ObjectSecurity, an information security leader with a strong track record in the air-traffic management sector, and the company driving model-driven security policy automation globally, today announced a study contract awarded in partnership with Real-Time Innovations (RTI), the world leader in delivering fast, scalable communications software that addresses the challenges of building and integrating real-time operational systems. The companies will contribute services to the U.S. Federal Aviation Authority (FAA) Information Security Management Task, in partnership with the Network Centric Operations Industry Consortium (NCOIC), to manage the information security of air traffic control systems.

ObjectSecurity provides expertise as a subcontractor to RTI and the NCOIC. ObjectSecurity’s track record in the air-traffic management sector includes a civil-military interoperability study for the European EUROCONTROL (in partnership with Helios), participations in the EU FP6 System-Wide Information Management – Supported by Innovative Technologies (SWIM-SUIT) project, and in the EU FP6 AD4 4D Virtual Airspace Management System project. ObjectSecurity’s successful involvement in all those projects stems from the fact that OpenPMF™ model-driven security policy automation and accreditation technology approach forms a critical part for solving the dynamic technical policy implementation for large, interconnected, dynamically changing IT landscapes such as integrated air-traffic management systems (including U.S. FAA NextGen and EU EUROCONTROL SESAR JU).

RTI specializes in information management and integration for the world’s most complex and critical real-time operational systems. RTI has a proven track record of delivering targeted services and expertise to government, transportation, aerospace and defense agencies, integrating complex systems-of-systems from the operational edge to the enterprise with a focus on interoperability and compliance.

The purpose of the FAA Information Security Task is to: provide a method for managing the information security of air traffic control systems; illustrate concepts, approaches, processes and methodologies to support security risk assessment and evaluation; analyze information security risk assessment results to determine applicability and impact to safety management system risk analysis and processes; provide recommendation for development of an information security management system that includes integrated method, governance, and implementing the recommended solution; Identify conflicts and or gaps between industry recommendations for information security and this approach.