EASA has developed a Cybersecurity Roadmap which was endorsed by the Management Board in November 2015. Since then, EASA is working on its implementation and a number of initiatives has been launched to better address cybersecurity risks in aviation improving resilience and fostering built-in security.
Beside its institutional rulemaking activity, EASA is working at improving the international collaboration on the subject as well as at promoting the sharing of information amongst aviation stakeholders.
Our Top Priorities
The achievement of a cyber resilient aviation system and the incorporation of cybersecurity into the current safety notion require a coordinated effort of the aviation system stakeholders.
To this extent EASA has been tasked to facilitate a Strategic European Coordination Platform including representatives of key industry stakeholders, Member States and EU Institutions. The collaboration shall contribute at harmonising aviation stakeholder’s medium and long term objectives and defining an agreed roadmap, thus preventing duplication of efforts or gaps.
To promote voluntary information sharing and expert collaboration, EASA is supporting the creation of a European Centre for Cybersecurity in Aviation (ECCSA) and providing the initial operational capabilities in collaboration with CERT-EU.
Cyber-attacks are relatively low cost and low risk for the perpetrator, but can be a very high cost for the targeted organisation and society. This workshop brought together a range of experts from industry and regulation to consider both existing and potential future cyber risks and identify a top 10 list of both urgent and mid-term research that is required to maintain a safe and secure air transport system, today and in the future.
Tuesday 8th of November: High level meeting
Wednesday 9th of November: Technical workshop
Cyber-threats to the civil aviation system are considered a major concern. Cyber-attacks against civil aviation operations could potentially be catastrophic with significant casualties, disruption to civil aviation services, and/or damage to critical infrastructure. Equally endangered are airlines, airports and air traffic management. The conference will bring together States, industry, partners and other key players to raise awareness of the threats as...Read more
EASA and EUROCAE jointly organised a workshop to discuss current activities and future regulatory and standardisation needs with key stakeholders from industry, airspace users, Member States, European Institutions, academia.
EASA signed a Memorandum of Cooperation with the Computer Emergency Response Team (CERT-EU) of the EU Institutions in order to support the implementation of a European Centre for Cybersecurity in Aviation (ECCSA).
Cybersecurity threats are of prime importance in the aviation context, given the increasing number of exploitable vulnerabilities and the improvement of attacker capabilities.
More in details, the impact of security threats on commercial transport aircraft (CAT) and air traffic management (ATM) procedures is lacking. This information is of upmost importance for practical applicability of security certification. The primary targets of the project are to identify and prioritise threats to critical aircraft systems as well as to build a comprehensive knowledge base of the safety...Read more
EASA is tasked to facilitate a Strategic European Coordination Platform including representatives of key industry stakeholders, Member States and EU Institutions.
On 13 and 14 July 2016, EASA organised a workshop with the industry on cybersecurity events management, coordination, and information exchange. Four cybersecurity crisis scenarios were played, based on real events, although not demonstrated as being cyber but easily transposable to cyber. The scenario were aiming at aircraft systems, ATM and airlines event response coordination.
The main purpose was to identify what would be the services and functions of a European Centre for Cybersecurity in Aviation (ECCSA) during the different events, its added value,...Read more
EASA presented some further details on the cybersecurity in aviation roadmap and emphasised the intention to create close collaborative relationships with Member States (Cybersecurity in Aviation Community).
EASA initiated a review of safety rules in order to develop a regulatory concept that will enable to identify cyber risks having an impact on safety. The main objective of this task is to mitigate the safety effects stemming from cybersecurity risks due to acts of unlawful interference with the aircraft on-board electronic networks and systems.
Because of the general trend in cybersecurity threat EASA organised a conference on aviation cybersecurity, which has included key EU policy makers and representatives from Member States and the industry. Due to the urgent need to identify the actions to be undertaken for the design of a secure aviation cyberspace EASA was tasked to develop a roadmap by the end of the 2015 in close cooperation with EU Member States and Industry, identifying appropriate protection measures and management strategies for the aviation system as a whole.
Any inquiries or questions regarding cybersecurity in aviation should be addressed by completing this form