Civil aviation is the safest transport mode in the world, and it is probably also the most interconnected system of information and communication technology. Cyberattacks are increasing in quantity and in sophistication, with points of attack spanning the entire industry chain: new technologies, extension of connectivity, use of Commercial Off The Shelf (COTS) solutions and their ever-quicker integration in the aviation industry (e.g. in the field of Air Traffic Management) increase the risk and impact of threats to these critical assets, whilst attackers become more numerous, adaptive and far-reaching.
Maintaining the high levels of security in civil aviation therefore urgently requires the development of an effective comprehensive framework addressing all aspects of the aviation system. Regulators, operators and manufacturers have to work together based on a collaborative, risk-based model through a strong framework to address direct threats and at the same time increase the system’s resilience against future attacks.
ASD’s Civil Aviation task force has identified the following needs and priorities to mitigate the civil aviation cybersecurity threat:
- An end-to-end holistic vision that describes and monitors roles and responsibilities of all stakeholders is the only way to create a seamless cybersecurity risk response plan and to avoid gaps, overlaps, duplication of qualification/certification efforts or interoperability issues;
- States around the world should develop guidelines to manage current and future cyber threats and vulnerabilities, and continuously update those through a comprehensive Air Transport Cybersecurity Management System;
- The European Aviation Safety Agency (EASA) should soon establish the European Centre for Cyber Security in Aviation (ECCSA) to ramp-up its capability to manage a major pan-European cyber crisis in Aviation;
- The need for international alignment makes it necessary that civil aviation cybersecurity is positioned as a high priority on the EU diplomatic agenda: unbalanced regulatory developments from different regions of the world must clearly be avoided.