyber-attacks are those attacks called Ransomware. If you aren’t yet aware, Ransomware is a dangerous capture of critical information or control of organizational systems.

In one example that happened in a town near me, a fire department had their communications systems hacked and the hackers demanded a large amount of the untraceable bitcoin before returning control. This crippled the fire department’s ability to communicate emergency situations within their jurisdiction. Because of the time-critical nature of their reliance on that communication system, they were forced to pay the ransom. The amount of bitcoin that was transferred is worth millions of dollars at the current value of bitcoin.

Clearly, the need for security in our aviation system is critical. We see the structure in place, we see the operations that secure, and we see the threats that require vigilance. As you operate in the NAS, remember to consider security as well as safety. And rest assured that there are hundreds of people working diligently to ensure our security.

Mac Lawler is a safety and training professional who has worked in the aviation industry for 13 years. He specializes in air traffic control and learning management system implementation. He’s a regular at the local fishing hole and works part time for his kids as a taxi service.

maclawler

Ready to Sell Your Aircraft?

List your airplane on AircraftForSale.com and reach qualified buyers.

List Your Aircraft
AircraftForSale Logo | FLYING Logo
Pilot in aircraft
Sign-up for newsletters & special offers!

Get the latest stories & special offers delivered directly to your inbox.

SUBSCRIBE