Cyber threats continue to grow exponentially around the globe. By 2022, Cisco estimates that 1 trillion networked sensors will be embedded in devices globally, and that number is expected to swell to 45 trillion within 20 years. It is no wonder that there is a grave concern as these threats are no longer limited to targeting computers, corporate networks, or smartphones.
As technology has evolved, cybercriminals have set their sights on anything and everything with a heartbeat or electronic pulse, including air transportation, railways, automobiles, power grids, with little regard for human consequences.
In response to the possibilities of incalculable malice, the International Civil Aviation Organization (ICAO) introduced its Aviation Cybersecurity Strategy in October 2019.
The civil aviation sector relies on information and communications systems and the integrity and confidentiality of data. Cyber threats continue to evolve, focusing on disrupting operations, malicious intents, and stealing information for political or financial gains. Based on the nature of cybersecurity and the scope that cyber-attacks can affect, it is crucial for ICAO and its members to create a common vision and define a global strategy for aviation cybersecurity.
This can be accomplished by:
ICAO's Aviation Cybersecurity Strategy’s goals will be achieved in accordance with a framework built on seven pillars.
Cooperation is needed at both the national and international levels to develop, maintain, and improve cybersecurity to protect the civil aviation sector from all cyber threats. Therefore, aviation cybersecurity must be harmonized at global, regional, and national levels to promote global coherence. ICAO is the correct global forum to engage States in addressing cybersecurity.
ICAO Member States are encouraged to support the ICAO Aviation Cybersecurity Strategy and develop clear governance and accountability for their cybersecurity. Each is encouraged to integrate cybersecurity into their national security and safety programs. In turn, ICAO should work toward a common baseline for cybersecurity Standards and Recommended Practices (SARPs).
The principal goal of legislation and regulation on cybersecurity for civil aviation is to protect civil aviation and travelers from harm due to cyberattacks. Member States are responsible for formulating applying appropriate legislations and regulations according to ICAO provisions before implementing their national cybersecurity policies for civil aviation.
The Member States must include cybersecurity in their aviation security and safety oversight systems as a part of their framework for comprehensive risk management. As well as incorporating systems and processes for monitoring relevant cybersecurity data, cybersecurity policies may include such elements as:
Because the civil aviation sector is a globally interdependent system using many common systems, a cyberattack can quickly spread and have a global impact. Information sharing allows for the prevention, early detection, and mitigation of cybersecurity events before they spread and threaten aviation safety or security. Having a culture of information sharing works to significantly reduce systemic cyber risk across the entire aviation sector to improve safety and security.
There is a need for appropriate and scalable plans to provide continuity of air transport during cyber incidents. The Aviation Cybersecurity Strategy recommends that the Member States and the aviation sector continue to use their existing contingency plans and amend them to include provisions for cybersecurity. It is highly encouraged that cybersecurity exercises are conducted to stress test current cyber resilience to identify areas where improvements are needed.
The core of cybersecurity is the human element. The civil aviation sector must take tangible steps to increase the number of personnel that are both qualified and knowledgeable in cybersecurity and aviation. This can be accomplished by increasing the need for cybersecurity as well as education, recruitment, and training. Innovative ways to merge and crosslink information technology and cyber career paths with aviation careers are critical to developing the skills needed for cybersecurity in the civil aviation sector.
Since 2018, SkyRadar has been providing cyber-security training infrastructures in the fields of aviation security and ATSEP.
The ATSEP training infrastructure is built around a typical modern ATM setting, including:
The solution is modular and can vary between a small set-up and a complete operational ATM system with consoles, voice communication system and simulated inputs.
The security features include
The ATSEP will learn to
Talk to us for more information.