You are here:
Fact Sheet: Cyber Security
- The airline industry relies on computer systems extensively in their ground and flight operations. Some systems are directly relevant to the safety of aircraft in flight, others are operationally important, and many directly impact the service, reputation and financial health of the industry.
- Many airlines and airports have robust systems in place to address common hacking threats, but have not taken a holistic view to all of their IT infrastructure nor considered the broader threat to the aviation system.
- IATA has put in place a three-pillar strategy, including work to understand, define and assess the threats and risk of cyber-attack, advocacy for appropriate regulation and mechanisms for increased cooperation throughout the industry and with Governments.
- In 2013, IATA developed the first iteration of a toolkit to assist airlines in understanding and better defining the risks to their organizations. This includes a situational assessment of cyber security in the industry, an introduction to cyber threats, a framework for assessing risk, and guidance material for setting up a cyber security management system. The toolkit was published in July 2014.
- IATA presented a paper to the ICAO AVSEC Panel in 2014 to highlight the threats to cyber security, call on regulators to work with industry, and take an outcome-focused approach to cyber security in their regulation.
- A group has been created including IATA, ICAO, CANSO, ICCAIA and ACI to coordinate activities and provide a common framework for the industry. A Memorandum of Cooperation was created to provide a roadmap for the future of cyber security for aviation. The Civil Aviation Cyber Security Action Plan was signed 5 December 2014 at ICAO Headquarters.
- Looking forward, work will continue to further define the threats and devise strategies to combat them, both within the airlines and across the industry.
- IATA will continue to work with regulators to advocate for coordinated and outcome-focused regulation, and with industry partners to agree on a common framework.
- Mechanisms for data and intelligence sharing will be sought in conjunction with industry partners.
- A program is also planned to assist airlines to identify their own vulnerabilities and test the new toolkit.
© International Air Transport Association (IATA) 2014. All rights reserved.