At the 40th session of the International Civil Aviation Organisation (ICAO) Assembly in October, ICAO’s Member States adopted Resolution A40-10 ‘Addressing cybersecurity in civil aviation’ and, in doing so, endorsed the first cybersecurity strategy ever set up at global level. EUROCONTROL's cybersecurity expertise drove the conversation on the aspects related to air traffic management (ATM).
The ICAO Cybersecurity Strategy provides baseline requirements for cybersecurity and highlights the importance of recognising that cybersecurity is a cross-cutting topic that involves all domains of the aviation sector.
“Recognizing the multi-faceted and multi-disciplinary nature of cybersecurity, and noting that cyber-attacks can simultaneously affect a wide range of areas and spread rapidly, it is imperative to develop a common vision.ICAO’s vision for global cybersecurity is that the civil aviation sector is resilient to cyber-attacks and remains safe and trusted globally, whilst continuing to innovate and grow.”
It also gives ICAO and Member States a high-level direction based on seven pillars:
Effective legislation and regulation
Incident management and emergency planning
Capacity building, training and cybersecurity culture
This strategy was developed by the Secretariat Study Group on Cybersecurity (SSGC), a consultative and coordination body which was established (ICAO Res. A39-19) in 2016.
seeks to attain a comprehensive cybersecurity work plan and governance structure with all relevant stakeholders;
identifies issues related to cybersecurity;
makes recommendations on how to address these issues;
favours the setting-up of mechanisms for sharing relevant cybersecurity information.
It comprises four technical working groups focusing on cyber issues related to air navigation systems, airworthiness (including remotely piloted aircraft systems (RPAS)), aerodromes and legal aspects. Patrick Mana, EATM-CERT Manager at EUROCONTROL,is the SSGC rapporteur for topics related to air navigation services.
The SSGC liaises with these working groups so that cyber-related provisions are developed in a harmonised and coordinated manner, and that global interoperability is ensured while maintaining the required levels of safety and security. Furthermore, the SSGC collaborates with the relevant stakeholders to ensure the harmonisation and integration of existing cyber frameworks and initiatives.
The SSGC has also initiated the development of a plan to implement the ICAO Cybersecurity Strategy through concrete actions aiming to manage cyber risks and threats to civil aviation in a more efficient and speedy manner.
A new governing body to address cyber resilience, safety and security
To this end, during its 218th session in November, the ICAO Council decided to conduct a gap analysis of the current working arrangements with a focus on, among other aspects, transparency across all aviation domains, and with a view to involving industry stakeholders.
EUROCONTROL, as a contributor to the SSGC, strongly supports its recommendation to set up a new ICAO governing body that would:
ensure an appropriate level of transparency;
promote balanced participation from States, organisations and industry;
favour a holistic approach to cybersecurity and resilience from both safety and security perspectives.
More to come in the next months. Follow us on this website and on EUROCONTROL’s digital platforms.
Making aviation more resilient
Cyber attacks pose a serious risk to the aviation sector, but we all know that no business will ever be 'cyber-proof'. So what can we do about it?
At EUROCONTROL, we work closely with our partners to build on existing initiatives to create a cyber resilience framework and make it available to all stakeholders across Europe.
Subscribe to our channels
Follow us to get the latest developments from EUROCONTROL and the aviation sector.