Maintaining safe, secure, and resilient operations is the highest priority for aviation. Although technology and digitization bring many advantages to aviation, it also creates challenges in managing cyber vulnerabilities in such a complex environment. The airline industry has always been an attractive target for cybercriminals with various motivations, spanning from stealing value in data or money to causing breakdowns and harm.

That's why IATA recommends adopting a minimal cybersecurity posture, consisting of two parts:

• Part 1: Organization Culture and Posture relates to the cybersecurity of the organization;
• Part 2: Aircraft relates to the cybersecurity of the aircraft and risk management.

In order to address the ever-evolving cyber threats, IATA is developing an industry-wide Aviation Cyber Security Strategy. As part of it, IATA produced the Aviation Cyber Security position paper that outlines its cybersecurity vision and mission as well as the steps that should be taken to address the aviation cybersecurity issues. This work, guided by the Security Advisory Council (SAC), involves establishing partnerships with the original equipment manufacturers (OEMs), regional organizations, communities, and academia.

The cybersecurity issues such as inter alia, the privacy of data, safety, the Passenger Standards Conference (PSC), etc., will be jointly addressed with the Safety, Flight and Ground Operations Advisory Council (SFGOAC) and the Digital Transformation Advisory Council (DTAC). The strategy will be carried out by the Cyber Management Working Group (CMWG), which will address all the cybersecurity activities in support of the IATA airline members.

IATA presented to the 40th ICAO Assembly their Information Paper A40-WP/395 Aviation Cyber Security - Moving Forwards, explaining the need for coordinated and proactive work on managing aviation cybersecurity risks. Through this paper, IATA gave its support to the creation of the ICAO Cyber Security Strategy.

Another important element of the cybersecurity strategy is the Aviation Cyber Security Roundtable. This annual event gathers industry stakeholders to work towards a 2030 vision for a coordinated approach to aviation cybersecurity.

The work of the ACSR is focused on the following elements:

• Cybersecurity Culture: Promoting a positive cybersecurity culture and raising awareness across the industry;
• Transparency and trust: Establishing a global approach to cybersecurity;
• Communication and collaboration: Creating stronger relationships among industry participants and with external organizations to improve the best practices and handling of potential threats;
• Workforce: Training aviation personnel to recognize and manage cybersecurity risks and inspire the next generation leaders.

IATA is constantly providing awareness on aviation cybersecurity, helping stakeholders build a strong aviation cybersecurity workforce and showing the current aviation personnel how to recognize and handle cyber threats. Additionally, IATA provides a Compilation of Cyber Security Regulations, Standards, and Guidance for Civil Aviation, where interested parties can go over a list of regulations, standards, and guidance related to aviation cybersecurity. This version is not a definitive one. The list is continuously updated based on the crucial developments in regulations, standards, and aviation cybersecurity guidance.

If you wish to learn more about aviation cybersecurity, get in touch with specialized experts.