Here’s how the aviation sector is stopping cyberattacks from getting off the ground

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Rashad Karaky, Aviation Cybersecurity Officer, International Civil Aviation Organization (ICAO) & Saulo Da Silva, Chief Global Interoperable Systems Section, International Civil Aviation Organization (ICAO) & Sylvain Lefoyer, Deputy Director, Aviation Security and Facilitation, International Civil Aviation Organization (ICAO)


• With technological advancement in the aviation sector has come an increase in cyberthreats.

• International cooperation is essential to building cyber-resilience in aviation.

• The ICAO is working to build globally harmonized approach to counter cyberthreats.

The past years have witnessed a giant leap in terms of technological advancements and their application into businesses, including developments in machine-learning techniques, telecommunications (5G), the internet of things and more.

The aviation sector, as with all other industries, endeavoured to benefit from those advancements to support its development, including the integration of new airspace users, the development of advanced aircraft systems and applications, automation and integration in data applications and decision-making systems in airports and airlines, and the interconnection between previously isolated systems through data-sharing across the aviation value chain.

Those developments in the air transport sector enhanced efficiency and capacity, allowing the sector to sustain the fast growth rates it has witnessed over the past two decades. It also resulted in positive spillovers on safety, security and the environmental footprint of international civil aviation. However, the above developments brought with them cyberthreats. These threats have grown exponentially during the past decade as the cyber domain became an attractive field for malicious actors to make financial gains, cause harm, and/or instill chaos in the global economic system.

Accordingly, ensuring the cybersecurity and resilience of the civil aviation sector became a high priority, and indeed a prerequisite for the sustainability of this sector and its ability to grow in a safe and secure manner.

The International Civil Aviation Organization (ICAO) has been long aware of the cybersecurity challenges facing the international civil aviation sector, and has been, and still is, the natural forum for the global international air-transport community to discuss and address those threats in a consistent, harmonized and cross-cutting manner across the different air-transport domains. As international cooperation is key to address cybersecurity and resilience in civil aviation, ICAO engages with relevant international fora to support global discussion of the topic. The collaboration between ICAO and the World Economic Forum is one example of successful public-private collaboration among stakeholders to exchange views and share experience and best practices in support of a cyber-resilient international civil aviation system.

ICAO’s work on cybersecurity and resilience began with the publication of the Global ATM Operational Concept in 2005. As the civil aviation sector’s reliance on information and communication systems increased over time, ICAO initiatives and discussions over cybersecurity evolved to cover the whole air transport sector, such as addressing cyberthreats in ICAO Standards and Recommended Practices (SARPs), Procedures for Air Navigation Services (PANS), and guidance material.

Those discussions further led to the adoption of two ICAO assembly resolutions: Resolution A39-19 in 2016, superseded in 2019 by Resolution A40-10 – Addressing Cybersecurity in Civil Aviation, which urges states to adopt and implement the Beijing Convention and Protocol of 2010 as means for dealing with cyberattacks against civil aviation, and calls upon states and stakeholders to take actions to counter cyberthreats to civil aviation.

The 40th Assembly also adopted the Aviation Cybersecurity Strategy; a translation of ICAO’s cybersecurity vision for the global civil aviation sector to be resilient to cyberattacks, safe and trusted globally, while continuing to innovate and grow.

The strategy is a framework built on seven pillars, which include the following main principles:

International cooperation

  • Cybersecurity and aviation are both borderless in nature. Both require cooperation and harmonization at the national, regional and international level.

Governance

  • States are encouraged to develop clear national governance and accountability for civil aviation cybersecurity and to include cybersecurity in their national civil aviation safety and security programmes.

Effective legislation and regulations

  • States must ensure that appropriate legislation and regulations are formulated and applied prior to implementing a national cybersecurity policy for civil aviation.
  • States are encouraged to consider whether their national legislation requires an update or the adoption of new national legislation to allow for the prosecution of cyberattacks against civil aviation.
  • States are encouraged to set up appropriate mechanisms for cooperation with “good faith” security research.

Cybersecurity policy

  • Cybersecurity is to be included within a state’s aviation security and safety oversight systems as part of a comprehensive risk-management framework.

Information-sharing

  • A culture of information-sharing will significantly reduce systemic cyber-risk across the aviation sector, the value of which has already been proved across aviation safety and security.

Incident management and emergency planning

  • There is a need to have appropriate and scalable plans that provide for the continuity of air transport during cyber incidents.
  • States and stakeholders are encouraged to make use of existing contingency plans that are already developed and amend these to include provisions for cybersecurity.
  • Cybersecurity exercises are a useful tool to test existing cyber-resilience and identify improvements, and are therefore highly encouraged.

Capacity-building, training and cybersecurity culture

  • It is critically important that the civil aviation sector takes tangible steps to increase the number of personnel that are qualified and knowledgeable in both aviation and cybersecurity.
  • The civil aviation sector has established an enviable safety record that is founded upon a proactive safety culture seen as everybody’s responsibility. The principles of this safety culture are to be applied to develop and maintain a cybersecurity culture across the aviation sector.

The Cybersecurity Action Plan

The first edition of the Cybersecurity Action Plan was published in November 2020. It is a living document that aims at supporting states and stakeholders in implementing the Cybersecurity Strategy. The Action Plan identified 29 Priority Actions, which are further broken down into 54 time-bound Measures and Tasks, providing the foundation for ICAO, states and stakeholders to cooperate and work together to better address cybersecurity and resilience in civil aviation.

