With air transportation growing and current civil aeronautical communication systems reaching their capacity limit in high density areas, the need for new aeronautical communication technologies becomes apparent. This implies the transition from analogue voice to digital data communication. A promising candidate for terrestrial air-ground communication is the L-band Digital Aeronautical Communications System (LDACS). LDACS is currently in the process of being standardized in ICAO. Being integrated in the aeronautical telecommunication network and providing a digital communication link for safety critical applications, each and every installation of LDACS requires protection against cyber-attacks. A rigorous threat and risk analysis is the fundamental basis to derive an IT security architecture for LDACS. The objective of this paper is to identify safety relevant air traffic management services, perform a threat and risk analysis, and define attacker types. Having created a threat catalog, we introduce a threat rating system allowing us to set our findings in a qualitative context and pave the way for a future LDACS IT security architecture.