On Air - Cybersecurity, Occurrence Reporting System and Airworthiness Directives - Issue 8

Citizens travelling by air are more and more exposed to cybersecurity threats. Cybersecurity incidents in aviation increase in frequency and magnitude and become more and more complex. The new generation of aircraft have their systems connected to the ground in real time, Air Traffic Management technologies require Internet and wireless connections between the various ground centers and the aircraft. The multiplication of network connections increase the vulnerability of the whole system.

At the end of May, EASA organised a conference on aviation cybersecurity which involved key EU policy makers and representatives from the Member States and industry. The main conclusion, which I presented at the beginning of July at an informal meeting of Ministers of Justice and Home Affairs organised by the Luxemburg Presidency of the Council of the European Union, is that there is an urgent need to identify the actions to be undertaken to achieve a secure cyberspace for the aviation system as a whole, particularly for the new technologies required by the Single European Sky.

First, the aviation community needs to develop a common and coordinated response against cyber threats to aviation in order to maintain a high level of trust in the air transport system. At a European level we should build upon existing governance structures at EU level. For instance, a cybersecurity strategy is being implemented in the EU for the protection of EU citizens against cybercrime. This strategy, together with the EU aviation strategy, should pave the way for a secure and safe air transport system.

We should also take advantage of the on-going revision of the EASA Basic Regulation to develop the required leadership in cybersecurity and safety in aviation at EU level and to maintain the highest level of safety for the EU air transport system.

The concrete actions to be taken should be identified in a roadmap to be developed jointly by the European Commission and EASA in close cooperation with EU Member States and industry. This roadmap should be developed in order to avoid duplication and prevent jeopardising the effort already initiated by the industry.

Patrick Ky

EASA Executive Director

The Agency adopts and implements this proactive and evidence-based approach with an Internal Occurrence Reporting System (IORS), for the traceability of reported occurrences and of individual follow-up decisions and corrective actions, where applicable.
Rachel Daeschler, Head of Safety Intelligence and Performance Department at EASA, explains how this system works.

What does IORS mean in practice? How does the IORS database work?

IORS is the set of tools and procedures through which the Agency manages information coming from aviation safety occurrences which are reported to it. 

The IORS database is the repository where you will find all occurrence data reported to EASA, including information on follow-up actions, such as risk assessment, corrective action related information, reference to published EASA safety publication (Airworthiness Directive, Safety Information Bulletin). The IORS database started in February 2012.

How did it work before? What are the differences with the previous system?

Before IORS, each Project Certification Manager (PCM) received directly from the relevant Design Approval Holder (of an aircraft, engine, propeller, equipment etc.) occurrence data of interest to that particular PCM. In addition, the Agency also received voluntary occurrence reports from a wide range of entities (i.e., airlines, national aviation authorities) as well as further mandatory reports from non-EU maintenance organisations that have to report to EASA under their EASA Part-145 approval.

The data was not centralised. Its storage in the Agency was dependent upon individual filing solutions. At that time, we were the only aviation authority in Europe who did not yet have an established occurrence reporting system with a centralised database.

What does EASA expect from this mechanism?

IORS is necessary to ensure proper traceability of incoming occurrence data and also proper traceability of the decisions that were taken by the Agency in response to this safety-relevant information. Furthermore, as time goes on, the IORS database becomes an increasingly interesting source of information for safety analysis purposes, especially when looking for global safety issues related to design or technical issues. In this area, we still need to further progress to allow the data to be used to its full potential.

Who has to report an occurrence to EASA? And how?

In principle, those organisations for which EASA is the competent authority will have to report safety-related occurrences to us. This includes all European design approval holders (aircraft, engine, propeller type certificate holders, equipment design approval holders, Supplemental Type Certificate holders), production organisations, foreign maintenance or production organisations having a EU approval (unless covered under bilateral agreement).

Furthermore, in Europe there are principles for the exchange of safety information between national aviation authorities (NAAs)and EASA. This leads NAAs to report occasionally to EASA, especially on design-related issues, for which NAAs believe there might an (unattended) potential unsafe condition.

What are the next steps concerning this reporting mechanism?

The next steps particularly include the implementation of EU Regulation 376/2014 on the reporting of occurrences, their follow-up and analysis. We are already compliant with this regulation to a large extent. But we will have to refine some of our processes and tools, to implement a systematic risk classification scheme, and we will have to transfer regularly IORS data to the European Central Repository of occurrences, in the same way as all other NAAs already do.

But the most significant next steps lie in the internal improvements that we need to bring to IORS: collective review of occurrences for which we decide no follow-up is needed (“screening”), providing better feedback to the reporters, starting to perform safety analysis of larger amounts of occurrence data, i.e. going beyond the processing of individual occurrence data. After more than 3 years of accumulation of data, such an extension of our analysis work can be envisaged.

