Aviation Cyber Security | IATA’s Role & ICAO Strategy

Aviation Cyber Security


Aviation industry, widely known to be safe and reliable, it is quickly moving on to embracing technology at a fast pace. Comforts, using technology & communication systems, are now a reality. Telecom connectivity, internet access, bring your own entertainment are now available in the skies during air travel. Along with the comforts many airlines bring to its customers, this technology introduces a new set of risks that needs to be managed to ensure that the safety and reliability of the aviation sector is not compromise.


The aviation industry is increasingly reliant on the availability of information and communications technology systems, as well as on the integrity and confidentiality of data. The threat posed by possible cyber-attack to aviation industry is continuously evolving, with threat actors focusing on malicious intents, disruptions of business continuity and the theft of information for political, financial or other motivations.

Aviation Ecosystem Entities

The aviation ecosystem is a large and complex international entity with many stakeholders. It consists of airplane manufacturers and air carriers, their employees, customers, suppliers, and vendors; other aviation-related companies; standards-making bodies, regulators, domestic and international research and policy-making bodies, and other aviation-related organizations; aviation-related products and equipment, such as airplanes and airplane components and systems; air traffic control , personnel, equipment, and systems; communication systems among the various parties; and other aviation-related items.

Aviation Cyber Security Definition

Aviation cyber security may be considered as the convergence of people, processes, and technology that come together to protect civil aviation organizations, operations, and passengers from digital attacks. Therefore, the aviation cyber security pertaining to the overall environment that interconnects and interacts throughout the entire lifecycle of the aircraft (i.e., design, certifications, operations, and maintenance).

Last Cyber Attack on Airlines

On May 22, 2021, last month, the BBC reported that Air India had been subjected to a cyber-attack on its data servers that affected about 4.5 million customers worldwide. Passengers' private details including passport and ticket information as well as credit card details were compromised. It was not clear who was behind the attack.

The cyber-attacks on airlines results in high costs. In 2018, British Airways was subjected to a cyber-attack, and in 2020, British Airways was fined 20 million pounds ($26 million) for a data breach that affected more than 400,000 customers.

In light of the continuing cyber-attacks on the civil aviation sector, it is possible to intervene in acts of sabotage that lead to serious security disasters that lead to great human and material casualties.

IATA’s Role on Aviation Cyber Security

It can be challenging for the airline industry to drive a positive cyber security change, increase transparency, and make appropriate, risk-based decisions on cyber security. Through leadership and acting now, IATA can positively shape the nature of ‘how’ the industry responds to the aviation cyber security challenge. IATA will be in a strong position to drive the harmonization of aviation cyber security regulations, approaches, and risk management for its members and the wider industry, this will lead to reduced complexity, better awareness of risk, efficiencies, and increased international resilience.

ICAO’s Vision for Global Aviation Cyber Security

ICAO believes that the civil aviation sector is resilient to cyber-attacks and remains safe and trusted globally, whilst continuing to innovate and grow.

To address cyber threats and ensure the civil aviation industry is resilient to cyber-attacks as well as remains safe and trusted at a global level,  the ICAO Aviation Cybersecurity Strategy was endorsed in October 2019.

The Aviation Cyber Security Strategy aligns with other cyber-related ICAO initiatives, and coordinated with corresponding safety and security management provisions.

With the same concerns, IATA strongly supports the position of ICAO as the most appropriate organization to drive coherent global dialogue and action on Aviation Cyber security.

ICAO Aviation Cyber Security Strategy

ICAO has a strong belief, it is sure that the strategy’s aims will be achieved through a series of principles, measures and actions contained in a framework built on seven pillars ( I will give you a short summary for each pillar):

1. International cooperation

With the aim of protecting the civil aviation sector from all cyber threats to safety and security. ICAO belief that the aviation cyber security needs to be harmonized at the global, regional and national levels in order to promote global coherence and to ensure full interoperability of protection measures and risk management systems.

2. Governance

ICAO beliefs that all its Member States are encouraged to support and build upon the ICAO Aviation Cybersecurity Strategy, to ensure the safety, security and continuity of civil aviation in a world increasingly jeopardized by cyber security threats.

Furthermore, Member States are encouraged to include cyber security in their national civil aviation safety and security programs.


3. Effective legislation and regulations

Member States must ensure that appropriate legislation and regulations are formulated and applied, in accordance with ICAO provisions, prior to implementing a national cybersecurity policy for civil aviation. Further

development of appropriate guidance for States and industry in implementing cybersecurity related provisions is necessary. To this end, ICAO is committed to create, review and amend, as appropriate, guidance material relating to

the inclusion of cybersecurity aspects to security and safety.


4. Cybersecurity policy

Cybersecurity is to be included within a State’s aviation security and safety oversight systems as part of a comprehensive risk management framework.


5. Information sharing

The need for sharing of information between contacting states, on such aspects as vulnerabilities, threats, events and best practices, through established and trusted relations can reduce the impact of ongoing attacks. Appropriate information sharing mechanisms must be recognized, in line with existing ICAO provisions.

6. Incident management and emergency planning

There is a need, in line with existing incident management mechanisms, to have appropriate and scalable plans that provide for the continuity of air transport during cyber incidents. It is recommended that States and the aviation sector make use of existing contingency plans that are already developed and amend these to include provisions for cyber security.

7. Capacity building, training and cyber security culture

The human element is at the core of cyber security. It is critically important that the civil aviation sector takes tangible steps to increase the number of personnel that are qualified and knowledgeable in both aviation and cyber security. This can be done by increasing awareness of cyber security, as well as education, recruitment and training. Curricula relevant to cyber security, and – where practical – aviation-specific cyber security at all levels should be included in the national educational framework as well as in relevant international training programs.

Innovative ways to merge and crosslink traditional information technology and cyber career paths with aviation relevant professionals should be pursued.


Achieving ICAO Aviation Cyber Security Strategy can be  through:

Member States recognizing their obligations under the Convention on International Civil Aviation (Chicago Convention) to ensure the safety, security and continuity of civil aviation, taking into account cyber security; coordination of aviation cyber security among State authorities to ensure effective and efficient global management of cybersecurity risks, and all civil aviation stakeholders committing to further develop cyber resilience, protecting against cyber-attacks that might impact the safety, security and continuity of the air transport system.

Further reading:

-       ICAO Cyber Security Strategy, October 2019

Maged Saeed AL-Hadabi

I’m Instructor / Maged Saeed Al-Hadabi. ​ Air Cargo / IATA Dangerous Goods Regulations / Safety Management System Senior Instructor, Auditor [ Yemen Airways] . Approved IATA DGR/ SMS Instructor by Yemen Civil Aviation Authority. We hope you find Aviation Professional website not only informative, but interesting and helpful as well.

Previous Post Next Post

Contact Form