Cyber Risk in Aeronautic and Naval sectors, comparison with Industrial Cybersecurity

Dear Giustino, yours is a simple question that may trigger a long reply. However, going straight to the point, in my opinion "ensure" compliance no, "support" it yes.

ED-200 series of standards have been developed (and production is still alive) in order to introduce information security in the existing aviation process and "modus operandi".

One example over all, since 1 of January 2021 in EU, for aviation products certification the applicant shall demonstrate that information security risks have been properly managed (more details here: https://www.easa.europa.eu/community/content/regulations-standards) .

There are plenty of standards on "information security risk management", all valid material, however ED-202 and ED-203 include seamlessly at least three elements that are key for the aviation community: the impact/consequence on safety, the acceptance criteria of the residual risk(s) and the demonstration of effectiveness and assurance (where the demonstration effort is proportionate to the impact on safety).