Aviation Cybersecurity

Publications

The IATA Aviation Cybersecurity Library

• Cybersecurity Risk Assessment Guidance Material (CRAGM): a minimal and viable cybersecurity risk assessment approach and guidelines for operators.
• Cybersecurity Supply Chain Oversight Guidance Material (CSCOGM): guidance to operators on cybersecurity best practices and aviation-specific supply chain activities.

> Purchase the IATA Aviation Cybersecurity Library

Aviation Cybersecurity Guidance Material

This document was developed in 2021 with IATA members: 

• Part 1: Organization Culture and Posture
• Part 2: Aircraft operations and risk management.

> Free copy of the aviation cybersecurity guidance document

Compilation of Cybersecurity Regulations, Standards & Guidance Applicable to Civil Aviation

Overview on regulations, standards, and guidance related to aviation cybersecurity (2022).

> Compilation of Cybersecurity Regulations, Standards, Guidance for Civil Aviation (pdf) 

Security Management System (SeMS) Manual 

The SeMS Manual provides guidelines over a data-driven cyber security governance, management, and responsibilities; cyber security culture, awareness, and training; cyber security risk management; and risk management.
> Purchase the Security Management System (SeMS) Manual 

IATA Cybersecurity Day

IATA Cybersecurity Day brings together international cybersecurity experts from IATA Member Airlines, Strategic Partners, aviation stakeholders, regulators and researchers to discuss pressing challenges, share best practices, and foster collaboration in safeguarding the aviation ecosystem against evolving cyber threats.

This by-invitation-only one-day event will be held on 29 October 2025 in Geneva, Switzerland. It will feature presentations, panel discussions, and interactive roundtable, providing a unique environment for all stakeholders to gain clarity on industry priorities and needs, as well as raise awareness and promote knowledge sharing.

Attendance is complimentary for both Airlines and Strategic Partners, but spaces are limited. We kindly encourage you to register at your earliest convenience to secure your spot.

Why to attend

• Engage in insightful discussions with industry experts about current and future cybersecurity challenges in aviation.
• Gain new knowledge and perspectives on aviation cybersecurity.
• Participate in activities designed to foster information sharing and raise awareness of emerging cybersecurity concerns.
• Bridge the gap between theoretical and practical aspects of cybersecurity.
• Network with peers and a community of cybersecurity experts.

Who should join

• Airlines, Airports, Air Navigation Service Providers (ANSPs)
• Original Equipment Manufacturers (OEMs) and System Suppliers
• Cybersecurity Subject Matter Experts
• Regulators and Civil Aviation Authorities
• Academia and Researchers

You are welcome to contribute to the development of the program by offering topics. Should you need more information, please contact avcysec@iata.org.

3CTX Open Forum

The IATA Aviation Cyber Threat eXchange (3CTX) Open Forum is a biannual workshop (by invitation only) that tackles the industry's cybersecurity challenges based on the selected and specific theme. This very interactive workshop promotes also knowledge and information exchange between IATA’s members and partners, industrial and academic researchers through a trusted cybersecurity community.

The overall goal of the 3CTX Open Forum is two-fold: firstly, to bring cybersecurity experts closer to civil aviation and, secondly, to increase their knowledge of the civil aviation ecosystem.
 
IATA organized to date six editions of 3CTX Open Forum addressing the following themes:

• Coming Cyber Challenges and Risk of the Supply Chain (2021)
• Cybersecurity Risk Assessment in Aviation (2022)
• International Incident and Crisis Management (2023)
• 3rd Party Cybersecurity Assurance Program (2024)

Other References

• IATA Aviation Cybersecurity Roundtable Readout (2019) (pdf)

Strategic Partners

The Aviation Cyber Security Strategic Partnership  package was launched in 2021 to start exchanging and collaborating with cyber security organizations and Subject Matter Experts (SMEs). Find out more about the Strategic Partnership program and consult the current list of partners in the Directory of Strategic Partners.

International Collaboration

IATA is involved in the aviation cybersecurity work at ICAO, including the Cybersecurity Panel (CYSECP), currently contributing to the Working Group on Cybersecurity Threat and Risks (WGCTR), and Working Group on Cybersecurity Guidance Material (WGCGM). IATA will continue to support the revision of the ICAO Cybersecurity Action Plan (CyAP), as well as establishing the roadmap over the revision of the ICAO Annexes and documents relative to cybersecurity. Another area of involvement falls under the ICAO Trust Framework Panel (TFP), where IATA follows the work of the following groups: Identity Management, Information Security and Trust Framework Considerations.

IATA is also part of the EUROCAE WG-72, supporting the development of multiple industrial standard documents.

Training

Aviation Cyber Security

This 3-day IATA Aviation Cyber Security Training (classroom / LIVE virtual classroom) helps build a strong aviation cyber security workforce and teaches the current aviation personnel how to recognize and manage cyber risks for increased vigilance and resilience.

Operational Cyber Security in Aviation

This 3-day IATA Operational Cyber Security in Aviation (classroom / LIVE virtual classroom) provides participants with more in-depth skills to evaluate and mitigate the risk of cyber threats and protect critical systems, information, assets, and data in aviation. It provides a perfect platform for people wishing to extend and deepen their knowledge in aviation cyber security.

Find out more about the IATA Training opportunities and the upcoming sessions.