European Centre for Cybersecurity in Aviation (ECCSA)
ECCSA is a voluntary, cooperative partnership within the aviation community to better understand the emerging cybersecurity risks in aviation and to provide collective support in dealing with cybersecurity incidents, weaknesses and unauthorised interactions that could potentially affect the sector’s resiliency and safety.
Who are the ECCSA members?
The main difference with respect to this community, is that the members of ECCSA are organisations and authorities. Members are then represented by an appointed Management representative and one, or more Technical representative. These representatives are cybersecurity professionals who are part of the organisation’s staff and actively participate in the discussions and activities.
Who established ECCSA?
ECCSA was initiated in response to a call to action by the European Commission and aviation stakeholders. It has been established by EASA with further 12 founder members representing all aspects of the aviation industry in Europe: Airbus, Air France/KLM, Brussels Airport, the Civil Aviation Authority of the Republic of Poland, ENAV S.p.A., EUROCONTROL, Finnair, Frankfurt Airport, Leonardo S.p.A., Lufthansa Group, NAV Portugal and Thales Group.
When was ECCSA established?
ECCSA was established in 2017. In the first 24 months the founding members established governance and methodologies for the secure sharing of information on this sensitive topic, taking account of the different operating constraints of the various types of participating organisations. After a pilot phase to test processes and services, in 2019 ECCSA opened its doors to eligible organisations that wanted to become members.
Objectives and activities of ECCSA
The main objective of ECCSA is to create a collaborative environment of organisations and of trusted cybersecurity professionals that can help each other to become more resilient with cyber-attacks.
This objective is pursued by organizing various forums for the exchange of information and best practices as well as ad hoc activities (e.g. exercises and webinars). This happens in an atmosphere of mutual trust and openness, but also with the necessary discretion taking account of the operating and indeed very real legal constraints some members may be facing.
ECCSA offers also support to individuals that want to report vulnerabilities uncovered in good faith research activities.
Who is eligible to become a ECCSA Members?
Participation in ECCSA is open to any companies, organisations, or institutions of the European aviation community that may contribute to, or benefit from this participation and have its main operations in one of the EASA Member States.
Also, companies, organisations or institutions of other domains may join ECCSA, provided they are suppliers of products or services used by aviation stakeholders and may contribute to increase overall sectoral cybersecurity level.
How to become a ECCSA Member?
Organisations relevant for the safety and security of European civil aviation who are interested in becoming an ECCSA member should register to express interest and receive further information: ECCSA Membership - Expression of Interest.
Organisations who then make a formal application will be screened to ensure they meet eligibility criteria.
Where is ECCSA in the EU Cyber landscape?