Cyber Security Terms and Definitions Related to a European Aviation Context

Posted by on in Regulatory
  • Font size: Larger Smaller
  • Hits: 216

Sofema Online (SOL) considers core terms and definitions familiar within EASA European Aviation Domains.

Aviation Cybersecurity: The protection of aviation systems, networks, and data from unauthorized access, disruption, or modification.

Cybersecurity Incident: Any unauthorized or malicious activity that poses a threat to the confidentiality, integrity, or availability of aviation systems and data.

Cyber Threat Intelligence (CTI): Information about potential or current attacks that threaten an organization. CTI in the aviation industry often includes threats to aviation security systems and infrastructure.

Critical Infrastructure: Systems and assets, both physical and virtual, that are essential to the operation of a country or organization, including airports, air traffic control, and communication networks.

Data Privacy: Protecting the personal and sensitive information of individuals in compliance with applicable data protection laws, such as the General Data Protection Regulation (GDPR) in the European Union.

European Centre for Cybersecurity in Aviation (ECCSA): An EASA centre that manages European cybersecurity threats and provides expertise and support to the European aviation industry.

Encryption: The process of encoding information in such a way that it can only be accessed or understood by authorized parties, typically through the use of cryptographic algorithms.

General Data Protection Regulation (GDPR): The regulatory framework for the protection of individuals with regard to the processing of personal data and the free movement of such data.

Information Security means the preservation of confidentiality, integrity, authenticity and availability of network and information systems;

Information Security Event means an identified occurrence of a system, service or network state indicating a possible breach of the information security policy or failure of information security controls, or a previously unknown situation that can be relevant for information security;

Incident means any event having an actual adverse effect on the security of network and information systems as defined in Article 4(7) of Directive (EU) 2016/1148;

Information Security Risk means the risk to organisational civil aviation operations, assets, individuals, and other organisations due to the potential of an information security event. Information security risks are associated with the potential that threats will exploit vulnerabilities of an information asset or group of information assets

Incident Response: The coordinated actions taken to detect, analyze, contain, and recover from a cybersecurity incident in order to minimize damage and restore normal operations.

Intrusion Detection System (IDS): A security tool or software that monitors network traffic and detects any unauthorized or malicious activity.

Network and Information Security (NIS) Directive: (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive)

Penetration Testing: Also known as ethical hacking, it involves assessing the security of aviation systems by simulating real-world cyberattacks to identify vulnerabilities.

Risk Assessment: The process of identifying, analyzing, and evaluating potential risks to determine the level of threat and likelihood of occurrence.

Threat: Any potential danger or harm to the aviation system, such as malicious actors, cyberattacks, or vulnerabilities.

Security Assessment: An evaluation of the security posture of aviation systems, including infrastructure, networks, and applications, to identify vulnerabilities and potential risks.

Secure Communication: Ensuring the confidentiality, integrity, and authenticity of communications between aviation systems, including secure protocols, encryption, and digital signatures.

Vulnerability: Weaknesses or flaws in systems, networks, or procedures that could be exploited by threat actors to compromise aviation security.

Next Steps

Sofema Aviation Services offers the following courses delivered as classroom or webinar: EASA Compliant Organizational Cyber Security Responsibilities – 1 Day

Please see or email

Last modified on