News

Building cyber-resilience: three major events in one week

This covers
Cybersecurity frameworks, mappings and metrics event banner

With aviation increasingly driven by big data, making all operating systems as cyber-secure as possible is increasingly vital. To this end, EUROCONTROL is very busy working with aviation stakeholders as well as other sectors to raise awareness about cyber risks and build a cyber-resilient community in the aviation sector and beyond. Last week saw three big meetings organised at EUROCONTROL HQ to look at cybersecurity frameworks, mappings and metrics; to address the issue of trust via Public Key Infrastructure (PKI); and to share best practices in managing cyber threats specifically in aviation.

The first event on 21 January asked “How can we build a common trust framework in the digital environment?”, looking specifically at how public key infrastructure (PKI) can connect entities efficiently and flexibly, and improve the security of information exchange by enabling identification and authentication on both sides when connecting systems, servers, applications and services together. It can also be used to encrypt information exchange.

There is considerable interest in PKI in European aviation and beyond, with 36 diverse organisations (air navigation service providers (ANSPs), airport operators, military bodies, MET institutes and aircraft operators, ATM and aircraft manufacturers among others) joining to discuss the technical aspects of PKI and the use of digital certificates.

SWIM common PKI and policies and procedures for establishing a Trust Framework

The workshop was also an opportunity to share views and collect input from stakeholders, which will allow the Agency to support the provision of a solution which ensures the interoperability of digital certificates within Europe and with other regions, and is adapted and suitable to evolving operational needs.

The second workshop was held on 22 January and focused on “Operators sharing best practices”.

This was a very hands-on event specifically aimed at the aviation community, enabling participants from 40 organisations to share with EUROCONTROL's  European Air Traffic Management Computer Emergency Response Team (EATM-CERT) best practices, experience, lessons learned, and findings related to practical aspects of managing cyber/information security in aviation – such as penetration tests on aviation systems, cyber threat intelligence, training, exercises (table-top and technical), innovative cyber-security services, and many more. Such exchanges are vital for our work, giving our teams a clear direction on the way to adapt and develop new services for the benefit of the European aviation community.

Finally, 23 January saw a third event on “Frameworks, mappings and metrics in cybersecurity: what works well in practice?” brought together cyber experts from over 100 organisations working in very different fields, from aviation to finance, telecoms, energy and other transport sectors, to exchange practical experience and best practice on how these can be used to manage enterprise strategies, deliver C-Suite reporting, and demonstrate compliance with regulatory requirements.

Bringing diverse experts together – from CISOs to chief risk officers to CIOs, regulatory decision-makers and national CERT managers – to share views and working methods is extremely productive and led to a joint brainstorming session to identify cross-sector solutions for implementing information security management system. Such cross-sector collaboration is essential in building cyber-resilience in our industry and beyond, enabling cyber specialists to protect their business from growing cyber risks in the most efficient manner possible.

Cybersecurity frameworks, mappings and metrics event banner

Frameworks, mappings and metrics in cybersecurity

About our cybersecurity activities