2020 High Level Cybersecurity Conference

Date & time
Start: 09:30 - 04/03/2020
End: 14:30 - 05/03/2020

Location
Centro de Estudios y Experimentación de Obras Públicas (CEDEX) 
C/ Alfonso XII 3 y 5 - 28014 Madrid, SPAIN
http://www.cedex.es/CEDEX/LANG_CASTELLANO/ORGANISMO/CENTYLAB/CETA/LOCACONT/

Background
One of the main activities performed by EASA in order to efficiently contribute to the protection of the aviation system from cyberattacks and their consequences is the introduction of a robust regulatory framework that allows organisations to manage cybersecurity risks.

This is being done in coordination with EU Institutions, international regulatory partners, Industry and States through rulemaking task RMT.0720, where the first milestone was the publication, on 27th May 2019, of NPA 2019-07 proposing the introduction of provisions for the management of information security risks related to those information systems used in civil aviation. These provisions shall apply to competent authorities and organisations in all aviation domains (i.e. design, production, management of continuing airworthiness, maintenance, air operations, aircrew, air traffic management/air navigation services (ATM/ANS), and aerodromes), include high-level, performance-based requirements, and shall be supported by acceptable means of compliance (AMC), guidance material (GM), and industry standards.

The public consultation for NPA 2019-07 was open for comments until 27th September 2019 and the comments received are currently being evaluated by EASA in coordination with the European Strategic Coordination Platform (ESCP).

The NPA is published on EASA's website:
https://www.easa.europa.eu/document-library/notices-of-proposed-amendment/npa-2019-07

Aim of the conference
Similarly to what happened in previous years, EASA will be organizing in cooperation with a National Aviation Authority a “High Level Cybersecurity Conference” in 2020. This event is being co-organized by EASA and the Spanish CAA (AESA) and will take place at Madrid (Spain) on 4th and 5th March 2020.

This conference will focus on a number of key elements essential for the implementation of the future EASA cybersecurity requirements being developed through RMT.0720, in particular:

• Coordination between different authorities within the Member States (NAAs, cyber authorities, relevant ministries, etc);
• Coordination of implementation of the different cybersecurity regulatory frameworks (future EASA cybersecurity rules, NIS Directive 2016/1148 and Regulation 2015/1998;
• Risk management;
• Risk and information sharing.

Target audience
The Conference is addressed to personnel of the European Institutions, agencies and organisations, members of the EASA advisory bodies, authorities of the Member States, international regulatory partners, representatives of the industry and representatives of interest groups, involved in the cybersecurity of all aviation domains.

Agenda
The Agenda is anticipated to cover at least the following topics:

• Coordination between different authorities within the Member States (NAAs, cyber authorities, relevant ministries, etc);
• Coordination of implementation of the different cybersecurity regulatory frameworks (future EASA cybersecurity rules, NIS Directive 2016/1148 and Regulation 2015/1998;
• Risk management;
• Risk and information sharing.

Planned meeting documents
All relevant documents will be uploaded at the events webpage before the meeting.

There will be no hardcopies handed out during the meeting.

Registration
Participation to the workshop is free of charge and requires advance registration. Registration is open until Friday 21st February 2020.

In order to participate, please submit a registration request to the following e-mail address:
juan.anton [at] easa.europa.eu (juan[dot]anton[at]easa[dot]europa[dot]eu)

In the registration request please provide the following information:

• In the “subject” of the e-mail state: “4th/5th March 2020 - High Level Cybersecurity Conference in Madrid (Spain)”
• Your full name
• Organisation’s name
• Country of the organisation
• Your position in the organisation
• Contact e-mail

Approval of the registration request will be required to ensure your participation, which will be notified to you by EASA in due time from the e-mail: juan.anton [at] easa.europa.eu (juan[dot]anton[at]easa[dot]europa[dot]eu)
Due to the restricted availability of places, EASA reserves the right to accept only a limited number of participants per organisation.

Cancellation of registration
If you have registered for the conference and, for whatever reasons, you are not planning to eventually attend, please inform EASA as soon as possible by sending an e-mail to the following address:
juan.anton [at] easa.europa.eu

Planned meeting documents
All relevant documents will be uploaded at the events webpage before the meeting.

Accommodation and travel arrangements
Participants need to take care of their accommodation and travel arrangements themselves.