Aviation Cyber Security—maintaining safe, secure, and resilient operations—is a top priority for aviation.
Technology and digitization bring many advantages to aviation, but at the same time, create challenges in managing cyber vulnerabilities in this complex environment. The airline industry is an attractive target for cyber threat actors with a multitude of motivations, ranging from stealing value in data or money to causing disruptions and harm.
Through leadership and acting now, IATA will positively shape the nature of how the industry responds to the cyber security challenge.
1st Release Available Now!
Aviation Cyber Security Guidance Material (February 2021)
This guidance, developed with our airline members details recommendations on adopting
a minimal cyber security posture. It will be continuously updated.
- Part 1: Organization Culture and Posture relates to the cyber security of the organization;
- Part 2: Aircraft relates to the cyber security of the aircraft and risk management.
Evolving an Industry Strategy
IATA is developing an industry-wide Aviation Cyber Security Strategy to support the industry in addressing this ever-evolving threat. As part of this process, IATA produced the Aviation Cyber Security position paper (pdf) that outlines the IATA's cyber security vision and mission as well as the next steps to be taken in addressing the aviation cyber security challenges.
This work is guided by the Security Advisory Council (SAC), which was established in June 2019. It advises IATA towards answering the cyber security challenges faced by IATA and the airline industry.
Collaborating with ICAO
IATA presented to the 40th ICAO Assembly the Information Paper A40-WP/395 (pdf) explaining the need for a coordinated and proactive progress on gaining visibility to and managing aviation cyber security risks. Through this paper, IATA also gave its support to the creation of the (pdf).
Earlier, IATA presented to the Second High-Level Conference on Aviation Security in 2018 the Working Paper HLCAS/2-WP/27 (pdf)
Aviation Cyber Security Roundtable (ACSR)
Another critical component of the cyber security strategy is the Aviation Cyber Security Roundtable. This annual event aims to better understand and manage cyber security risk by collaborating across disciplines and sharing experiences to develop tangible solutions to help the aviation industry deal with the threat. The ACSR gathers industry stakeholders to work towards a 2030 vision for a coordinated approach to aviation cyber security.
The work of the roundtable is focused on four elements:
- Cyber security culture: Promoting a positive cyber security culture and raising awareness across the industry.
- Transparency and trust: Establishing a global approach to cyber security with a similar mindset to that which has guided aviation on safety and general security issues.
- Communication and collaboration: Creating stronger relationships among players in the aviation industry and with external entities to improve the development of best practices and the management of potential vulnerabilities.
- Workforce: Ensuring that aviation personnel are trained to recognize and manage cyber security risks; and inspire the next generation leaders.
Compilation of Cyber Security Regulations, Standards & Guidance Applicable to Civil Aviation
This Compilation of Cyber Security Regulations, Standards, Guidance for Civil Aviation (pdf) provides an overview on regulations, standards, and guidance related to aviation cyber security. The current version (Dec 2021) will be continuously updated based on crucial developments.
IATA Aviation Cyber Security Training
IATA delivers 3 days classroom on the aviation cyber security, ensuring to build a strong aviation cyber security workforce and teach the current aviation personnel how to recognize and manage cyber risks for increased vigilance and resilience.
Find out more about the IATA Aviation Cyber Security Training and how to register for the next class.
For more information
Should you want to be involved or have any questions related to Aviation Cyber Security, please do not hesitate to contact us.