The global digital infrastructure underpins almost every facet of life today. This is leading towards a paradigm shift in information exchange. What makes this shift particular is not only the rapid technological development, but also the unprecedented level of global interconnectivity of systems and networks.
The world has been witnessing a steady increase in cyber-attacks against all sectors. Aviation has been no exception, being characterized by its extensive interconnectivity and complexity, its high level of media exposure, and its critical role in the socio-economic development of States.
Over the years, and in line with the continuous growth of demand for air transport, the civil aviation sector went through several digital transformations aimed at leveraging the power of technology to enhance the sector's efficiency and capacity. This allowed it to sustain fast growth rates while remaining safe and secure. However, these digital advances exposed the sector to cybersecurity threats across all stakeholders, where a successful cyber-attack might have negative impacts on financials, reputations, continuity of services, and even on the safety and security of people and facilities.
The civil aviation sector is global by nature, and so is the interaction of systems and data flows that transcend national borders and individual organizations. As such, holistically addressing cyber threats and risks against civil aviation must build on a global framework that is founded on cooperation and collaboration between States and all concerned stakeholders.
Therefore, the International Civil Aviation Organization (ICAO) is the ideal forum for the international air transport community to develop international cooperation so that efforts to address aviation cybersecurity are consistent, harmonized, inclusive of all aviation domains, and in line with international civil aviation priorities.
ICAO's work on aviation cybersecurity began in the 2000's. As the civil aviation sector's reliance on technology increased over time, ICAO initiatives and discussions also evolved to cover the whole air transport sector.
In that regard, ICAO's work on aviation cybersecurity is comprehensive and complex. It includes:
- Developing Standards and Recommended Practices (SARPs) (Standard 4.9.1 and Recommended Practice 4.9.2 in Annex 17 – Aviation Security to the Convention on International Civil Aviation (the Chicago Convention));
- Developing procedures and guidance material;
- Ensuring the international air law framework is adequate to address cyber-attacks against civil aviation;
- Raising awareness in different fora on the importance of addressing cybersecurity in civil aviation;
- Supporting aviation cybersecurity discussions on the national, regional, and global levels; and
- Developing aviation cybersecurity capacity building and implementation support initiatives for States and the wider aviation community.
The importance of addressing cyber threats against civil aviation was further highlighted by the adoption of two ICAO Assembly resolutions: Resolution A39-19 – Addressing Cybersecurity in Civil Aviation of 2016, superseded in 2019 by Resolution A40-10 – Addressing Cybersecurity in Civil Aviation, which:
- recognized that cybersecurity risk could simultaneously affect a wide range of civil aviation areas, including aviation safety, security, and efficiency;
- recognized the need for aviation cybersecurity to be globally harmonized;
- urged States to adopt and implement the Beijing Convention 2010 (Convention on the Suppression of Unlawful Acts Relating to International Civil Aviation) and the Beijing Protocol 2010 (Protocol Supplementary to the Convention for the Suppression of Unlawful Seizure of Aircraft) as means for dealing with cyber-attacks against civil aviation;
- called upon States and stakeholders to take action to counter cyber threats against civil aviation; and
- called upon States to implement ICAO's Aviation Cybersecurity Strategy, which was adopted by the 40th ICAO Assembly.