What is cybersecurity and how is the aviation system impacted?
The ever increasing digitalisation of services and devices is simplifying many aspects of our life and improving our well-being as well as offering new possibilities.
However such positive evolution does not come without risk. Individuals may attempt to steal information, manipulate it or disrupt services for their specific reasons, being them economic or political, causing adverse effects to the European citizens.
Civil Aviation is not immune to the so called cyber risks, in fact the whole aviation system is getting more and more digitalised and most of the services essential for flying are becoming highly interconnected.
To this extent aviation stakeholders need to ensure that digital services and devices are capable of withstanding cyber-attacks. The term cybersecurity identifies indeed the protection of the digital information which is exchanged by electronic systems and devices or stored by them.
What is a cyber resilient aviation system?
It is a systems that maintains the ability to deliver the intended outcome and the same level of safety continuously at all times, even when regular delivery mechanisms have been attacked.
What is a vulnerability?
A vulnerability is ‘flaw’ or ‘mistake’ in computer-based systems, or a result of an intended feature condition, that may be exploited to compromise the network and information security of affected systems. It provides a point-of-entry or gateway to exploit a system and as such pose potentially severe security risks.
What is the European Centre for Cybersecurity in Aviation (ECCSA)? What’s for?
ECCSA is an initiative supported by EASA aimed at increasing collaboration and information sharing amongst aviation stakeholders, a key enabler for implementing a resilient aviation cyberspace.
ECCSA provides to its members secure means to exchange domain relevant cybersecurity information, such as vulnerabilities as well as cybersecurity events and incidents that might be worth sharing with the aviation community.
The ECCSA’s operational team of analysts provides additional inputs to the information shared by the participants, with the aim to facilitate the creation and the management of an aviation cybersecurity threats knowledge and risk picture.
What is CERT-EU, what is its role?
The Computer Emergency Response Team for the EU Institutions, bodies and agencies (CERT-EU) is composed of IT security experts from the main EU Institutions. The CERT-EU cooperates with other CERTs in the Members States and with specialised IT security companies in order to respond to information security incidents and cyber threats.
A document providing basic information about the CERT-EU, its channel of communication, its roles and responsibilities has been published by CERT-EU and can be consulted. See here