Simulating ADS-B Attacks in Air Traffic Management

In Air Traffic Management (ATM) training, simulations of real air traffic control (ATC) scenarios are a key part of practical teaching. On the internet one may find multiple different ATM simulators available to the public with open source code. Today most aircraft transmit data about position, altitude, and speed into the atmosphere that practically are unencrypted data points. This data is called automatic dependant surveillance broadcast (ADS-B) data. The lack of security means that potential attackers could project “fake” ADS-B data and spoof existing data to air traffic controllers (ATCO) if the right equipment is used. We see this as a security flaw and we want to prepare ATCO for cyberattacks by modifying an ATM simulator with cyberattacks. First, OpenScope was chosen as the ATM simulator to be modified. Subsequently, three types of attacks were chosen for the simulator to be equipped with, based on ADS-B weaknesses from existing literature: aircraft not responding to commands, aircraft with altering positional data, and aircraft with incorrect speed and altitude data. The recorded parameters were the written command lines and corresponding aircraft type it was applied to. Using this modified simulator, ATCO can now be evaluated against cyberattacks.