Cybersecurity Capacity Building

ICAO recognizes the importance of capacity-building and the top-down approach required to address cybersecurity and resilience in civil aviation. As such, a training portfolio is under development, starting with two courses that are currently being finalized: Foundations of Aviation Cybersecurity Leadership and Technical Management; and Managing Security in ATM.

The International Aviation Trust Framework

ICAO initiated in 2019 a project that aims at ensuring that the air navigation system is secure and resilient to cyberattacks, and that the storage, processing and exchange of data and information meets the requirements of confidentiality, integrity and availability. The ongoing work includes the development of a concept of operations and governance options for an International Aviation Trust Framework, the development of a certificate policy for digital identity management, and the development of guidance material, requirements and procedures for technical and organizational trust. On the network side, the work continues to define performance-based requirements for processing, exchange and storage of information in network applications, including the development of technical requirements needed to cover current and future aviation needs, as well as work on the necessary protocols to allow logical isolation of aviation communication data from the public internet.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority. World Economic Forum | Centre for Cybersecurity

Our community has three key priorities:

Strengthening Global Cooperation – to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience – to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

In conclusion, ICAO continues to address cybersecurity and resilience in civil aviation as a matter of high priority, and is committed to support the sector in developing the guidance and tools needed to manage these emerging threats in order to ensure its safe, secure and sustainable development.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

“No labels for entrepreneurs!”, a young business leader from Italy cries out

Three ways China can make the New Silk Road sustainable

State aid: Commission opens investigation into proposed public support for Peugeot plant in Spain

International data flows: Commission launches the adoption of its adequacy decision on Japan

Regulate social media platforms to defend democracy, MEPs say

Brexit: No deal without marginalizing the hard Tory Eurosceptic MPs

Euro celebrates its 20th birthday

UNICEF warns of ‘lost generation’ of Rohingya youth, one year after Myanmar exodus

De-escalation of fighting in Hodeida is key to ‘long-overdue’ restart of Yemen peace talks: UN envoy

WHO working to save lives following powerful earthquake in Albania

World Refugee Day, 20 June 2020: Joint Statement by the European Commission and the High Representative

Mountains matter, especially if you’re young, UN declares

5 reasons why CEOs must care about safeguarding nature

Difficulties of vaccination against COVID-19

5 charts that show renewable energy’s latest milestone

Understanding the gender gap in the Global South

These are the pitfalls of a cash-free society

Iraq: UN mission urges ‘maximum restraint’ following deadly attack on foreign troops

Data is the fuel of mobility. Don’t spill it for nothing

High-flyers: China is on top of the world for skyscraper construction

Humanitarian Aid: EU announces €18.5 million additional package for Latin America and the Caribbean

How to build a paradise for women. A lesson from Iceland

There is huge talent in the world’s refugee camps. We must realize this overlooked potential

State aid: Commission approves €2 billion Italian guarantee scheme to support trade credit insurance market in the context of the coronavirus outbreak

Amid ‘unprecedented combination’ of epidemics, UN and partners begin cholera vaccination campaign in DR Congo

New manufacturing jobs and automation aren’t mutually exclusive. Here’s why

Data and the future of financial services

EU4FairWork: Commission launches campaign to tackle undeclared work

The EU patent space and Unified Court are born

Keep Africa’s guns ‘from firing in the first place’, UN political chief urges

Protecting refugees in Europe: UNHCR calls for a ‘year of change’

Deal on digitalisation of access to justice will benefit citizens

UN chief hails Libyan leaders’ agreement to hold general election

5 things to know about how coronavirus has hit global energy

Governments should renew efforts to reform support to agriculture

Ukrainian civil war: Is this the beginning of the end or the end of the beginning?

Medical training without borders: what’s still missing?

Rohingya refugee shelters ‘washed away’ in Bangladesh monsoon rains: UN agency

Health: The neglected aspect of climate change

Why hourly workers should have the same benefits as salaried ones

Girls still being treated as aliens in medicine in the 21st century

Here’s what happened when a charity gave $1,000 each to poor households in Kenya

Why symbols of injustice matter and what to do with them

Everyone’s ‘buy-in’ needed to restore peace in Kosovo, UN envoy tells Security Council

‘Let the children live’: UN prepares to ramp up food aid to Yemen as famine risk grows

State aid: Commission approves over €1 billion support for high-efficient cogeneration of electricity and heat in Slovakia

This is why Dutch teenagers are among the happiest in the world

As the Universal Declaration of Human Rights turns 70 – is it time for a new approach?

The EU Parliament unanimously rejects Commission’s ideas about ‘seeds’

Hundreds of thousands of lives still lost each year to small arms, UN conference hears

European Union launches WTO trade dispute against Colombia’s unfair duties on frozen fries

President David Sassoli to visit Skopje: “Remain on the European track”

India m2m + iot Forum Hosts Successful 4th Editions of India Smart Cities Forum and India Smart Villages Forum

The European Parliament double-checks the EU 2014-2020 budget

Here’s what you need to know about Bangladesh’s rocketing economy

After swallowing effortlessly the right to be forgotten time for Google Ads now to behave

Mental health during COVID-19 outbreak: who takes care of health professionals?

10 months were not enough for the EU to save the environment but 2 days are

MEPs call for an EU-wide “right to disconnect”

Microsoft says the internet is getting a little nicer

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s