Aviation Cyber Security—maintaining safe, secure, and resilient operations—is a top priority for aviation.
Technology and digitization bring many advantages to aviation, but at the same time, create challenges in managing cyber vulnerabilities in this complex environment. The airline industry is an attractive target for cyber threat actors with a multitude of motivations, ranging from stealing value in data or money to causing disruptions and harm.
Through leadership and acting now, IATA supports shaping the nature of how the industry responds to cyber security challenges.
- Cybersecurity Risk Assessment Guidance Material (CRAGM) proposes a minimal and viable cybersecurity risk assessment approach and guidelines for the Operators.
- Cybersecurity Supply Chain Oversight Guidance Material (CSCOGM) provides guidance to the Operators expressing a set of cybersecurity best practices and aviation-specific supply chain activities.
Aviation Cyber Security Guidance Material
This high-level document was developed with IATA Airline Members and provides the operators with considerations on adopting a minimal cyber security posture to organization and aircraft operations.
- Part 1: Organization Culture and Posture relates to the cyber security of the organization;
- Part 2: Aircraft relates to the cyber security of the aircraft and risk management.
To download a free copy of this guidance material (Feb 2021) please complete this form.
Compilation of Cyber Security Regulations, Standards & Guidance Applicable to Civil Aviation
This free Compilation of Cyber Security Regulations, Standards, Guidance for Civil Aviation (pdf) provides an overview on regulations, standards, and guidance related to aviation cyber security. The current version (Dec 2022) will be continuously updated according to noteworthy international and regional developments.
Security Management System (SeMS) Manual
The Security Management System (SeMS) Manual addresses a risk-based and data-driven approach. The SeMS Manual provides guidelines and measures over the cyber security governance, management, and responsibilities; cyber security culture, awareness, and training; cyber security risk management; and application of risk management concepts to cyber threats and risks.
Aviation Cyber Security Strategy
IATA supports an industry-wide Aviation Cyber Security Strategy to enhance the industry's capability in addressing this ever-evolving cyber threat. This work is guided by the Security Advisory Council (SAC) and Digital Transformation Advisory Council (DTAC). The Aviation Cyber Security Strategy is focused on three main principles:
- Communities of Trust: development of communities of trust among the different stakeholders to tackle complex challenges over aviation cyber security and resilience.
- Information Exchange, Standards and Recommended Practices: articulation and coordination of different activities and forums in support of better awareness and information exchange as well as the development of standards and recommended practices and guidance material.
- Center of Excellence: establishment of strong collaborations for increased knowledge and cross-pollination of ideas.
To learn more please consult the following:
IATA established the Cybersecurity Resilience and Management Working Group (CRMWG), reporting to the SAC and DTAC, which is mandated to develop a cyber security strategy and roadmap and to determine how the industry needs to respond to the current and future challenges to remain safe, secure, sustainable, and resilient to cyber security risks. The work is supported by developing guidance, best practices, and other reference material through the Aviation Cybersecurity Steering Group (ACS-SG), an informal group focusing on cyber resilience of aircraft, ground and interconnected systems related to flight safety.
The Aircraft Cyber Security eXchange Restricted FORUM (rFORUM) was created by IATA and the International Coordinating Council of Aerospace Industries Associations (ICCAIA) to understand the risks better, whether associated with the introduction of new technologies or those that may be shared with the original equipment manufacturers (OEMs) and system suppliers.
Consult IATA's position papers on Aviation Cyber Security.
In February 2023, IATA published a new Policy Position on Aviation Cyber Security:
3CTX Open Forum
The IATA Aviation Cyber Threat eXchange (3CTX) Open Forum is a biannual workshop (by invitation only) that tackles the industry's cyber security challenges as well as knowledge and information exchange to foster collaboration between IATA’s members and partners, industrial and academic researchers of the Cyber Security community. This Forum brings cyber security experts closer to the civil aviation industry as well as increases knowledge of the civil aviation ecosystem. So far, IATA organized the following sessions of the 3CTX Open Forum:
- 1st Edition, December 2021, theme: Coming Cyber Challenges and Risk of the Supply Chain.
- 2nd Edition, June 2022, theme: Cyber Security Risk Assessment in Aviation.
- 3rd Edition, January 2023, theme: Incident and Crisis Management.
Partnerships and MoU
The Aviation Cyber Security Strategic Partnership (pdf) package was launched in 2021 to start exchanging and collaborating with cyber security organizations and Subject Matter Experts (SMEs). Find out more about the Strategic Partnership program and consult the current list of partners in the Directory of Strategic Partners.
IATA, to support the airline industry in Aviation Cyber Security, signed a Memorandum of Understanding (MoU) with the following organizations:
- Consortium for Research and Innovation in Aerospace in Quebec (CRIAQ)
- Israeli National Cyber Directorate (INCD)
IATA is involved in the aviation cyber security work at the International Civil Aviation Organization (ICAO). In recent years IATA contributed to the work of the Secretariat Study Group on Cybersecurity (SSGC) and its different subgroups, like development of the Cybersecurity Strategy and Cybersecurity Action Plan (CyAP). The engagement will now be continued in the newly established ICAO Cybersecurity Panel (CYSECP).
IATA also continues its support to the European Aviation Safety Agency (EASA) and the European Coordination Strategic Platform (ESCP) with the Rulemaking Task (RMT).0720 over the Management of information security risks, for which the EASA Opinion 03/2021 was issued in June 2021.
IATA is also part of the EUROCAE WG-72, supporting the development of multiple standard documents.
Aviation Cyber Security
This 3-day IATA Aviation Cyber Security Training (classroom / LIVE virtual classroom) helps build a strong aviation cyber security workforce and teaches the current aviation personnel how to recognize and manage cyber risks for increased vigilance and resilience.
Operational Cyber Security in Aviation
This 3-day IATA Operational Cyber Security in Aviation (classroom / LIVE virtual classroom) provides participants with more in-depth skills to evaluate and mitigate the risk of cyber threats and protect critical systems, information, assets, and data in aviation. It provides a perfect platform for people wishing to extend and deepen their knowledge in aviation cyber security.
Find out more about the IATA Training opportunities and the upcoming sessions.
For more information
For more information about the IATA Aviation Cyber Security and how to get involved, please contact our team.