Sofema Online (SOL) www.sofemaonline.com takes a look at the potential level of exposure across the Aviation Ecosphere.

Introduction

Cybersecurity risks in the aviation industry are a growing concern, especially as we move forward from 2024 to 2030. These risks encompass various domains within the industry, including air traffic control systems, aircraft avionics, airport operations, and passenger data systems.

Sofema Online (SOL) www.sofemaonline.com looks at the role of EASA Commission Delegated Regulation (EU) 2022/1645. Issues with Managing Cybersecurity in Aviation and Best Practices for Cybersecurity Management.

Introduction

The Commission Delegated Regulation (EU) 2022/1645, adopted on July 14, 2022, provides specific rules for managing information security risks in the aviation sector. This regulation is a supplement to the broader Regulation (EU) 2018/1139, which sets out common rules in civil aviation and establishes the European Union Aviation Safety Agency.

Sofema Online (SOL) www.sofemaonline.com considers core terms and definitions familiar within EASA European Aviation Domains.

Aviation Cybersecurity: The protection of aviation systems, networks, and data from unauthorized access, disruption, or modification.

Cybersecurity Incident: Any unauthorized or malicious activity that poses a threat to the confidentiality, integrity, or availability of aviation systems and data.

Cyber Threat Intelligence (CTI): Information about potential or current attacks that threaten an organization. CTI in the aviation industry often includes threats to aviation security systems and infrastructure.

Sofema Online (SOL) www.sofemaonline.com considers the major challenges related to the need to address Cyber Security.

Aviation Cyber Security Strategy Introduction

The civil aviation sector is increasingly reliant on the availability of information and communications technology systems, as well as on the integrity and confidentiality of data.

The threat posed by possible cyber incidents to civil aviation is continuously evolving, with threat actors focusing on malicious intents, disruptions of business continuity and the theft of information for political, financial or other motivations.

Sofema Online (SOL) www.sofemaonline.com considers the key elements to be included in a Cyber Security Audit Checklist.

Introduction

This checklist provides a starting point to evaluate the cybersecurity management and emergency response system of an airline. It should be tailored to the specific requirements and risks faced by the airline and can be expanded or modified as needed.

The following elements should be considered when you are constructing your organisational-specific EASA Compliant Cyber Security Audit Checklist.

Considerations by Sofema Online (SOL) www.sofemaonline.com looking at best practices to implement a Cyber Risk Mitigation Process within your organisation.

Introduction

Cyber security is not just about external protection of your data and information from external threats, we also have to consider any internal exposure as well.

To cover all potential eventualities, we need to develop an organisation risk mitigation strategy for managing cyber risks.

Sofema Online (SOL) www.sofemaonline.com considers the essential elements to be found in a Cyber Security Management System

Introduction

The potential for Cyber-attacks now appears almost inevitable and as a result, there is a need to address which requires investment in Cyber-Security

Consider foremost that Cyber Security Measures should be taken in respect of both the company and its supply chain including partners as well as outsourced service providers.

Each organization has an obligation to recognize that we face cybersecurity risks as well as a need to develop a company-wide policy to address these risks.

Sofema Aviation Services (SAS) www.sassofia.com looks at the current cyber climate and considers the challenges which the industry faces.

Aviation cyber security may be considered as the application of technologies, processes and controls to protect systems, networks, programs, devices and data from cyber-attacks. It aims to reduce the risk of cyber-attacks and protect against the unauthorised exploitation of systems, networks and technologies.

The possibility for malicious aviation cyber acts continue to threaten the integrity of the aviation system and the potential grows almost daily. A continuing challenge is a task of identifying potential cyber vulnerabilities across many different and often complex aviation systems, some integrated and some disparate.