European Air Traffic Management Computer Emergency Response Team


Our European Air Traffic Management Computer Emergency Response Team (EATM-CERT) supports EUROCONTROL services and products, as well as ATM stakeholders, in protecting themselves against cyber threats that would impact the confidentiality, integrity and availability of their operational IT assets and data.


We provide the following services to stakeholders (air navigation service providers (ANSPs), airport operators and airspace users) in our Member States:

  • proactive cyber-security services, within EUROCONTROL, and, on a voluntary basis, progressively to EUROCONTROL stakeholders;
  • collection, generation and distribution of ATM-relevant cyber intelligence within EUROCONTROL and, on a voluntary basis, to EUROCONTROL stakeholders;
  • coordination of pan-European ATM response to ATM relevant cyber-security alerts and incidents, on a voluntary basis (including support to EACCC);
  • procurement of cyber services of common interest for the aviation community;
  • support to national CERTs in fulfilling their role as per NIS Directive for ATM-related Operators of Essential Services (OES).

For more details, please refer to our rfc2350 document available for download below.

To provide these services, we collaborate with national and international ATM stakeholders, ATM manufacturers, sectorial and national CERTs and CSIRTs, the European Aviation Safety Agency (EASA), the European Centre for Cyber Security in Aviation (ECCSA), Information Sharing and Analysis Centres (ISACs), Europol and others.

For a complete and detailed overview of the services which we provide, please refer to our catalogue available for download below.

Contact us for any cyber security related notifications targeting or involving our users (08:30 – 18:30 CET).

PGP fingerprint and public key: 1AEC 6983 1356 472E 422A 2BC2 B4BA B640 ADCE 88E4

You can use this PGP key to encrypt the email that you want to send EATM-CERT for secure communication. Our functional email box address and the PGP key to encrypt the email available for download below.


Reporting Cyber Risk to Boards

Board Edition

This paper presents an overview of the recommended approach for Boards when dealing with cyber risk, and of good starting points for Board cyber metrics. It is a complementary paper to one addressed to Chief Information Security Officers (CISOs) on how to best control, measure, and report cyber risks to their Boards and should be read in conjunction with that paper.

CISO Edition

This paper presents orientations for CISOs to report cyber risk and its context to their senior stakeholders, such as their Board. It describes methods that help CISOs engage in cyber risk management, communicate this effectively, and facilitate proper oversight. While not a focus of this paper, the content of this document also helps with reporting cyber risk to other stakeholders, like regulators, insurers, and clients.