The European Strategy for Cybersecurity in Aviation · Contingency and Emergency Response Plan Beg 2018 Mid 2018 Beg 2019 Mid 2020 Investigation, Analysis, Feedback Certification

www.stac.aviation-civile.gouv.fr

Direction générale de l’Aviation civile - Service technique de l’Aviation civile 1

Direction Générale de

l’Aviation Civile

The European Strategy

for Cybersecurity in

Aviation


Direction générale de l’Aviation civile - Service technique de l’Aviation civile

My first Ideas on an ESCP Strategic

Approach

2

Contingency &

Emergency Response

Planning

Development

Cycle

Cybersecurity by

Design

States

Operators

Manufacturers

European Bodies

ICAOResponsibilities

Awareness

Cyberculture

Articulating with

NIS

Horizontal Rule-

making

Combining

Cyber& Safety

Trust framework

Information

Sharing

Reporting

Competence

Building

Change

Management

Best Practices

Investigation,

Analysis,

Feedback



A possible ESCP Roadmap

3

Horizontal Rule-Making

CAA Awareness Campaign

Articulating with NIS

Defining Responsibilities

EU Civil Aviation Trust Framework

Combining Cyber & Safety

Cyberculture Competence Building

Information Sharing

Reporting

Change Management

Development Cycle

Cybersecurity by Design

Contingency and Emergency Response Plan

Beg 2018

Mid 2018

Beg 2019

Mid 2019

Beg 2020

Mid 2020

Investigation, Analysis,

Feedback

Certification

Processes

??

Elements for Strategy Framework

• RMT.0720: Develop a cybersecurity regulatory framework covering the different

domains

• RMT.0648: Introduce cybersecurity provisions in certain Certification Specifications

• Info Sharing: Establishment of a European Centre for Cyber Security in Aviation

(ECCSA)

• Research/Studies: Develop a vulnerability DB collecting, maintaining, and

disseminating information about discovered vulnerabilities targeting major transport

information systems. 21st Feb 2018 4

The strategy will include, among others, actions in the following areas: Information sharing Research and studies Event investigation and response Knowledge and competence building International cooperation and harmonization Regulatory activities and development of Industry Standards

charter/EPAS_2018-2022 v2.2.8 for MB.pdf

charter/EPAS_2018-2022 v2.2.8 for MB.pdf

The ESCP Strategy Structure

5



Future Systems: Key Role of Information

Management

Block 1Block 0 Block 2 Block 3



We need a real Global Strategy for

Cyber !!

To be integrated in all activities

Data Communication

Detailed path to convergence

Information Management

Need for an overall Global Strategy

Governance issues

Regional or Sub-regional Services

Modularization of Enabler Roadmaps

Detail the path for convergence

7

ATN

B1

ATN

B2++

IP

FAN

S

ATN

B2

OS

IVDL 2

LDA

CS

?

Physical Layers

Network

Message Set

Applications

Cyb

er P

rote

ctio

n

Freq

uen

cy S

pec

tru

m

Cyber shall be part of the

Data Link Strategy



Buy, Train, Operate: 5 Y

Timeliness and Multiple Actors

8

Performance of the aviation system depends from the capacity of actors to act in cohesion

4 December 2018 8

State A/O

ANSPAPT

Performance

Cost

Aircraft Manufacturing: 15 Y+ 30Y life time

Rule Making process: 2 Y



A real need for a coordinated Approach

Actions from all for a global or common benefit



The Global Regulatory Context

9



Working together is needed!

10

• ICAO

• EASA European Strategic Coordination Platform

• DG Move, ECAC

• ENISA

• Industry Standards

• National Security Agencies

Global Standardization Roadmap and

a Global and interoperable Approach!!!

4 December 2018 10



What is for me in the ESCP Strategy?

11

Strategic Implementation

ESCP Strategy

COMPREHENSION

MY SITUATION

?

Actions and

Evolutionary Steps

IDENTIFICATION National

Plan

!!

Return of Experience

Cyber

Performance



Thank you for your attention

Documents

The European Strategy for Cybersecurity in Aviation · Contingency and Emergency Response Plan Beg 2018 Mid 2018 Beg 2019 Mid 2020 Investigation, Analysis, Feedback Certification