Becoming cyber-resilient can be done through solid information security management systems and an appropriate approach to cybersecurity. Considering our industry provides a service with safety of life risks, cyber-resilience is a critical first concern for facilitating business continuity, as well as upholding the highest level of safety.

Aviation is a system of systems. It relies on globally interdependent, and interconnected processes, which can lead to potential cyberattacks on various actors at national, regional and international level, and so, a consecutive increasing number of security vulnerabilities to detect, test and tackle.  Information sharing, clear global vision and international cooperation are key tools to enable the necessary resilience to cyberattacks and cyberthreats.

Aviation decision-makers at global level as well as national level are taking steps to deal with the need to protect aviation’s critical infrastructure, information and communication technology systems and data against cyber threats. The EU already set up horizontal legislation addressing cybersecurity challenges, covering critical infrastructure sectors, including large aviation stakeholders.

On top of this, the Aviation Security regulatory framework was also reviewed to transpose ICAO’s requirements for cybersecurity. EASA is also preparing rules to tackle the safety aspects of information security risks. And so, even though European cybersecurity legislation has been in place for some time, (some) aviation stakeholders are not fully familiar with it.

EBAA has developed this information paper to raise awareness and summarise the current and future European cybersecurity policy landscape for Business aviation.