More information under: http://easa.europa.eu/easa-and-you/aviation-domain/safety-management/occurrence-reporting/iors-internal-occurrence-reporting-system

Safety Information is an essential part of the Agency’s Continuing Airworthiness activities.In this regard, the most important task of the Safety Information Section (CT.7.2) is to prepare, publish and disseminate:

• Airworthiness Directives – mandatory continuing airworthiness information (MCAI – for a definition, see below and ICAO Annex 8, chapter 4), and
• Safety Information Bulletins – non-mandatory continuing airworthiness information, as well as safety information on other areas of the Agency’s responsibilities, such as flight operations (OPS), airspace and aerodromes, and air traffic management (ATM)
• Both of these groups of publications, as well as adopted safety publications from non-European States of Design are available in the EASA AD Publishing Tool

Airworthiness Directives (ADs) - mandatory

EASA ADs are applicable to European type designs certified or validated by EASA. ADs are issued when an unsafe condition has been determined on an aircraft(1), which is likely to exist or develop on other aircraft. Such unsafe conditions result from a deficiency in the EASA-approved design, or from non-conformities with the approved design.

The design approval holder is obliged to develop a corrective action and propose it to EASA. Then, EASA will assess and approve the proposal and initiate AD action. After an AD has been issued for a specific safety issue on a particular (group of) aircraft, in nearly all cases the operators will be required to inspect or modify affected areas or systems of the in-service aircraft. ADs are an important tool to ensure the continued airworthiness of aircraft.

If the safety issue involves a high risk, EASA will issue an Emergency AD, which becomes effective within 2 days of its publication and requires urgent action by operators. The compliance time is brief (usually, less than 30 days). Depending on the risk assessment, the affected aircraft may even have to stay grounded until corrective action has been applied.

In the less urgent case, an AD can either be issued directly, or after a short public consultation period which would start with a Proposed AD (PAD). Comments received during consultation of a PAD will be assessed and taken into account before the Final AD is issued.

For products, parts and appliances under the oversight of a non-EU State of Design, EASA usually adopts ADs and endorses safety information (i.e. recommendations) issued by the State of Design. However, EASA can also issue its own / a deviating AD applicable to a foreign-designed product, part or appliance that has been validated in Europe, if deemed necessary, which will then be valid in all EASA Member States. ADs and safety information issued by Non-EU States of Design and adopted/endorsed by EASA are also included in the AD publishing tool (consistently since 15 September 2008).

EASA is preparing itself to be able to issue Directives with regard to Operations or Airspace. Currently, these areas are covered by the non-mandatory Safety Information Bulletins. EASA “Operational Directives” are addressed to the competent authorities, to instruct them to require affected operators to make some changes e.g. in training or operational procedures, because of an operational safety problem.

Safety Information Bulletins (SIBs)

SIBs are issued to inform aircraft owners, operators and/or maintenance staff (as appropriate to the case) of safety issues where (e.g.) the technical risk assessment does not justify AD action, or insufficient information is available to make such an assessment. In general, an SIB recommends certain action(s) to address the safety issue.

SIBs can also be used to inform the aviation community on various other subjects – such as security-related information on airspace or operational issues. Examples would be SIB 2014-35 on South Sudan or SIB 2014-28R1 on the Ebola Virus Disease.

Like ADs, SIBs can be found in the AD tool.

More information can be found on the EASA website: http://easa.europa.eu/easa-and-you/key-topics/airworthiness-directives

(1) A design approval can be issued for products (aircraft, engines or propellers), or aircraft parts and appliances. In case of equipment that has its own independent design approval (for example, ETSO or equivalent), such as aircraft seats, EASA issues equipment ADs. For all other parts directly linked to an aircraft, the AD will be issued at aircraft level.

3744 - all the reports reported to IORS in 2014

Source: Safety Intelligence & Performance Department

On 16 July, EASA delivered the report of the Task Force on the crash of Germanwings Flight 9525. The Task Force, led by the Agency, was assembled in May 2015 at the request of EU Commissioner for Transport Violeta Bulc. It analysed the preliminary findings of the crash investigation to assess the adequacy of European air safety and security rules. The Commission will now thoroughly examine the six recommendations before deciding on future steps. For more information, you can read the report and the European Commission Press Release.

On 9 July 2015, the EASA Committee gave a unanimous positive opinion on the draft amendment to Commission Regulations (EU) No 965/2012 as regards requirements for flight recorders, underwater locating devices and aircraft tracking systems. The European Commission is now launching the formal adoption procedure.

On 2 July 2015, the first authorisations to 22 non-EU airlines were issued by the European Commission and EASA.

From 10-12 June 2015, the EASA-FAA International Aviation Safety Conference took place in Brussels. The presentations are available on our website.

1 October 2015: 11th EASA Standardisation Meeting on Aircrew Regulation

6-7 October 2015: 3rd Workshop on the Implementation of the Air OPS Regulation (EU) No 965/2012 and the Operational Suitability Data

8 October 2015: 14th Air Operations Standardisation Meeting

8 October 2015: IHEST-EHEST Safety Workshop

14-15 October 2015: 2015 EASA Annual Safety Conference

20-21 October 2015: GA Seminar 2015

21 October 2015: Workshop on the Operational Suitability Data

4 November 2015: 2nd Workshop on the Approval and Oversight of Fatigue Risk Management (FRM)

18-19 November 2015: Part-21 DOA Implementation & Product Certification Workshop

2-3 December 2015: 9th Rotorcraft Symposium