ATM Cybersecurity Policy Template

On March 8, 2021, CANSO published its Air Traffic Management Cybersecurity Policy Template to help states implement cybersecurity mechanisms and culture across entire ATM systems and security operations.

This document recommends the implementation of best practices based on a list of reference documents and provides a list of requirements to aviation stakeholders such as Civil Aviation Authorities, Air Navigation Service Providers, Airports Operators and any other aviation organization that is part of the State Aviation System to ensure the implementation of cybersecurity procedures and best practices.

This document has been written in cooperation with ICAO and Airbus.

For this occasion, we would like to share 4 mindmaps with our followers synthetizing information from the following documents. A complete description of these regulatory papers is explained in our Digest on Regulations.

  • IATA Civil Aviation Cybersecurity Regulatory landscape
  • IATA’s Aviation Cyber Security Position Paper
  • ICAO’s Assembly Resolution A40-10
  • ICAO’s Aviation Cybersecurity Strategy

2021 witnessing the start of cybersecurity onboard

Readers of the Aerospace Cybersecurity Market Intelligence report, Edition 2020, may recall one of our forecast indicating that the cybersecurity will be more and more present inside the aircraft.

One of the expected trends is the development of onboard security enabling secure communications within the aircraft. To date, the cybersecurity of inflight systems (such as aircraft IFE or IFC) was directly taken care of by legacy equipment providers. With the development of cyberthreats, airlines are foreseen to consider third party cybersecurity suppliers to protect aircraft communication. The installation of dedicated cybersecurity equipment has already been witnessed in business and military aviation.

This forecast was built based on a set of interviews with airlines from regional players to major international players. Recent patent publications from aircraft manufacturers seems to validate this forecast. In particular, we decided to take a detailed look at the last Boeing’s patent filled in June 2019 and which has just been published in December 2020. In this patent, Boeing describes a method for obfuscating the network mapping of the aircraft to passengers through the use of a dedicated network module. This methods presents to the passenger an artificial and dynamic network mapping and is particularly useful to impede any network reconnaissance from a ill-intended passenger.

Our next quarterly digest, to be published at the end of Q1, will provide a complete review of all the relevant patents on aircraft cybersecurity.

Find an excerpt below. Stay connected.

Aerospace Cybersecurity timeline

Did you miss our presentation during the Aircraft Commerce conference ? 2020 was definitively a busy year from the defense and the attack side.

Find out our 2020 timeline for the first 3 quarters of 2020. It seems that Q4 was even more busy with the publicly revealed cyberattacks on: Falcon, IndiGo, Embraer, Leonardo or Kopter…

Find the details of all attacks publicly revealed in Q4 in our last Quarterly Digest.

Quarterly Digest for Q4 is out !

In this quarterly digest, we make a retrospective of the year 2020 which was definitively a busy year when considering the number of attacks on aerospace stakeholders 🏃‍♀️

In particular, during this last quarter, a significant number of attacks on aerospace stakeholders have been made publicly available. You will find 5 pages of noticeable facts within this digest.

Also we wanted to share our experience on a vulnerability disclosure process which we have followed and which didn’t prove convincing so far. However we hope that things will improve soon…👍

Here is the agenda for the digest:

I.Retrospective of the year 2020

  • Evolution of the cyberthreat level
  • Evolution of the information sharing landscape
  • Evolution of embedded security

II.Threat Intelligence

  • Noticeable facts of Q4 2020 (1/5)
  • Noticeable facts of Q4 2020 (2/5)
  • Noticeable facts of Q4 2020 (3/5)
  • Noticeable facts of Q4 2020 (4/5)
  • Noticeable facts of Q4 2020 (5/5)

III.Food for thoughts

  • Feedback on a vulnerability disclosure process

If you missed CyberInflight’s presentation during the Aircraft Commerce Virtual Conference in Nov. 2020, the presentation slides are included as part of this digest.

Quarterly Digest Service

CyberInflight has just launched its Quarterly Digest Service 💡

This subscription allows you to receive a 15-pages consulting report every 3 months on the recent aerospace cybersecurity news, each digest diving into a specific topic 🔍

Subscribers can be active readers by voting and suggesting the topics to be addressed in the coming digests✋

300 followers on LinkedIn

Some achievements since the previous milestone:

✅ Cybersecurity awareness training for a national carrier
✅ Bespoke consulting missions
✅ Presentation during the Aircraft Commerce conference
✅ Launch of a new cyber-intelligence product
✅ Starting collaboration with an information sharing association
💡 and more to announce by the end of the year…

Thanks for your confidence and your support !

CyberInflight at the Aircraft Commerce Virtual Conference & Expo 2020

The Aircraft Commerce Virtual Conference will take place between the 16 and 20 of November 2020. This five-day live digital event replaces and brings to life three popular Aircraft Commerce conferences that had been planned for 2020:

Event One: Airline & Aerospace MRO & Flight Operations IT Conference – Global
Event Two: Connecting Aircraft & Passenger Conference and Expo
Event Three: Flight Operations Conference

On day 4, November 18, within the Connected Aircraft & Passenger Conference specialized track, CyberInflight will present some of its findings from a year of market research, consulting missions and training seminars. The 30 minutes presentation will tackle topics such as the evolution of the threat level in 2020, the evolving regulatory framework, the nascent relationship between the industry and the researcher community, or the increasing interest in embedded aircraft security. CyberInflight will also reveal some of its latest findings of some obvious weak information security implementation made by some stakeholders to protect sensitive intellectual property. CyberInflight will discuss lessons to be learnt and roadblocks preventing the industry to reach a potentially stronger maturity level. If you would like to know more, join us during the conference “Cyber Risk & Cyber Resilience in Aviation: A retrospective of the year 2020” during the Aircraft Commerce Virtual Conference.

Link to register to the conference.

CyberInflight would like to thank the organization of the Aircraft Commerce Virtual Conference & Expo for their hard work in organizing such an outstanding event in this difficult period of time.

Cyber-incident timelines

Did you miss CyberInfligh’s timelines of cyber-incident on airlines and airports ?

Find below a quick snapshot of our “Aerospace Cybersecurity Market Intelligence Report, Edition January 2020”. These are timelines until January 2020. More to come in the coming months with the next edition of the research report and the evolution of the threat level during the year 2020, which was particularly interesting.

Do not forget that you can help us identify key topics you would like to be addressed in the next edition of the report. We would be happy to get your thoughts and suggestions at contact@cyberinflight.com.

Quarterly Digest for Q3 is out !

Here is a snapshot of CyberInflight’s Quarterly Digest. For this edition, we have set the focus on the topic of aerospace cybersecurity regulations. Some significant steps, from IATA in particular, have been taken lately which are worth digging into.

This digest aims to help you get a broader and updated vision of the current regulatory landscape and extract the core information from this vast topic, through the use of mind-maps in particular.

Feedback/suggestions/comments at : contact@cyberinflight.com

Table of Content:

I. Regulatory framework

  • ICAO’s Cybersecurity Strategy
  • ICAO’s Assembly Resolution A40-10
  • IATA’s Aviation Cyber Security Position Paper
  • IATA’s Compilation of Cyber Security Regulations, Standards, and Guidance -Takeaways on the current regulatory framework
  • Takeaways on the current regulatory framework

II. Threat Intelligence

  • Noticeable facts for Q3 2020 (1/3)(2/3))(3/3)

III. Food for thoughts

  • On the importance of quality information sharing