From autumn 2024 through spring 2025, cybersecurity experts, ATM domain experts and the project consortium members participated in a series of validations activities for assessing the improved SecRAM 2.0, using SecRAM Navigator as a platform. The final validation session took place on the 20th of May 2025, led by Deep Blue in collaboration with the SEC-AIRSPACE team. This process was designed to test the usability, usefulness, and users’ trust in the updated SecRAM 2.0 methodology and the web tool, in the context of ATM cybersecurity risk assessment.
The validation experience
The validation exercises centred on the holistic risk assessment approach simulated realistic risk assessment scenarios. The aim was to evaluate the effectiveness of the enhanced SecRAM methodology and the new web-based platform, while also gathering actionable feedback from users. Following preliminary sessions in October 2024, the final validation incorporated an improved cybersecurity risk assessment web tool and hands-on experience with the tool, enabling participants to utilise it to conduct their cybersecurity risk assessments.
Direct feedback from earlier activities drove significant refinements. The exercise was well-collaborated, ambiguities were removed, and user guidance was enhanced, resulting in a smoother and more intuitive validation experience. Participants appreciated the flexibility to add new assets, vulnerabilities, threats and controls in the catalogue as well as the structured approach to risk assessment. The overall feedback was positive, with both qualitative and quantitative feedback confirming that the validation objectives were successfully met.
Highlights of important results:
- The validation demonstrated that the updated SecRAM methodology, including its updated primary and supporting assets, threat and vulnerability, and new security controls, is robust and fit for purpose in ATM cybersecurity risk assessment. Stakeholders confirmed that the methodology is comprehensive, flexible, and relevant for current and emerging ATM scenarios.
- 87% of participants found the SecRAM Navigator easy to use and would recommend it to colleagues. The tool was appreciated for its intuitive workflow, guided navigation, and ability to complete the security risk assessment.
- Users highly valued the flexibility to add new assets and vulnerabilities, threats and security controls during risk assessments, enabling tailored risk management. This capability is a direct result of the updated SecRAM methodology’s design, which allows dynamic integration of new elements without disrupting the risk assessment process.
- Most users (67%+) felt the updated methodology and tool effectively supported threat and vulnerability identification. The methodology’s updated catalogues and workflow made it easier for users to find, link, and assess relevant threats and vulnerabilities.
- Users trusted both the updated SecRAM methodology and the tool, with 67% or more expressing confidence in the results and process. Data handling and security were also positively rated.
- The concept of cascading effect analysis was well received, though further development is needed.
Current and future relevance
In the short term, the insights from these validation exercises will directly inform improvements to the SecRAM Navigator, making it even more user-friendly and effective for ATM cybersecurity risk assessment. The feedback will guide the development of new features, such as enhanced user guidance, real-time collaboration, and advanced data visualisation.
In the long term, the data collected includes user logs, questionnaire responses, and expert feedback to contribute to the development of a more robust and reliable web tool.
By continuously refining the tool and integrating advanced simulation technologies, SEC-AIRSPACE aims for a holistic risk assessment approach within the aviation sector. This initiative will not only benefit cybersecurity professionals but also enhance the overall safety and resilience of air traffic operations in an increasingly digitalised environment.
Great teamwork, great validation
The validation session concluded on schedule and without issues. The data collected from user interactions, questionnaires, and debrief sessions will be used for further analysis. This milestone was achieved thanks to the close collaboration and expertise of all partners involved, including Deep Blue, the SEC-AIRSPACE consortium, and external security specialists.
The project is co-funded within the framework of Horizon Europe and brings together leading organisations: Sintef, Deutsches Zentrum für Luft- und Raumfahrt, Deep Blue, Advanced Laboratory On Embedded Systems ALES, Cefriel, Zenabyte, Luftfartsverket, Skyway Air Navigation Services, and Linköping Universitet.
Connect with SEC-AIRSPACE on LinkedIn for updates and opportunities to participate in future validation activities.
More about the project
Tags: SecRAM Navigator, SEC-AIRSPACE, Europe, Aviation
