Sofema Aviation Services (www.sassofia.com) looks at the obligations and objectives related to Cyber Security within the European Aviation Environment.
EASA has developed a Cyber security Roadmap which was endorsed by the Management Board in November 2015. Since then, EASA is working on its implementation and a number of initiatives have been launched to better address cyber security risks in aviation improving resilience and fostering built-in security.
The Airline Industry is considered a prime target for Hackers and other Miscreants.
The more that industry directs its technological efforts into creating an improved digital experience for their customers with Apps, User Accounts and Portals the more potential exposure to Cyber-attacks.
Any security flaws in Airlines and Industry software and applications pose the potential of being discovered and exploited
So many areas within the industry, including multiple “onboard system” have the potential to be exposed to cyber attacks particular where there is the deployment of new technology equipment or devices.
EASA participates and is the chair of the European Strategic Coordination Platform which includes representatives of key industry stakeholders, Member States and EU Institutions. The collaboration is contributing to harmonising aviation stakeholder’s objectives for cyber security in aviation and defining a common strategy.
European Centre for Cyber security in Aviation (ECCSA)
To promote voluntary information sharing and expert collaboration, EASA is supporting the creation of a European Centre for Cyber security in Aviation (ECCSA) and providing the initial operational capabilities in collaboration with CERT-EU.
ECCSA https://www.easa.europa.eu/eccsa has been formed to support the European initiative and will draw on the IT capabilities of the Computer Emergency Response Team of the EU Institutions (CERT-EU) to promote and activate the circulation of information amongst relevant aviation stakeholders
EASA has recently announced a plan for a Europe-wide Cyber Security initiative. With a goal of protecting the whole aviation chain, from Air Traffic Management Systems to maintenance organizations, and airports (Including Aircraft & Drones)
Introducing Cyber- Risk Assessment Within SMS
Aviation stakeholders should consider the value of implementing a cyber-risk management system as part of their safety management system.
EASA continues to engage with Cyber Security with the objective of international collaboration, rulemaking as well as supporting the sharing of information amongst aviation stakeholders.
Basic Regulation References concerning Cyber Security
I (Legislative acts)
(12) The measures are taken in accordance with this Regulation to regulate civil aviation in the Union, and the delegated and implementing acts adopted on the basis thereof, should correspond and be proportionate to nature and risks associated with the different types of aircraft, operations and activities they address. Such measures should also, in as far as possible, be formulated in a manner which focuses on objectives to be achieved, while allowing different means of achieving those objectives, and should also foster a systemic approach to civil aviation, taking into account interdependencies between safety and other technical domains of aviation regulation, including cyber security.
This should contribute to a more cost-efficient achievement of required safety levels and to the stimulation of technical and operational innovation.
Use should be made of recognised industry standards and practices, where it has been found that they ensure compliance with the essential requirements set out in this Regulation.
(59) Having regard to the existing interdependencies between safety and security in civil aviation, the Agency should take part in the cooperation concerning the area of aviation security, including cyber-security. It should contribute its expertise to the implementation, by the Commission and by the Member States, of Union rules in that area.
Article 4 Principles for measures under this Regulation
(d) take into account interdependencies between the different domains of aviation safety, and between aviation safety, cyber security and other technical domains of aviation regulation;
Article 88 Interdependencies between civil aviation safety and security
1.The Commission, the Agency and the Member States shall cooperate on security matters related to civil aviation, including cyber security, where interdependencies between civil aviation safety and security exist.
Sofema Aviation Services (www.sassofia.com) and Sofema Online (www.sofemaonline.com) are pleased to offer EASA Compliant Regulatory & Vocational Classroom & Online Training. For details please see the websites or emailoffice@sassofia.com or online@sassofia.com