Resources

 ICAO Resources

ICAO Home Page

ICAO A40-10 Cybersecurity Resolution

Civil Aviation Cybersecurity Action Plan

Declaration on Cybersecurity in Civil Aviation (Dubai Declaration)

Bucharest Communique

                                                                                                                                                                             

ICAO Assembly Resolution 40-10 – Addressing Cybersecurity in Civil Aviation

 

Assembly Resolution 40-10 supersedes Resolution A39-19 and:

 

1.       Urges Member States and ICAO to promote the universal adoption and implementation of the Convention on the Suppression of Unlawful Acts Relating to International Civil Aviation (Beijing Convention) and Protocol Supplementary to the Convention for the Suppression of Unlawful Seizure of Aircraft (Beijing Protocol) as a means for dealing with cyberattacks against civil aviation.

 

2.       Calls upon States and industry stakeholders to take the following actions to counter cyber threats to civil aviation:

a) Implement the Cybersecurity Strategy;

b) Identify the threats and risks from possible cyber incidents on civil aviation operations and critical systems, and the serious consequences that can arise from such incidents;

c) Define the responsibilities of national agencies and industry stakeholders with regard to cybersecurity in civil aviation;

d) Encourage the development of a common understanding among Member States of cyber threats and risks, and of common criteria to determine the criticality of the assets and systems that need to be protected;

e) Encourage government/industry coordination with regard to aviation cybersecurity strategies, policies, and plans, as well as sharing of information to help identify critical vulnerabilities that need to be addressed;

f) Develop and participate in government/industry partnerships and mechanisms, nationally and internationally, for the systematic sharing of information on cyber threats, incidents, trends and mitigation efforts;

g) Based on a common understanding of cyber threats and risks, adopt a flexible, risk-based approach to protecting critical aviation systems through the implementation of cybersecurity management systems;

h) Encourage a robust all-round cybersecurity culture within national agencies and across the aviation sector;

i) Promote the development and implementation of international standards, strategies and best practices on the protection of critical information and communications technology systems used for civil aviation purposes from interference that may jeopardize the safety of civil aviation;

j) Establish policies and allocate resources when needed to ensure that, for critical aviation systems: system architectures are secure by design; systems are resilient; methods for data transfer are secured, ensuring integrity and confidentiality of data; system monitoring, and incident detection and reporting, methods are implemented; and forensic analysis of cyber incidents is carried out; and

k) Collaborate in the development of ICAO's cybersecurity framework according to a horizontal, cross-cutting and functional approach involving air navigation, communication, surveillance, aircraft operations and airworthiness and other relevant disciplines.

                                                                                                                                                                              

 Other Resources

Use the dropdown menu to access publicly available cybersecurity information from States, international organizations and relevant stakeholders.

Select:
 


Glossary of Terms

Select:
 


Existing Aviation Information Sharing Platforms

 
The list is not exhaustive 

  

The information contained on this site originates from a wide range of actors and does not represent any endorsement or approval by ICAO. For more information, go to http://www.icao.int/Pages/Disclaimer.aspx

Share this page: