EUROCAE ER-017 PDF

INTRODUCTION

Cyber security incidents are increasing in frequency, magnitude and complexity, and have no border. Civil aviation is an attractive target for cyber criminals while new technologies such as e-enabled aircraft, new generation CNS/ATM systems and drones are changing the risk landscape of the aviation system.

Furthermore, the rationalisation and concentration of the aviation IT infrastructure and the multiplication of network connexions will create new vulnerabilities.

There is a concern that the aviation system is insufficiently protected against cyber threats and that there is an urgent need to develop a holistic response.

The EASA High Level Meeting Cybersecurity in Civil Aviation, held in November 2016, concluded that to ensure both a level playing field and a balanced sharing of risk management, cybersecurity in aviation will require risk- and performance-based sectorial regulations that benefit from industry standards to the greatest extent possible (in so-called ‘Bucharest declaration’).

EASA and EUROCAE therefore jointly organised a workshop on 31 May 2017 to discuss current activities and future regulatory and standardisation needs with key stakeholders from industry, airspace users, Member States, European institutions and academia.

This document has been prepared by EUROCAE WG-72 following the workshop to list ongoing and planned standardisation, regulatory and other relevant activities.

The WG-72 leadership has consulted several other standard-developing organisations active in the field of cybersecurity to understand the ongoing and planned activities. The results are documented in the present report.

It does not assume to be exhaustive nor up-to-date over time, but lists those activities that have been notified until beginning of March 2018.

The originating organisations remain responsible for the planning and execution of their work programme and should be contacted directly for further information on any of the listed activities.