Generating PDF

Creating a cybersecurity culture in aviation: Why the aviation ecosystem is on the right track

By  Brussels,

The tenth edition of the European Cybersecurity Month Cybersecurity (ECSM) is coming to a close. The focus on this year’s edition is on ransomware and phishing, two major threats in today’s cyber landscape.

And while the first thoughts of many when they hear cybersecurity is of passwords and PINs, aviation is increasingly developing a culture around cybersecurity, further enhancing the strong focus on safety that exists throughout the entire aviation sector. A4E is a strong proponent of boosting cyber-security in aviation.

So what do we mean when we talk about creating a cybersecurity culture in aviation? As a starting point it is about ensuring that individual aircraft are protected from cyberattacks. Aircraft are increasingly plugged into the digital world whether they are in-flight or on the ground. Beyond this, more and more players are ever more interconnected; from air traffic controllers and service providers, to manufacturers and their supply chains, plus passengers themselves.

Humans are central to the vast majority of cyberattacks and airspace users remain the main target of fraudulent activities. Training and awareness are therefore key aspects of defending against cyberattacks. Indeed, sharing knowledge at technical, organizational and societal levels greatly helps in the prevention of future attacks and the development of cyber resilience against future threats.

This year has seen important milestones in the path towards cyber resilience: from the agreement on measures for a high common level of cybersecurity across the EU (NIS 2 Directive) to the proposal for a cyber resilience act (CRA) establishing horizontal cybersecurity requirements for products with digital elements and remote data processing solutions.

For its part, A4E welcomed the recent adoption of the Regulation establishing new requirements for the management of information security risks with a potential impact on aviation safety (Commission Delegated Regulation (EU) 2022/1645) and participates in the work of the European Strategic Coordination Platform (ESCP) on the alternative means of compliance and guidance materials (AMC and GM to Part-IS).

A4E recognises the importance of ensuring regulatory consistency across legislative initiatives in order to avoid additional and unnecessary administrative burdens. This also reduces the risk of inconsistencies between different pieces of legislation.

As the EU plots a path towards cybersecurity being central to Europe’s digital economy, A4E will continue to collaborate and work towards robust cyber-resilience in Europe’s aviation sector.

@CyberSecMonth #CyberSecMonth #ThinkB4UClick