The global digital infrastructure underpins almost every facet of life today. This is leading towards a paradigm shift in information exchange. What makes this shift particular is not only the rapid technological development, but also the unprecedented level of global interconnectivity of systems and networks.
The world has been witnessing a steady increase in cyber-attacks against all sectors. Aviation has been no exception, being characterized by its extensive interconnectivity and complexity, its high level of media exposure, and its critical role in the socio-economic development of States.
Over the years, and in line with the continuous growth of demand for air transport, the civil aviation sector went through several digital transformations aimed at leveraging the power of technology to enhance the sector's efficiency and capacity. This allowed it to sustain fast growth rates while remaining safe and secure. However, these digital advances exposed the sector to cybersecurity threats across all stakeholders, where a successful cyber-attack might have negative impacts on financials, reputations, continuity of services, and even on the safety and security of people and facilities.
The civil aviation sector is global by nature, and so is the interaction of systems and data flows that transcend national borders and individual organizations. As such, holistically addressing cyber threats and risks against civil aviation must build on a global framework that is founded on cooperation and collaboration between States and all concerned stakeholders.
Therefore, the International Civil Aviation Organization (ICAO) is the ideal forum for the international air transport community to develop international cooperation so that efforts to address aviation cybersecurity are consistent, harmonized, inclusive of all aviation domains, and in line with international civil aviation priorities.
ICAO's work on aviation cybersecurity began in the 2000's. As the civil aviation sector's reliance on technology increased over time, ICAO initiatives and discussions also evolved to cover the whole air transport sector.
In that regard, ICAO's work on aviation cybersecurity is comprehensive and complex. It includes:
- Developing Standards and Recommended Practices (SARPs) (Standard 4.9.1 and Recommended Practice 4.9.2 in Annex 17 – Aviation Security to the Convention on International Civil Aviation (the Chicago Convention));
- Developing procedures and guidance material;
- Ensuring the international air law framework is adequate to address cyber-attacks against civil aviation;
- Raising awareness in different fora on the importance of addressing cybersecurity in civil aviation;
- Supporting aviation cybersecurity discussions on the national, regional, and global levels; and
- Developing aviation cybersecurity capacity building and implementation support initiatives for States and the wider aviation community.
The importance of addressing cybersecurity in civil aviation was further highlighted by the adoption of three ICAO Assembly resolutions: Resolution A39-19 – Addressing Cybersecurity in Civil Aviation of 2016, superseded in 2019 by Resolution A40-10 – Addressing Cybersecurity in Civil Aviation, and in 2022 by Resolution A41-19 – Addressing Cybersecurity in Civil Aviation.
The Resolutions include important clauses that, among others, recognize the interconnection between aviation cybersecurity with aviation safety, security, and efficiency. The past three ICAO Assemblies called for important issues to be addressed to ensure a cross-cutting, holistic approach to aviation cybersecurity on the national and international levels, including a focus on governance, collaboration, and cooperation in addressing this topic. The 41st ICAO Assembly continued to urge States to adopt and implement the Beijing Convention 2010 (Convention on the Suppression of Unlawful Acts Relating to International Civil Aviation) and the Beijing Protocol 2010 (Protocol Supplementary to the Convention for the Suppression of Unlawful Seizure of Aircraft) as means for dealing with cyber-attacks against civil aviation.