The ICAO Secretariat Study Group on Cybersecurity (SSGC) was established in August 2017 to advance the policy work on aviation cybersecurity. Between 2017 and 2021, the SSGC supported the work on the development of the ICAO Aviation Cybersecurity Strategy, the Cybersecurity Action Plan, and guidance material. In addition, the SSGC conducted a review on the adequacy of international air law instruments to address cyber-attacks against civil aviation, which was submitted to the ICAO Legal Committee for its consideration.
In 2019, ICAO established the Trust Framework Study Group (TFSG) to advance the work on the International Aviation Trust Framework, which took place between 2019 and 2022.
In 2021, the ICAO Council adopted a new governance structure for cybersecurity in ICAO, in order to ensure the convergence of all aviation cybersecurity initiatives undertaken by the different expert groups in ICAO into a unified aviation cybersecurity work programme, hence enhancing the accountability, transparency, efficiency, and coordination of ICAO's work on these topics. The new governance structure evolves the SSGC into a Cybersecurity Panel reporting to the Council's Aviation Security Committee, evolves the TFSG into the Air Navigation Commission's Panel structure, and establishes an Ad-hoc Cybersecurity Coordination Committee under the ICAO Council to coordinate all initiatives related to aviation cybersecurity in different ICAO Panels and expert groups.
In 2022, the Cybersecurity Panel (CYSECP) was established. The Terms of Reference of the CYSECP include the following:
- conduct periodic reviews of the Aviation Cybersecurity Strategy and Cybersecurity Action Plan, in coordination with the relevant expert groups, and submit recommendations for the update of those documents to the Ad Hoc Cybersecurity Coordination Committee;
- undertake specific work in line with the Aviation Cybersecurity Work Programme, with the objective of developing provisions that may include Standards and Recommended Practices (SARPs) and/or procedures for the purpose of safeguarding civil aviation against cyber threats while giving due consideration to economic, operational and other impacts of such provisions;
- assess and report on the evolution of aviation cybersecurity threats and risks;
- provide advice to the Council through the Aviation Security Committee, as required;
- assist the Secretariat in the development and review of guidance material and technical requirements related to aviation cybersecurity; and
- work closely with the Ad Hoc Cybersecurity Coordination Committee, the Aviation Security Panel, and other ICAO technical bodies, as required.
Also in 2022, the Air Navigation Commission agreed to evolve the TFSG into the Trust Framework Panel (TFP). The Terms of Reference of the TFP include the following:
- develop, address and maintain provisions and guidance material to support globally harmonized frameworks enabling the trusted exchange of data and information amongst States, relevant stakeholders, airspace users, service providers and new entrants;
- ensure the needs and requirements of States, relevant stakeholders, airspace users, service providers and new entrants are duly considered in all deliberations, with a focus on converging to common integrated solutions and exploration of technological innovations;
- explore and define operational and efficiency drivers, requirements and benefits of trusted systems;
- develop governance principles, policies, procedures and requirements for establishing digital identities for a global framework that will support trusted exchange of information amongst States, relevant stakeholders, airspace users, service providers and new entrants, and to promote these concepts with all relevant stakeholders; and
- define a global architecture and principles for interconnecting networks allowing for scalable solutions applicable to stakeholders.
