Need Help?
Aviation Cyber Security - maintaining safe, secure, and resilient operations - is a top priority for aviation.
Technology and digitization bring many advantages to aviation, but also create challenges in managing cyber vulnerabilities in this complex environment. The airline industry is an attractive target for cyber threat, from stealing value in data or money to causing disruptions and harm.
Through leadership and acting now, IATA supports shaping the nature of how the industry responds to cyber security challenges.
Policy Position on Aviation Cyber Security
Need Help?
Need Help?
Publications
The IATA Aviation Cyber Security Library
- Cybersecurity Risk Assessment Guidance Material (CRAGM): a minimal and viable cybersecurity risk assessment approach and guidelines for operators.
- Cybersecurity Supply Chain Oversight Guidance Material (CSCOGM): guidance to operators on cybersecurity best practices and aviation-specific supply chain activities.
> Purchase the IATA Aviation Cyber Security Library
Aviation Cyber Security Guidance Material
This document was developed in 2021 with IATA members:
- Part 1: Organization Culture and Posture
- Part 2: Aircraft operations and risk management.
> Free copy of the aviation cyber security manual
Compilation of Cyber Security Regulations, Standards & Guidance Applicable to Civil Aviation
Overview on regulations, standards, and guidance related to aviation cyber security (2022).
> Compilation of Cyber Security Regulations, Standards, Guidance for Civil Aviation (pdf)
Security Management System (SeMS) Manual
The SeMS Manual provides guidelines over a data-driven cyber security governance, management, and responsibilities; cyber security culture, awareness, and training; cyber security risk management; and risk management.
> Purchase the Security Management System (SeMS) Manual
Aviation Cyber Security Strategy
IATA supports an industry-wide Aviation Cyber Security Strategy to enhance the industry's capability in addressing this ever-evolving cyber threat. This work is guided by the Security Advisory Council (SAC) and Digital Transformation Advisory Council (DTAC). The Aviation Cyber Security Strategy is focused on three main principles:
- Communities of Trust: development of communities of trust among the different stakeholders to tackle complex challenges over aviation cyber security and resilience.
- Information Exchange, Standards and Recommended Practices: articulation and coordination of different activities and forums in support of better awareness and information exchange as well as the development of standards and recommended practices and guidance material.
- Center of Excellence: establishment of strong collaborations for increased knowledge and cross-pollination of ideas.
To learn more please consult the IATA Fact Sheet – Aviation Cyber Security (pdf)
Industry Engagement
The Cybersecurity Resilience and Management Working Group (CRMWG), reporting to the Security Advisory Council and Digital Transformation Advisory Council, is mandated to develop a cyber security strategy to determine how the industry needs to respond to the challenges to remain safe, secure, sustainable, and resilient to cyber security risks. It also oversees the development of guidance and best practices through the Aviation Cybersecurity Steering Group (ACS-SG), an informal group focusing on cyber resilience of aircraft, ground and interconnected systems related to flight safety.
The Aircraft Cyber Security eXchange Restricted FORUM (rFORUM) was created by IATA and the International Coordinating Council of Aerospace Industries Associations (ICCAIA) to understand the risks better, whether associated with the introduction of new technologies or those that may be shared with the original equipment manufacturers (OEMs) and system suppliers.
3CTX Open Forum
The IATA Aviation Cyber Threat eXchange (3CTX) Open Forum is a biannual workshop (by invitation only) that tackles the industry's cyber security challenges as well as knowledge and information exchange to foster collaboration between IATA’s members and partners, industrial and academic researchers of the Cyber Security community. This Forum brings cyber security experts closer to the civil aviation industry as well as increases knowledge of the civil aviation ecosystem. So far, IATA organized the following sessions of the 3CTX Open Forum:
- 1st Edition, December 2021, theme: Coming Cyber Challenges and Risk of the Supply Chain.
- 2nd Edition, June 2022, theme: Cyber Security Risk Assessment in Aviation.
- 3rd Edition, January 2023, theme: Incident and Crisis Management.
- 4th Edition, June 2023, theme: International Incident and Crisis Management.
- 5th Edition, March 2024, theme: 3rd Party Cyber Security Assurance Program.
Other References
Partnerships and MoU
The Aviation Cyber Security Strategic Partnership package was launched in 2021 to start exchanging and collaborating with cyber security organizations and Subject Matter Experts (SMEs). Find out more about the Strategic Partnership program and consult the current list of partners in the Directory of Strategic Partners.
IATA, to support the airline industry in Aviation Cyber Security, signed a Memorandum of Understanding (MoU) with the following organizations:
- Consortium for Research and Innovation in Aerospace in Quebec (CRIAQ)
- Israeli National Cyber Directorate (INCD)
- EUROCONTROL
International Collaboration
IATA is involved in the aviation cyber security work at the International Civil Aviation Organization (ICAO). In recent years IATA contributed to the work of the Secretariat Study Group on Cybersecurity (SSGC) and its different subgroups, like development of the Cybersecurity Strategy and Cybersecurity Action Plan (CyAP). The engagement is now continued in the ICAO Cybersecurity Panel (CYSECP).
IATA is also part of the EUROCAE WG-72, supporting the development of multiple standard documents.
Training
Aviation Cyber Security
This 3-day IATA Aviation Cyber Security Training (classroom / LIVE virtual classroom) helps build a strong aviation cyber security workforce and teaches the current aviation personnel how to recognize and manage cyber risks for increased vigilance and resilience.
Operational Cyber Security in Aviation
This 3-day IATA Operational Cyber Security in Aviation (classroom / LIVE virtual classroom) provides participants with more in-depth skills to evaluate and mitigate the risk of cyber threats and protect critical systems, information, assets, and data in aviation. It provides a perfect platform for people wishing to extend and deepen their knowledge in aviation cyber security.
Find out more about the IATA Training opportunities and the upcoming sessions.
For more information
For more information about the IATA Aviation Cyber Security and how to get involved, please contact us at avcysec@iata.org