Cybersecurity and Trust Framework
Aviation is a safety-critical business. The air navigation system is becoming more complex due to the continuous growth of air traffic and the emergence of “new entrants” with significantly different operational characteristics and needs. To manage this complexity and improve the safety and efficiency of flight operations, the air navigation system must transform, as reflected in the Global Air Navigation Plan, and build upon the use of emerging technologies, connectivity and digital information exchange to increase integration, automation and cost effectiveness.
Cyber threats are a growing global concern. To protect the safety of flight operations from these threats and ensure business continuity, the more integrated and automated air navigation system should continue to provide for trusted information exchanges on a global basis. This means that in a digital environment, communication parties should be able to identify themselves mutually and the information exchanged should not be able to be modified by unauthorized parties.
To assist the Secretariat in the development of a globally harmonized international aviation trust framework for exchange of information in a digitally connected environment, following Recommendation 5.4/1 – Cyber resilience from AN-Conf/13, the Air Navigation Commission (ANC), at the ninth meeting of its 210th Session on 14 March 2019, authorized the establishment of a study group. The Trust Framework Study Group (TFSG) was established in April, held its first meeting in Montréal, Canada from 6 to 10 May 2019, and agreed to develop the work through three working groups: operations, digital identity and network. Since then, the working groups have progressed the development of policy and guidance material for a global and interoperable aviation trust framework that will enable trusted ground-ground, air-ground and air-air exchange of information among all current and prospective aviation stakeholders. In particular, the groups are reviewing the concept of operations, defining use cases, developing a digital certificate policy and identifying the security and access control requirements to a global resilient aviation interoperable network.