www.airline-cybersecurity.ch Open in urlscan Pro
2a00:d70:0:b:2002:0:d91a:3514  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Toggle navigation
 * Index
 * Aviation Cybersecurity Training
 * Board Training
 * NIS 2 Training
 * CER Training
 * Cybersecurity Roadmap
 * Cybersecurity Strategy
 * Airline Cybersecurity Links
 * Cyber Risk GmbH
 * Impressum




CYBERSECURITY IN THE COMMERCIAL AND PRIVATE AVIATION



Security and cybersecurity in the commercial and private aviation

The 1944 Convention on International Civil Aviation established the core
principles of international transport by air, and led to the creation of the
International Civil Aviation Organization (ICAO). ICAO’s core mandate, then as
today, was to help States in achieving the highest possible degree of uniformity
in civil aviation regulations, standards, procedures, and organization.

The U.S. government invited 55 States to attend an International Civil Aviation
Conference in Chicago in 1944. Delegates travelled to Chicago, even from
countries that were still occupied. They attended the Chicago Conference, and by
its conclusion on 7 December, 1944, 52 of them had signed the Convention on
International Civil Aviation, known then and today as the Chicago Convention.

Today, ICAO is funded and directed by 193 national governments. The stipulations
ICAO standards contain never supersede the primacy of national regulatory
requirements. It is always the local, national regulations which are enforced
in, and by, sovereign states, and which must be legally adhered to by air
operators making use of applicable airspace and airports.

The most important legislative function performed by ICAO is the formulation and
adoption of Standards and Recommended Practices (SARPs) for international civil
aviation.

The measures taken by ICAO to prevent and suppress all acts of unlawful
interference against civil aviation throughout the world is of critical
importance to the future of civil aviation. SARPs for international aviation
security were first adopted by the ICAO Council in March 1974, and designated as
Annex 17 to the Chicago Convention.

In 2021, the ICAO Council approved a new structure to address cybersecurity
across the Organization. The new structure consists of a Cybersecurity Panel
that reports to the Council’s Aviation Security Committee, an Ad-Hoc
Cybersecurity Coordination Committee that reports to the Council, and an expert
group dedicated to the International Aviation Trust Framework.

ICAO revised its Cybersecurity Action Plan and produced guidance material to
support States and stakeholders in addressing cybersecurity and cyber resilience
in civil aviation (Guidance on Traffic Light Protocol, Cybersecurity Policy
Guidance and Guidance on Cybersecurity Culture in Civil Aviation).

In line with its cybersecurity training road map, ICAO continues to support
States in the development of human resources and capacities needed to manage
cybersecurity and cyber resilience in civil aviation. In 2021, ICAO launched its
first cybersecurity and cyber resilience course entitled “Foundations of
Aviation Cybersecurity Leadership and Technical Management”, which was developed
in partnership with Embry-Riddle Aeronautical University. In partnership with
EUROCONTROL, ICAO developed a second course addressing classical and
cybersecurity aspects of ATM security.

The ICAO training programs are the most important in the industry. Cyber Risk
GmbH, a private company incorporated in Horgen, Switzerland, is not affiliated
or connected to the ICAO in any way. Cyber Risk GmbH is offering training
programs in some difficult areas, like the new NIS 2 Directive of the European
Union that changes the compliance requirements of many entities in the aviation
industry, and programs that assist the Board of Directors and the CEO to
understand cybersecurity challenges.

The Board of Directors and the CEO of entities in the aviation industry must
understand that they are high value targets. For them, standard security
awareness programs are not going to suffice. The way they are being targeted is
anything but standard or usual. They are the recipients of the most
sophisticated, tailored attacks, including state-sponsored attacks. These are
attacks that are often well planned, well crafted, and employ advanced
psychological techniques able to sway a target towards a desired (compromising)
behavior without raising any alarms.

Countries expand their global intelligence footprint to better support their
growing political, economic, and security interests around the world,
increasingly challenging existing alliances and partnerships. They employ an
array of tools, especially influence campaigns, to advance their interests or
undermine the interests of other countries. They turn a power vacuum into an
opportunity.

Countries use proxies (state-sponsored groups, organizations, organized crime,
etc.) as a way to accomplish national objectives while limiting cost, reducing
the risk of direct conflict, and maintaining plausible deniability.

With plausible deniability, even if the target country is able to attribute an
attack to an actor, it is unable to provide evidence that a link exists between
the actor and the country that sponsors the attack.


Our training programs

Cybersecurity training for the commercial and private aviation

Cybersecurity training for the Board of Directors and the CEO in the commercial
and private aviation

NIS 2 Directive Training for the commercial and private aviation

--------------------------------------------------------------------------------


CYBER RISK GMBH, SOME OF OUR CLIENTS