A Cybersecurity Test and Evaluation Facility for the Next Generation Air Transportation System (NextGen)

The Federal Aviation Administration (FAA) is developing the Cybersecurity Test and Evaluation Facility (CyTF) for the FAA Air Transportation System as it transitions to the Next Generation Air Transportation System (NextGen). This paper describes the goals, capabilities, architecture, current implementation, initial experience, lessons learned and future implementation of the CyTF. The FAA Air Transportation System is an attractive cybersecurity threat target and the FAA must proactively and continually adjust its cybersecurity capabilities to match the changing cybersecurity threat landscape. The CyTF is providing an adaptable cybersecurity research and development environment independent of the operational system to satisfy research, test and evaluation needs. The CyTF has a number of complex requirements: testing cybersecurity tools and technologies prior to their integration into the Air Transportation System, the evaluation of individual FAA Air Transportation subsystems security, security of end-to-end services involving multiple subsystems, procedures to respond and recover from a cybersecurity event and cybersecurity training of the FAA workforce. One of the major lessons learned, described in the paper, has been how to address some aspects of the CyTF’s complex requirements.