ICAO summit prescribes cyber security approach

Every nation should assess the risk that cyber terrorism poses to its civil aviation industry, build its own capability to address such threats and ensure that the laws that govern such crimes are fit for purpose, according to the global aviation industry leadership.

The call was made at the inaugural Cyber Summit convened by the International Civil Aviation Organization (ICAO) in Dubai which concluded by issuing an industry declaration on cyber security. The forum discussed emerging cyber risks to the industry that were the subject of a resolution at the 39th ICAO Assembly. This similarly sought ways to mount a strong industry response to the proliferation of cyber attacks.

“Collaboration and exchange between states and other stakeholders is the sine qua non for the development of an effective and coordinated global framework to address the challenges of cyber security in civil aviation,” the declaration stated, adding. “Cyber security matters must be fully considered and coordinated across all relevant disciplines within state aviation authorities.”

It said the ratification and entry into force of the Beijing Instruments – in part prompted by the September 11 attacks – would ensure that a cyber attack on international civil aviation is considered an offence and would serve as an important deterrent against compromising safety through exploiting cyber vulnerabilities.

Although signed by 32 states and ratified or acceded to by 16 states by the end of 2016, the Convention will not enter into force until it has been ratified or acceded to by 22 of ICAO’s 193 states.

“Therefore it is imperative that all states and ICAO work to ensure the early entry into force and universal adoption of the Beijing Instruments, as called for in the Beijing Convention and Beijing Protocol of 2010,” the declaration added.

Dr Olumuyiwa Benard Aliu, president of the ICAO Council, said: “Almost daily, new and more sophisticated digital technologies and processes are coming online, and impacting as they do the function of our network, its relationships with customers and stakeholders, and even the way that air transport professionals connect and cooperate with one another. Our traditional first responders in aviation, pilots and air traffic controllers, must have the training and capabilities they need to recognise and respond to cyber-attacks and effectively intervene in case of system failures.”

The European Aviation Safety Agency (EASA) has recently announced a plan for a Europe-wide initiative for the whole aviation chain from air traffic management systems to maintenance organisations and airports.

Luc Tytgat, EASA strategy and safety management director, attended the Dubai event. Writing in EASA journal On Air he said:”We need to be prepared for the threat of cyber attacks in aviation; it is not a matter of if it will happen but when it will happen. The growing risks come from the use of new technologies and new devices: for example pilots are increasingly using devices connected to the cockpit, such as flight maps, and we have no way to guarantee these cannot be hacked. And new technologies will only develop. As part of our plan, we believe that the different aviation stakeholders should implement a cyber-risk management system as part of their safety management system.”

This EASA plan includes the set-up of the European Centre for cyber security in aviation (ECCSA) which will rely on the IT capabilities of the Computer Emergency Response Team of the EU Institutions (CERT-EU) to promote and activate the circulation of information amongst relevant aviation stakeholders.

“We have this culture of sharing information in the aviation safety domain. On security matters, it is more difficult,” said Tytgat. “We are discussing with associations in the aviation sector for them to communicate with their members and to implement the sharing of information to make sure that other partners will not be faced with similar attacks.”

Saif Al Suwaidi, director general of the UAE GCAA, said: “Sharing knowledge and gaining full understanding of potential risks in order to close vulnerable gaps is of utmost importance. Maintaining the safety and security of the aviation industry is critical to allow growth and development of the industry. Any breach in the cyber management system puts the entire industry at risk.”

The declaration also urged that any cyber capabilities applied to aviation should be used exclusively for peaceful purposes and only for the benefit of improving safety, efficiency and security.

Read

  • Cyber Wars When the check-in services failed shortly after a high profile opening of a new airport terminal in June last year, the incident could easily been written off by those inconvenienced as teething problems. But the industry knew better. It was in fact a malicious attack.
  • Moving Targets James Careless assesses the huge challenge of developing a cyber security strategy for European air traffic management
  • Aircraft are highly vulnerable to cyber attack: Ky

Posted in News, Security Tagged with:

Comments are closed.