In 2021 the EASA has published an Opinion on Management of Information Security Risks, aimed at safeguarding the entire civil aviation system against potential safety effects caused by cyberattacks.
As information systems become more and more interconnected and are increasingly the target of malicious acts, the risks of such attacks, events and incidents in civil aviation are constantly increasing. The planned new regulations will make the aviation industry more resilient to these information security events.
EASA and the major industry associations defines ways to identify and manage information security risks which could assault technology systems and data used for civil aviation purposes. In particular, it proposes the introduction of an information security management system (ISMS) for organisations in all areas of aviation. It requires them to report incidents and vulnerabilities related to information security.
This ISMS will complement the existing management systems which these organisations and authorities already have in place.
In an indication of its breadth, the scope of organisations covered by the Opinion is listed out as follows: production and design organisations, air operators, maintenance organisations, continuing airworthiness management organisations (CAMOs), training organisations, aero-medical centres, operators of flight simulation training devices (FSTDs), air traffic management/air navigation services (ATM/ANS) providers, U-space service providers and single common information service providers, aerodrome operators and apron management service providers.
At AIRconomics, we want to keep you up to date with all the expected new directives and laws and support you in implementing an ISMS with our experience.
If you have any questions about cybersecurity, please get in touch. We look forward to an exciting exchange.