EASA has developed a Cybersecurity Roadmap which was endorsed by the Management Board in November 2015. Since then, EASA is working on its implementation and a number of initiatives has been launched to better address cybersecurity risks in aviation improving resilience and fostering built-in security.
Beside its institutional rulemaking activity, EASA is working at improving the international collaboration on the subject as well as at promoting the sharing of information amongst aviation stakeholders.
Our Top Priorities
The achievement of a cyber resilient aviation system and the incorporation of cybersecurity into the current safety notion require a coordinated effort of the aviation system stakeholders.
To this extent EASA participates and chair a European Strategic Coordination Platform including representatives of key industry stakeholders, Member States and EU Institutions. The collaboration is contributing at harmonising aviation stakeholder’s objectives and has made possible the development of the first common strategy for cybersecurity in aviation, in accordance with aspirations and principles stated in the agreed Charter. The involved stakeholders are also in the process of defining a common roadmap in order to implement this strategy.
To promote voluntary information sharing and expert collaboration, EASA is supporting the creation of a European Centre for Cybersecurity in Aviation (ECCSA) and providing the initial operational capabilities in collaboration with CERT-EU.
Timeline
Eligible organisations invited to join cybersecurity group ECCSA
The European Centre for Cybersecurity in Aviation (ECCSA) is opening its doors to eligible organisations that would like to become members of the knowledge centre and information sharing network, which was established two years ago to counter the threats to aviation posed by cyberattacks.
Industry-wide cooperation on cybersecurity matters is particularly important in the aviation sector as most aviation
Read More1st Transport Cybersecurity Conference held in Lisbon
Lisbon, 23 January 2019 -The European Union Agency for Network and Information Security (ENISA) welcomed in Lisbon the first Conference on Transport Cybersecurity, with the support of the European Commission (DG MOVE), the European Union Aviation Safety Agency (EASA), the European Maritime Safety Agency (EMSA) and the EU Agency for Railways (ERA).
Over 150 public and private representatives from all transport modes in Europe took part in the event. They discussed the EU legal framework for cybersecurity, its relevance for the transport sector, and
Read MoreESCP High Level Meeting on Cybersecurity in Civil Aviation
The “ESCP High Level Meeting on Cybersecurity in Civil Aviation 2018” in Toulouse (France) on 14th and 15th November 2018 will bring together States, industry, partners and other key players to raise awareness of the threats, as well as discuss and develop practical and sustainable policies, approaches and measures to protect against them and mitigate their impact.
1st OPTICS2 Workshop - Aviation Cybersecurity
Cyber-attacks are relatively low cost and low risk for the perpetrator, but can be a very high cost for the targeted organisation and society. This workshop brought together a range of experts from industry and regulation to consider both existing and potential future cyber risks and identify a top 10 list of both urgent and mid-term research that is required to maintain a safe and secure air transport system, today and in the future.
High Level Conference Cybersecurity in Civil Aviation
Tuesday 8th of November: High level meeting
Wednesday 9th of November: Technical workshop
Cyber-threats to the civil aviation system are considered a major concern. Cyber-attacks against civil aviation operations could potentially be catastrophic with significant casualties, disruption to civil aviation services, and/or damage to critical infrastructure. Equally endangered are airlines, airports and air traffic management. The conference will
Read MoreWorkshop on Cybersecurity in Aviation, Brussels
EASA and EUROCAE jointly organised a workshop to discuss current activities and future regulatory and standardisation needs with key stakeholders from industry, airspace users, Member States, European Institutions, academia.
Signature of MoC between EASA and CERT-EU for ECCSA
EASA signed a Memorandum of Cooperation with the Computer Emergency Response Team (CERT-EU) of the EU Institutions in order to support the implementation of a European Centre for Cybersecurity in Aviation (ECCSA).
Launch of “Impact Assessment of Cybersecurity Threats” project
Cybersecurity threats are of prime importance in the aviation context, given the increasing number of exploitable vulnerabilities and the improvement of attacker capabilities.
More in details, the impact of security threats on commercial transport aircraft (CAT) and air traffic management (ATM) procedures is lacking. This information is of upmost importance for practical applicability of security certification. The primary targets of the project are to identify and prioritise threats to critical aircraft systems as well as to build a comprehensive knowledge base of the safety impact
Read MoreHigh Level Meeting "Cybersecurity in Civil Aviation", Bucharest
08-09/11/2016
EASA is tasked to facilitate a Strategic European Coordination Platform including representatives of key industry stakeholders, Member States and EU Institutions.
Workshop on the roles and the activities of a European Centre for Cybersecurity in Aviation, Cologne
13-14/07/2016
On 13 and 14 July 2016, EASA organised a workshop with the industry on cybersecurity events management, coordination, and information exchange. Four cybersecurity crisis scenarios were played, based on real events, although not demonstrated as being cyber but easily transposable to cyber. The scenario were aiming at aircraft systems, ATM and airlines event response coordination.
The main purpose was to identify what would be the services and functions of a European Centre for Cybersecurity in Aviation (ECCSA) during the different events, its added value,
Read More1st Meeting of Member States representatives of Cybersecurity in Aviation, Brussels
EASA presented some further details on the cybersecurity in aviation roadmap and emphasised the intention to create close collaborative relationships with Member States (Cybersecurity in Aviation Community).
Launch of Rulemaking Task RMT.0648 “Aircraft cybersecurity”
EASA initiated a review of safety rules in order to develop a regulatory concept that will enable to identify cyber risks having an impact on safety. The main objective of this task is to mitigate the safety effects stemming from cybersecurity risks due to acts of unlawful interference with the aircraft on-board electronic networks and systems.
2nd High-level Conference on the EU Cybersecurity Strategy, Brussels
Because of the general trend in cybersecurity threat EASA organised a conference on aviation cybersecurity, which has included key EU policy makers and representatives from Member States and the industry. Due to the urgent need to identify the actions to be undertaken for the design of a secure aviation cyberspace EASA was tasked to develop a roadmap by the end of the 2015 in close cooperation with EU Member States and Industry, identifying appropriate protection measures and management strategies for the aviation system as a whole.
Contact
Any inquiries or questions regarding cybersecurity in aviation should be addressed by completing this form