August 31, 2023


Sofema Aviation Services (SAS) considers the elements required to ensure effective Management of Aviation Cyber Security Incidents and Emergencies


Developing a comprehensive plan to ensure effective management of cyber incidents and emergencies is crucial for the security and resilience of an organization. Documented Process, Procedures and a Trained and Competent Standing Team to call on for emergencies is an essential prerequisite.

Establish a process for capturing and analyzing lessons learned from each incident or emergency. Use this information to refine and improve the incident response plan, security controls, and employee training programs.

Effective management of cyber incidents and emergencies requires a proactive and holistic approach. Regularly assess your organization’s cybersecurity posture, adapt to emerging threats, and foster a culture of security awareness among employees.

Team Members are to be drawn from the following business areas:

  • IT
  • Security
  • Legal
  • Communications
  • Operations
  • Technical
  • Quality

The role of the Incident Response Plan

To outline step-by-step procedures for responding to cyber incidents, such a plan should be customized to meet the specific needs and regulatory requirements of the organisation.

  • Include incident identification
  • Containment
  • Eradication
  • Recovery, and
  • Lessons learned
  • Customize the plan to fit your organization’s specific needs and regulatory requirements.

Risk Assessment and Planning

Perform regular and detailed assessment of the organization’s cyber risks and vulnerabilities and use this information to prioritize response efforts and allocate appropriate resources.

  • Identify all critical assets
  • Determine potential threats
  • Evaluate Potential impact scenarios.
  • Use this information to prioritize response efforts and allocate appropriate resources.

Building Cyber Resilience

Deploy and maintain robust security controls to prevent and detect cyber incidents.

  • Firewalls
  • Intrusion detection systems
  • Antivirus software
  • Secure configurations, and regular patch management
  • Potential for threat intelligence platforms and
  • Security analytics tools.

Internal Communication and Reporting Process

Implement a clear and accessible reporting mechanism for employees to report potential incidents promptly.

  • Encourage a culture of reporting and ensure anonymity if necessary.
  • Create a centralized repository to track and manage reported incidents.
  • Establish clear communication channels within the organization and with external stakeholders.
  • Determine who needs to be notified during an incident and define communication protocols
  • Designate a spokesperson to handle external communications and media inquiries.

Cyber Training Program

Regularly train employees on

  • Cybersecurity best practices
  • Incident response procedures
  • Roles & responsibilities during an incident.
  • Awareness regarding common cyber threats,
  • Phishing attacks, and
  • Social engineering techniques.
  • Conduct simulated exercises and tabletop drills to test the effectiveness of the plan.

External Interfaces to Support Effective Cyber Management

  • Build relationships with external entities and where relevant develop agreements for mutual assistance and information sharing during emergencies. Examples are :

o Law enforcement agencies

o Incident response providers

o Forensic experts

o Legal counsel, and

o Industry groups.

o Establish agreements for mutual assistance and information sharing during emergencies.

Cyber Plan Test and Exercise

Periodically conduct exercises to test the effectiveness of the plan. Regularly review and update the plan based on lessons learned, emerging threats, and changes in the organization’s infrastructure or regulatory environment

  • Tabletop simulations
  • Red teaming
  • Full-scale incident response drills.

Communication with Press and Media

  • Designate a spokesperson or a team to handle media and press communications.
  • Develop key messages that address the incident’s impact, actions taken, and steps being taken to mitigate the situation.
  • Ensure that all communications align with the organization’s overall crisis communication strategy.
  • Maintain regular communication with the media throughout the incident response process.
  • Conduct post-incident analysis to identify lessons learned and areas for improvement.
  • Share the findings internally and, if appropriate, externally to demonstrate transparency and organizational learning.
  • Media Training and Preparation

o Provide media training to designated spokespersons to effectively convey messages, manage interviews, and handle tough questions.

o Anticipate potential questions and prepare appropriate responses.

o Maintain a centralized repository of approved statements, factsheets, and FAQs for consistent messaging.

The Need for Effective Media Outreach and Engagement Related to Cyber Exposure and Potential Incidents

  • Proactively reach out to media outlets to provide updates and establish regular communication channels.
  • Organize press conferences or briefings to disseminate information to multiple media representatives simultaneously.
  • Use social media platforms and the organization’s website to share updates and respond to public inquiries.

Cyber Security Challenges to Effective Management

Many organizations lack awareness of potential cyber threats and fail to adequately prepare for incidents. This can lead to delays in response and an ineffective management of the situation. To overcome these challenges, organizations should focus on proactive measures such as robust cybersecurity awareness programs, continuous monitoring and threat intelligence, investment in skilled personnel and adequate resources, and well-defined incident response plans. Regular testing and updating of response plans through simulations and tabletop exercises can also enhance preparedness. Additionally, fostering strong partnerships with external entities, such as incident response providers and law enforcement agencies, can aid in effectively managing cyber incidents and emergencies.

Consider the Following Potential Cyber Exposures

  • Cybersecurity teams may face resource constraints, such as budget limitations and a shortage of skilled professionals. Insufficient resources can hamper the response capabilities, making it difficult to handle multiple incidents simultaneously or respond promptly to a large-scale attack.
  • Effective incident response requires coordination and collaboration among various stakeholders, including IT teams, security personnel, legal departments, public relations, and external partners. The lack of effective communication and coordination between these entities can hinder the timely resolution of incidents.
  • Modern organizations have complex IT infrastructures and interconnected systems, making it challenging to identify the source and extent of a cyber incident. Understanding the technical details and interdependencies within the environment is crucial for effective incident response and mitigation.
  • Dealing with cyber incidents involves navigating legal and regulatory frameworks, which can vary across jurisdictions. Compliance with privacy laws, data breach notification requirements, and evidence preservation can pose significant challenges during incident response.
  • Cyber incidents can damage an organization’s reputation and erode customer trust. Managing public perception, communicating effectively with stakeholders, and implementing strategies for reputation recovery are critical but challenging aspects of incident response.

Next Steps

Sofema Aviation Services offers the following courses delivered as classroom or webinar – EASA Compliant Organizational Cyber Security Responsibilities – 1 Day

Please see or email


Antivirus software, Aviation Cyber Security, common cyber threats, Communications, Competent Standing Team, crisis communication strategy, Cyber Exposures, Cyber Incidents, Cyber Training Program, cybersecurity posture, Documented Process, Effective management, Eradication, Firewalls, Forensic experts, incident identification, Incident Response Plan, Incidents and Emergencies, Legal, Media Outreach, Media Training, Operations, Phishing attacks, Potential Incidents, press communications., Quality, Red teaming, Regulatory Requirements, Risk Assessment, SAS blogs, Security, Security analytics tools., security awareness, spokesperson, tabletop drills, Technical