It is the FAA's intent to terminate point to point (local) connections between FAA NAS systems and outside entities as soon as possible and to replace them with connections made via secure gateway. The FAA will work with aviation partners to accomplish their transition within a reasonable period of time, consistent with each aviation partner's particular situation. The FAA is willing to meet with aviation partners collectively or individually to discuss surveillance technologies available.
What is the definition of a "secure gateway"?
A secure gateway blocks or filters access between two networks, often between a private network and a larger, more public network such as the Internet; allowing internal users to connect to external networks while protecting internal systems from compromise (NIST Special Publication 800-14, 1996). The National Airspace System (NAS) Enterprise Security Gateway (NESG) infrastructure provides a framework for compliance with boundary protection service requirements between NAS and non-NAS systems/networks in accordance with FAA Order 1370.114. The NESG infrastructure includes a layered security scheme to facilitate defense in depth security controls and provides a buffer between the NAS and external systems/networks to ensure no direct service connections to NAS systems. This follows the National Institute of Standards' approach to network security, which is mandatory for all agencies.
How will the FAA achieve NESG redundancy and ensure data feed availability?
NAS data feed redundancy will be achieved through duplication of NAS data service collections points behind the NESGs and dynamic data rerouting to the available gateway location. The FAA recommends NAS data consumers connect to multiple NESG physical locations by the following methods: Use of internet-based virtual private network (VPN), user-provided dedicated transmission service (DTS), or user-provided local Ethernet connection. However, the FAA does not guarantee or warrant NAS data feed availability to any external user.
What are the "no cost" NAS surveillance data feeds and where are they located?
No-cost FAA data sources available through the NESG include Aircraft Situational Display to Industry (ASDI) and Airport Surveillance Detection Equipment, Model X (ASDE-X) data. ASDI provides NAS air surveillance data, while ASDE-X provides NAS ground surveillance data for 28 of the 35 ASDE-X-equipped airports. Both data feeds are available through the NESG at the FAA Technical Center, Atlantic City, NJ (Primary) and the FAA Aeronautical Center, Oklahoma City, OK (Backup).
Where will ARTS data be available after transition to a secure gateway?
ARTS data is presently available within the ASDI feed through the NESG.
Will secure gateway data feeds retain the same data sets and the level of data fidelity as local connections?
NAS data feeds provided through a secured gateway will generally retain the same level of fidelity as previously experienced with a local connection, but may not contain all data sets previously available. As noted above, the FAA does not warrant or guarantee the availability of NAS data feeds.
Why do vendors charge for access to surveillance products when the data is provided by the FAA at no-cost?
NAS surveillance data is made available at no cost to aviation partners. Commercial vendors charge to recover their investment during the collection and distribution of NAS data, including any conversion to commercial information products.
How will the FAA treat Memoranda of Agreement (MOA) for local connections that have not expired?
The FAA will attempt to honor existing MOAs for local connections, assuming efforts are being made to transition to a secured gateway before MOA expiration. Each situation is different and will be evaluated as such.
Should aviation partners work directly with the FAA Service Area representatives to develop their transition plans?
The FAA highly recommends collaboration with Service Area representatives for transition plan development guidance and procedures for removal of equipment from TRACONs.
When does the FAA expect to receive transition plans?
As previously discussed, the FAA has requested submission of transition plans to the Service Areas before December 15, 2012. The objective is to complete aviation partner transition to secure gateway by the end of Fiscal Year 2013.
If an aviation partner's Memorandum of Agreement (MOA) for local connection expires before their transition to a secure gateway, will the aviation partner be required to submit a new MOA for the local connection?
The FAA will require submission of a new FAA Form 1200-5 and MOA. The FAA Form 1200-5 must indicate the aviation partner's intent to transfer to a secure gateway by the date specified in their transition plan.
After transition to secure gateway, will a MOA between the FAA and aviation partners be required?