During 8-9 November 2017, the Krakow Conference on Cybersecurity in Civil Aviation took place with the attendance of 260 participants. The event was organised by, the Polish Civil Aviation Authority and EASA, sponsored by the Polish Prime Minister and the Polish Ministry of Transport and Infrastructure. A Memorandum of Cooperation was signed between EASA and the Polish CAA for the pilot phase of the European Centre for Cybersecurity in aviation on 8 November 2017.
This High Level Conference offered the possibility to further develop discussion held in previous conferences, in particular the High level conference on Cybersecurity in Civil Aviation held in November 2016 in Bucharest, which called for an EU strategic coordination on the subject.
In response to this, the European Strategic Coordination Platform (ESCP) on cybersecurity in aviation has been then established in the 2017 and started its “Engagement Phase”. This year, participating organisations are finalising its Charter and coordinating the work on Cybersecurity in Aviation strategy and regulatory needs.
At the conference in Krakow, EASA recalled this achievement and took the chance to propose objectives common to all aviation stakeholders, as well as to explore synergies with other transport means, in view of an integrated multimodal transport dimension. The main objective is not only to engage all stakeholders in a fair and non-discriminatory frame, but establishing a resilient European transport system and creating the largest level playing field in the world on cybersecurity.
All aviation sectorsi represented at the conference recognised that the interdependency of services and cross border nature of the aviation business require a trans-organisational coordination to properly address the cybersecurity risk. A common approach to abandon of the separation between safety and security was also unanimously declared.
The conference participants discussed the establishment for the future European strategy for Cybersecurity in Aviation and the Cybersecurity Road Map. It was made clear that regulators shall leverage on the enforcement of the NIS Directive at EU member states’ level, taking advance of the measures already foreseen for operators of essential services, aimed at improving the cybersecurity capabilities and foster better communication across member states. The need for cybersecurity promotion, research activities, commitments and resources devoted to cybersecurity were also pointed out.
The Krakow declaration following the High Level Conference on Cybersecurity in Civil Aviation compile the concerns and common goals agreed for the future Cybersecurity path in civil aviation in Europe.
Here an extract of some of them:
called upon the European Commission and the European Aviation Safety Agency to develop and adopt Implementing Regulations addressing Cybersecurity in Aviation with harmonised common objectives but tailored requirements for subjects and sub-sectors, assuring commensurate responses to risks,
called on airports, Ground Handling Operators, maintenance organizations, air navigation service providers to develop information security management systems in accordance with specific procedures and appropriate standards,
recommended to harmonise the security risk assessment methodologies,
recognised that cybersecurity is an interdisciplinary problem in transport that has its challenges in aviation, but also in shipping, rail and road transport,
called upon a stronger partnership between regulators, operators, service providers, and manufacturing industry, in particular within the ESCP, where EASA welcomes and supports the Industry to come with standards.”
The complete Krakow declaration text can be found here.
i NAAs, airlines, ground handlers, EU agencies, European Commission, ECAC presidency, IATA, Ministries, associations, aircraft manufacturers, equipment suppliers and universities.