Cyber Risk in Aeronautic and Naval sectors, comparison with Industrial Cybersecurity

Giustino Fumagalli • 13 April 2022
in community Cybersecurity
1 comment

The year 2021 has seen new obligations concerning Cyber security in the Naval and Avionic sectors, but avionics and naval systems traditionally have not been affected by the Cyber threat pressure likewise to the industrial control systems (ICS e/o SCADA).

In spite of the peculiarity of each sector, we can nevertheless see that the approach of the risk management is the same, since the industrial, aeronautic and naval worlds have in common similar architectures and criticalities in terms of operational response.

Can compliance with ED-202A and ED-203A be ensured by following existing information security best practices in the IT and OT world (e.g. ISO27001, NIST-SP800-171, ISA62443)?


Comments (1)


Dear Giustino, yours is a simple question that may trigger a long reply. However, going straight to the point, in my opinion "ensure" compliance no, "support" it yes.

ED-200 series of standards have been developed (and production is still alive) in order to introduce information security in the existing aviation process and "modus operandi".

One example over all, since 1 of January 2021 in EU, for aviation products certification the applicant shall demonstrate that information security risks have been properly managed (more details here: .

There are plenty of standards on "information security risk management", all valid material, however ED-202 and ED-203 include seamlessly at least three elements that are key for the aviation community: the impact/consequence on safety, the acceptance criteria of the residual risk(s) and the demonstration of effectiveness and assurance (where the demonstration effort is proportionate to the impact on safety).

You are not allowed to comment on content in a group you are not member of.

View group