We need to be prepared for the threat of cyber-attacks in aviation; it is not a matter of if it will happen but when it will happen. The growing risks come from the use of new technologies and new devices: for example pilots are increasingly using devices connected to the cockpit, such as flight maps, and we have no way to guarantee these cannot be hacked. And new technologies will only develop.
We have recently announced a plan for a Europe-wide initiative. Our goal is to protect Europe’s planes and drones from getting hacked. This includes the whole aviation chain, from Air Traffic Management Systems to maintenance organizations, and airports. As part of our plan, we believe that the different aviation stakeholders should implement a cyber-risk management system as part of their safety management system. This plan includes the set-up of the European Centre for Cybersecurity in Aviation (ECCSA) which will rely on the IT capabilities of the Computer Emergency Response Team of the EU Institutions (CERT-EU) to promote and activate the circulation of information amongst relevant aviation stakeholders.
We have this culture of sharing information in the aviation safety domain. On security matters, it is more difficult. We are discussing with associations in the aviation sector for them to communicate with their members and to implement the sharing of information to make sure that other partners will not be faced with similar attacks.
I can say with conviction that every aircraft that is flying today is cyber safe. We need to ensure that this will also be the case tomorrow.
EASA Strategy and Safety Management Director