The role of information sharing in a cyber-resilient environment

844

The European and North Atlantic office of ICAO (ICAO EUR/NAT) and the European Union Aviation Safety Agency (EASA) jointly organized a meeting of the Directors General of Civil Aviation of the region to prepare for the upcoming 41st ICAO General Assembly, to discuss the joint priorities of the States in the region, and provide the Directors General with a high-level briefing on cybersecurity. The meeting, chaired by the DG of Georgia, took place in Paris on May 10th and was opened by the Secretary-General of ICAO, and the newly appointed Director, Mr. Nicolas Rallo.

EASA was represented by Luc Tytgat, who provided opening and closing remarks, and by Gian Andrea Bandieri, who presented on the role of information sharing in creating a cyber resilient environment.

Resolution A40-10, among other actions, calls Members States and Industry to encourage government/industry coordination with regard to aviation cybersecurity strategies, policies, and plans, as well as sharing of information to help identify critical  and to develop and participate in government/industry partnerships and mechanisms for the systematic sharing of information on cyber threats, incidents, trends and mitigation efforts.

Moving from that and considering the importance of becoming aware of the unknown unknowns before someone else can maliciously exploit them, Information sharing helps potential targets of cyber attacks to be better aware of own vulnerabilities and thus be able to detect and respond to such attacks.

In aviation safety events and incidents are typically reported and analysed in order to identify patterns or precursors. Vulnerabilities relate to events that might happen and are closer to the voluntary reports. However in cybersecurity, the intentionality element, requires a greater attention to those kind of events.

The implementation of the Resolution A40-10 in Europe already happens at two levels:

 

  • ECCSA (European Center for Cybersecurity in Aviation) is a partnership between Authorities and Industry to share information in a secure and trusted environment
  • The Network of Cyber Analysts (NoCA) performs analyses of events using the approach of EU Regulation 376/2014 on Occurrence Reporting, expanding its methodology to Cybesecurity

In the near future, EASA will establish its Cyber Threats Intelligence (CTI) sharing platform to share in real time open-source information.


About the Author

Gian Andrea Bandieri is Section Manager of Cybersecurity in Aviation & Emerging Risks for the European Union Aviation Safety Agency. He started as an airworthiness inspector in the Italian CAA from 1992 to 2002. After 5 years in the industry, he joined EASA in 2007, dealing with Standardisation and Safety management. Since November 2001 he manages the EASA team dealing with Cybersecurity in aviation, Aviation Security and Conflict Zones.