Guidance Material
ICAO continues to develop guidance material to further support States and stakeholders address cybersecurity in civil aviation and implement their obligations in ICAO Standards and Recommended Practices related to aviation cybersecurity.To date, the following guidance material has been published by ICAO:
- Chapter 18 in the ICAO Aviation Security Manual (Doc 8973 – Restricted): The chapter provides guidance to States in implementing their obligations related to Standard 4.9.1 in Annex 17 – Aviation Security.
- Relevant material in the Air Traffic Management Security Manual (Doc 9985 – Restricted): The ATM Security Manual provides a holistic approach to security in the ATM environment, combining guidance on physical security and cybersecurity elements.
- Cyber Information Sharing: This document provides guidance to States and industry stakeholders on developing and implementing a plan to share cyber information, including recommendations on setting policy, resources and practical steps towards the implementation and continuous improvement of sharing practices. It includes updated information on Traffic Light Protocol and supersedes the previously published ICAO Guidance on Traffic Light Protocol.
- Cybersecurity Policy Guidance: This guidance material addresses the protection and resilience of international civil aviation's critical infrastructure against cyber threats, and the multilateral collaboration requirement within civil aviation as well as with external authorities such as military, cybersecurity, and national security authorities. The material further contains a template to support the development of an aviation cybersecurity policy on the national level.
- Cybersecurity Culture in Civil Aviation: This guidance material builds on civil aviation's track record in implementing successful and effective aviation safety and aviation security cultures, combines relevant elements from both cultures, and augments them with aviation cybersecurity specific elements, with the aim to support the design and implementation of a robust organizational cybersecurity culture in civil aviation.