Guidance Material
ICAO continues to develop guidance material to further support States and stakeholders address cybersecurity in civil aviation and implement their obligations in ICAO Standards and Recommended Practices related to aviation cybersecurity.To date, the following guidance material has been published by ICAO:
- ICAO Global Cyber Risk Considerations (Doc 10213 – Restricted): The document provides guidance to States and stakeholders to harmonize cyber risk management in civil aviation. It comprises a methodology that supports integrating cyber risk management into aviation safety and security, and air navigation efficiency and capacity risk management processes along with implementation examples and references to relevant general cybersecurity standards related to cyber risk assessment.
The document also include a restricted section that provides a high-level description of cyber risks impacting civil aviation and a high-level categorization of cyber threats into aviation domains and disciplines that would provide a starting point to expand from on the national or organizational levels.This version of the document has not been edited yet formally by ICAO, and will be replaced in the coming weeks by the official English version. Additional languages will also follow after the publication of the English official version once available.
- Chapter 18 in the ICAO Aviation Security Manual (Doc 8973 – Restricted): The chapter provides guidance to States in implementing their obligations related to Standard 4.9.1 in Annex 17 – Aviation Security.
- Relevant material in the Air Traffic Management Security Manual (Doc 9985 – Restricted): The ATM Security Manual provides a holistic approach to security in the ATM environment, combining guidance on physical security and cybersecurity elements.
- Cyber Information Sharing: This document provides guidance to States and industry stakeholders on developing and implementing a plan to share cyber information, including recommendations on setting policy, resources and practical steps towards the implementation and continuous improvement of sharing practices. It includes updated information on Traffic Light Protocol and supersedes the previously published ICAO Guidance on Traffic Light Protocol.
- Cybersecurity Policy Guidance: This guidance material addresses the protection and resilience of international civil aviation's critical infrastructure against cyber threats, and the multilateral collaboration requirement within civil aviation as well as with external authorities such as military, cybersecurity, and national security authorities. The material further contains a template to support the development of an aviation cybersecurity policy on the national level.
- Cybersecurity Culture in Civil Aviation: This guidance material builds on civil aviation's track record in implementing successful and effective aviation safety and aviation security cultures, combines relevant elements from both cultures, and augments them with aviation cybersecurity specific elements, with the aim to support the design and implementation of a robust organizational cybersecurity culture in civil aviation.