June 29, 2017 - With the International Civil Aviation Organisation (ICAO – a United Nations specialised agency) announcing the roll-out of a precise roadmap to fight cyber threats this year, and the European Aviation Safety Agency (EASA) due to release the first draft of a single, horizontal rule on civil aviation cybersecurity, 2017 is a busy and interesting year for civil aviation cybersecurity – and 2018 is likely to be so too.
Experts from European manufacturers joined forces last year as part of the ASD Civil Aviation Cybersecurity Task Force, chaired by Thomas Hutin from Thales, and contributed to high-level political actions to set the scene – for example by co-drafting the ICAO Cybersecurity Resolution passed at the 39th ICAO Assembly in September 2016, and by intervening at the High Level Cybersecurity Conference organised in November 2016 by EASA (see the subsequent Bucharest Declaration).
On May 31, 2017, the ASD Civil Aviation Cybersecurity Task Force presented its priorities for rulemaking and standardisation at a joint EASA-EUROCAE workshop in Brussels. This came as a timely input since EASA will release a Notice of Proposed Amendment (NPA) for a single, horizontal rule by the end of 2017. This will be followed by an opinion sent to the European Commission by the end of 2018, and a rule in force by end of 2019. In addition to discussing the upcoming rule, ASD manufacturers exchange routinely with the agency and the European Commission concerning the establishment of the European Center for Cybersecurity in Aviation (ECCSA).
At the same time, pressed by a strong will from the industry and ASD in particular, ICAO announced the creation of an expert group on cybersecurity to steer the work of the agency. As a timely response to the industry’s needs, this will enable manufacturers to better orientate developments, issue guidance and recommended practises to states, and avoid uncoordinated developments and diverging requirements that would put an increased burden on European manufacturers.
In order to influence the ICAO work, ASD led the restructuring of the Security Committee of the International Coordinating Council or Aerospace Industries Association (ICCAIA). This committee, chaired by Xavier Depin from Airbus, now includes members from the USA, Russia, Canada, Brazil, Japan, and Europe through the ASD Civil Aviation Cybersecurity Task Force. It will feed the work of the ICAO expert group that is aiming to deliver a cyber safety strategy to the Global Air Navigation Industry Symposium in December 2017. ICAO will also organise the ICAO Global Aviation Security Symposium (AVSEC2017) in Montreal from 12 to 14 September 2017.
As technologies and threats evolve quickly, the ASD taskforce insists that manufacturers should demonstrate compliance with appropriate security objectives rather than being prescribed technical solutions. These risk and performance-based regulations should benefit from industry standards as much as possible: ASD has a key role to play in structuring and coordinating the work ahead, which will also need to encompass new entrants such as drones and the related Unmanned Traffic Management (UTM).