Lesson 1 – Topic 2: Regulatory Guidance

laptop, office, hand-3196481.jpg

IATA and ICAO, started with compliance for cyberspace, which means creating a program that establishes risk-based controls to protect the integrity confidentiality and accessibility of information stored processed or transferred. However, cybersecurity compliance is not based in a standalone protocol or regulation. ISO -27032 is the international standard offering guidance on cyber security management. It provides guidance on addressing a wide range of cyber security risks, including user endpoint security network security and critical infrastructure protection.

Aviation interacts with all facets of the cybersecurity guidance regardless of the corporation associated.

FAA Reauthorization Act-sites provisions regarding the unmanned aircraft systems-UAS cyber security.

IATA created the Cyber Security Toolkit, provides guidance related to cyber threats and risks, but it is an active project. “IATA is working on the subject from different angles.

These involve data security, understanding and promoting best practice in Enterprise Risk Management and solutions that will help to protect airlines from the financial consequences of cyber events.”

Website Resource: Airlines.IATA.org

The ICAO regulatory guidance is structured around Annex 17-4.9.1 , The Aviation Security Manual and the Aviation Cybersecurity Strategy, takes into consideration the multi-faceted and multidisciplinary nature of cyber security, as noted that cyber- attacks may rapidly affect a wide spectrum of areas.  The goal of the strategy is aligned with other ICAO activities relative to cyber security, as well as coordinated with the safety and security management provisions. This will be managed through the seven pillars:  the most important being governance, cybersecurity policy, incident management and emergency planning.