UNEXPECTED THREATS

We need to be prepared for the threat of cyber-attacks in aviation; it is not a matter of if it will happen but when it will happen. The growing risks come from the use of new technologies and new devices: for example, pilots are increasingly using devices connected to the cockpit, such as flight maps, and we have no way to guarantee these cannot be hacked. And new technologies will only develop.

We have recently announced a plan for a Europe-wide initiative. Our goal is to protect Europe’s planes and drones from getting hacked. This includes the whole aviation chain, from Air Traffic Management Systems to maintenance organizations, and airports. As part of our plan, we believe that the different aviation stakeholders should implement a cyber-risk management system as part of their safety management system.

Freddy Dezeure, Head of CERT-EU, explains the cooperation with EASA

1.       What is Computer Emergency Response Team - CERT-EU’s mission?
CERT-EU’s mission is to enhance the security of the information and communications technology (ICT) infrastructure of all EU institutions, bodies and agencies (hereinafter referred to as its ‘constituents’).  It supports incident prevention, detection, mitigation and response by acting as the cyber-security information exchange and incident response coordination hub for its constituents.
Our goal is to help our constituents to avoid being breached by cyber-attacks and in case they would be compromised nevertheless to detect and remediate incidents as quickly as possible.
Our work in prevention consists in drawing lessons from relevant past incidents in the constituency or the broader community into best practices in hardening, configuration management and awareness raising to mitigate the risk of cyber-attacks. Prevention advice is made available through white papers, advisories and reports. Many of these can be found on our website www.cert.europa.eu.
 

IMPLEMENTATION OF A EUROPEAN CENTRE FOR CYBER SECURITY IN AVIATION (ECCSA)

After the ‘Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions - Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace’, JOIN(2013) 1 from7 February 2013, EASA And CERT-EU signed in February this year a memorandum of mutual cooperation (MoC) for the implementation of a European Centre for Cyber Security in Aviation (ECCSA).

The EASA ‘Cybersecurity roadmap’ presented in 2015 has been considered as basis for implementing a cybersecurity framework for aviation – taking into account the principles laid in the new European ATM Master Plan and in the EU Aviation Strategy- acting as support to the European Commission, EASA Member States, EASA and industry work.

The memorandum includes the areas of responsibility of both parties. On the one hand, CERT-EU agrees to provide the appropriate and secure IT infrastructure services as well as the cybersecurity tools and threat management services needed for the development of cyber-secure components in aviation. On the other hand, EASA will provide the analyst resources and technical expertise for the coordination of the ECCSA. Both agree to execute the Technical Roadmap within the given milestones for this purpose and maintain close collaboration between their analysts’ teams.

What will ECCSA do?

ECCSA will primarily serve as an information sharing and management platform, a key enabler for implementing a resilient aviation cyberspace. ECCSA will provide secure means for aviation stakeholders to exchange domain relevant cybersecurity information, such as vulnerabilities, i.e. weakness that can be used for malicious purposes, as well as events and incidents that might be worth sharing with the aviation community.

4

Are the number of incremental development steps that have been foreseen for ECCSA to reach its full capabilities

Latest News

9 February 2017:  Safety Precautions regarding the Transport by Air of Damaged, Defective or Recalled Lithium Batteries

20 February 2017: Preliminary Air Safety Figures for 2016 released

2 March 2017: Airbus Single Aisle - Certification of the A321-251N

2 March 2017: New Regulation for CAT SET-IMC has been adopted

6 March 2017: EASA administrative validation of FAA STC classified as Basic and limited to one serial number

7 March 2017: EASA welcomes ICAO’s adoption of new CO2 emission standards for aircraft

13 March 2017: Extention of the validity of third-country licenses in non-commercial operations

23 March 2017: EASA publishes two studies on cabin air quality

23 March 2017: Forum on Regional Safety Oversight Organisations (RSOOs) for Global Aviation Safety

23 March 2017: Review of the effectiveness of the new flight time limitations

29 March 2017: EASA/ICAO forum results in a new global framework for regional aviation safety oversight organisations and improved cooperation in Africa

31 March 2017: EASA and Aviation partners launch Data4Safety

Upcoming Events

5-8 April 2017: EASA Stand at AERO Friedrichshafen

25-26 April 2017: SAE Standards Summit

24-28 April 2017: IMRBPB meeting 2017

27-28 April 2017: 2017 CAAC-EASA Aviation Safety Conference

4 May 2017: 7th meeting of European National Continuous Monitoring Coordinators (ENCMC/7)

8-9 May 2017: CASIA Annual Meeting

10-11 May 2017: Part 21 Design Organisation Approval (DOA) Implementation Workshop

17-18 May 2017: STC Workshop

12-13 June 2017: EASA FDM Conference 2017

14-16 June 2017: EASA–FAA International Safety Conference

SAVE THE DATE!  EASA Annual Safety Conference on Cybersecurity in Cracow on 8 November 2017!

Details on these and other upcoming EASA News & Events are available here.