In recent years the aviation community recognized more and more that the ever growing digitally networked aviation sector provides for unprecedented opportunities, but holds also a significant risk to civil aviation that may cause disruption, economic damage and even loss of lives.
In December 2014, as a response to the need to address cyber threats at the global level, ICAO partnered with the Airports Council International (ACI), the Civil Air Navigation Services Organization (CANSO), the International Air Transport Association (IATA), and the International Coordinating Council of Aerospace Industry Associations (ICCAIA) and developed and signed the “Industry High-level Group (IHLG) Civil Aviation Cybersecurity Action Plan”.
This Plan establishes clear timeframes for the achievements of several goals and targets aiming at facilitating the development of a common understanding of cyber threats and risks, and mechanisms needed to promptly share and communicate related information between government and industry stakeholders. The work of the IHLG was without a doubt instrumental to the adoption of the ICAO 39th Assembly Resolution on Addressing Cybersecurity in Civil Aviation (A39-19) calling States and Industry (safety and security entities) to work together towards mitigating the threat posed by cyber-attacks and incidents, and to share relevant threat information.
As a follow-up of the 39th Assembly, several new projects (e.g. the task force “INNOVA”) have been launched at the global level to explore the concept of secure information management exchange, with ICAO acting as a trust anchor.
The ICAO Cyber Summit and Exhibition – Making Sense of Cyber (4-6 April 2017, Dubai), a joint safety and security event, brought together States, industry, partners and other key players to address challenges to aviation resulting from cyber threats for the first time in a high-level strategic forum and discuss current and future cybersecurity issues.
It should be noted that an ICAO secure repository website (created in 2016) already consolidates all relevant publications on cybersecurity which are accessible for States and Stakeholders providing a good source of information.
The EUR/NAT Office contributes to the global ICAO efforts and plays an important role in liaising between ICAO Headquarters and all stakeholders in the Regions. The EUR/NAT Office is actively involved in the work of various regional groups and initiatives and offers, through the EUR/NAT AVSEC Group and the two PIRGs (EANPG and NAT SPG), platforms to address cybersecurity topics at the regional level. The European Air Navigation Planning Group (EANPG) developed a cybersecurity relevant document (the EUR Aeronautical Fixed Services Security Guidelines, EUR Doc 022).
This article was originally written for the ICAO EUR/NAT Office’s Newsletter (Issue 1) on May 2017. A full list of their newsletters can be found here.