Cyber security continues to be a real concern for the aviation sector, with threats expected to increase in number and impact for the foreseeable future.
All businesses, including airports, are at danger from cybersecurity threats, whether they have a straightforward set of systems or the most sophisticated IT digital transformation programmes.
It is thus, essential, that aviation stakeholders establish a programme of cyber resilience and maintain robust and efficient cybersecurity defenses.
ACI continues to offer and develop products and services to help airports prepare for and mitigate cyber-attacks through the ACI Cybersecurity Portfolio which includes several elements.
First, it includes training; both technical training that addresses incident detection, analysis and response, designing for security and audit approaches alongside a practical course for airport managers, which covers the principles upon which a successful cybersecurity programme is established and maintained.
The portfolio also offers guidance material via the Cybersecurity for Executives Handbook, launched at ACI’s Annual Assembly, Conference and Exhibition earlier this year. This handbook is intended to provide airport executives and other concerned airport senior management personnel with valuable information on the basics of the management of cyber security.
It is non-technical and highlights some of the key actions airports can take towards addressing cybersecurity threats and becoming more resilient.
Later this year, ACI will launch the Cybersecurity Implementation Handbook, which will provide detailed information to help airports understand best practices for addressing cybersecurity threats, from implementing a cybersecurity framework through to technical strategies.
As far as tools, the portfolio includes the ACI Cybersecurity Self-Assessment Tool provides airport stakeholders with a snapshot of their Information Security management strengths and weaknesses.
ACI also has a team of experts with practical airport IT security experience, ready to help airports understand their cybersecurity risk, improve their protective measures and build resilience to cybersecurity attack.
ACI experts and members play an active role in cybersecurity in the work of ICAO at the global level. ACI does not believe that there is a need for more prescriptive standards for cybersecurity. Indeed, these may be counterproductive since it is a fast paced, volatile issue where responses need to be flexible and agile.
Different countries also have different approaches, with different responsibilities across multiple agencies. This makes a set of standards purely for aviation difficult and complex to implement.
However, there is a clear need for international co-operation, joined up governance and coherent and practical policies to address these issues. Coupled with practical solutions for information sharing, oversight, capacity building and training, there is an urgent need for a strategy and action plan for civil aviation.
Cybersecurity is not an issue that can be separated naturally into safety, security, operations, air navigation and facilitation since it cuts across all areas. Risk assessment, guidance material, policy development and oversight will apply to all areas.
ACI is therefore encouraging ICAO to create a structure that could bring a greater range of expertise and experience on the topic of cybersecurity, alongside working groups to dedicate more time and resource to the development of guidance materials, programmes, capacity building, assistance and training.
We presented our position on cybersecurity at the recent 40th Triennial ICAO Assembly touching on each of these elements. The Paper and outcome from the ICAO Assembly can be found on ACI World’s website.