Information security and ICT management
Update on the Information Security Roadmap 2020–2022
The Information Security Roadmap 2020–2022 took into consideration recommendations from multiple audits conducted in 2021, including the internal audit by the Office of Internal Oversight (OIO), external audit of the Swiss Federal Audit Office, and audits in information security, IT governance and strategic IT management. The Roadmap also took into consideration the recommendations of the Joint Inspection Unit and United Nations Digital Technology Network in the area of cybersecurity, to ensure that the Organization continued to protect its informational assets and address cybersecurity challenges and threats.
The Roadmap was continuously updated to incorporate findings from audits and risks assessed by Information Security throughout the year. The work began to deliver results, in collaboration with the internal information security team and Roadmap Implementation Partner, by the end of the second quarter of 2021. The objective of the Roadmap is to move ICAO’s Information Security posture to the minimum target of 2.5 on the Capability Maturity Model Integration (CMMI) Maturity level. All the work is based on industry-standard ISO/IEC 27001:2013 and the NIST Cybersecurity Framework.
At the end of 2021 and despite the COVID-19 crisis, the Roadmap Implementation team successfully delivered milestone #1 as planned, and completed several items of the different other milestones that were worked upon simultaneously. Strengthening the Organization’s cybersecurity on the perimeter was prioritized, and all perimeters’ defense was reviewed and worked upon. A detailed Business Impact Analysis was conducted with all Bureaus and Offices, at Headquarters and Regional Offices, to assess and discover the business processes, informational assets, information systems necessary to conduct the local businesses processes and to update the key metrics in use in the Business Continuity Plan.
The progress of the Roadmap’s implementation is monitored by senior management according to the defined programme governance and closely followed and audited by the OIO and SFAO.
Information and Communication Technology (ICT) management
In line with the Council’s recommendation, the Information and Communication Technology (ICT) strategy and five-year plan were presented to the SFAO and United Nations International Computing Center (UNICC) for evaluation and recommendations. The findings and recommendations are to be incorporated into a revised strategy and five-year plan, which will be presented to the Council for endorsement and funding considerations in the 2022–2025 triennium budget. An agreement was concluded with UNICC to work with leading ICT industry partners, in order to facilitate the exercise.
The assessment and preparatory activities to migrate email services for resident Delegations has been concluded.
Activities also included major infrastructure upgrades such as the replacement of the core switches and WiFi at headquarters and upgrades to the database platforms and data centre at headquarters. The data centres, servers and network connectivity of all Regional Offices were integrated under the One-ICAO project.
During the course of 2021, ICT provided support for three major events: the ICAO DRONE ENABLE Symposium 2021; the High-Level Conference on COVID-19 (ICAO’s first virtual conference); and the ICAO Air Services Negotiation Event (the Organization’s first hybrid event). ICT implemented the platforms and provided web publishing services as well as support for the use of communication tools. Several web portals, specifically the Council secure website, received additional functionalities, and select Council documentation was added to ICAO’s public website. A number of enterprise applications received updates, further strengthening the Organization’s security posture, while additional corporate applications were developed to support pandemic-specific business functions.
Major business intelligence initiatives were undertaken, including to support the Global Reporting Format for runway surface conditions (GRF) and next version of the integrated Safety Trend Analysis and Reporting System (iSTARS). ICAO’s Enterprise Resource Planning (ERP) system was further enhanced to enable the reporting of automated human resources processes and for the expansion of finance processes to ease workflow and approval processes.
Notable developments of 2021 included: progress on the Global Aviation Training (GAT) Section’s training platform; the expansion and improvement of the TRAINAIR PLUS Electronic Management System; the creation of new Implementation Packages (iPack); developments in the area of instructional systems design; the commencement of work on the Training Needs Analysis System; developments to the ICAO Carbon Emissions Calculator (ICEC); and the approval of the launch of the Carbon Offsetting and Reduction Scheme for International Aviation (CORSIA) tool, and its validation. Work was also completed on the ICEC Application Programming Interface (API), and the launch of the API and CO2 Estimation and Reporting Tool (CERT) standalone application was approved.
The Web-based Aeronautical Agreements and Arrangements Registry (WAGMAR) received several major upgrades and improvements. Following the successful launch of the new Oracle-based United Nations recruitment platform Inspira, performance and education modules were assessed for integration at ICAO. The new and improved 3LD system reached major milestones including data migration, document generation and approval workflows. Several business applications including the ICAO OPS Control directory (OPS CTRL) and Integrated Work Programme (IWP) received major upgrades and developments, and work was carried out with respect to electronic Air Navigation Plans (eANPs).
