A new agreement signed by government officials from the United Arab Emirates (UAE) Ministry of Cabinet Affairs and the International Civil Aviation Organization will form a new partnership between ICAO and the UAE to enhance aviation cybersecurity strategy and policy. for aviation stakeholders in the Middle East.
The agreement was signed during an ICAO mission to the UAE last week, where ICAO Council President Salvatore Sciacchitano addressed the UAE “High Level Conference on Cyber Security in Civil Aviation”, held as part of the annual conference World Government Summit in Dubai. In his speech, Sciacchitano highlighted the presence of some of the legacy systems and networks that comprise what he describes as the backbone of aviation’s “information architecture” or “system of systems.”
“Legacy systems, especially, can contain outdated hardware and software that aren’t always easy to replace. They can also have inherent security vulnerabilities, not being able to adapt to the latest security and encryption best practices,” Sciacchitano said.
While the pandemic led to a historic decline in the annual volume of passenger airline flights between 2020 and 2021, a report from Eurocontrol’s new cybersecurity data collection initiative showed a major increase in the number of reported cyberattacks. to the agency by Europe-based aviation companies. Several recent cyberattacks that have caused disruptions to airlines, airports, and aviation service providers have also shown how big a system of systems target is for hackers and bad actors.
In February, Swissport, a provider of airport ground services with operations at 285 airports in 45 countries, reported a ransomware attack that temporarily took some of its main information exchange systems offline. news week posted a Article last year showed how the personal data of more than 4 million passengers was compromised in a cyberattack targeting several airlines operating in the Asia Pacific region, including Air India, Malaysia Airlines, Singapore Airlines and Finnair.
“The pandemic has also fostered significant public expectation of contactless technologies to make their future traveler experience healthier and safer, which means we face a whole new wave of siled digitization and yet more system-of-systems vulnerabilities emerging. ”, Sciacchitano said in his speech.
The aviation cybersecurity agreement between the UAE and ICAO will focus on collaboration between the two parties that fosters knowledge and information sharing leading to “accelerators, future civil aviation innovation and cybersecurity,” according to ICAO. ad of the new agreement. ICAO’s agreement with the UAE government is the agency’s latest move in standardizing how the global aviation industry responds to and regulates cyberattacks against aviation assets.
The agency adopted Assembly Resolution A40-10—Addressing Cyber Security in Civil Aviation, during the 40th Session of the ICAO Assembly, which calls on ICAO member states to implement the ICAO Aviation Cybersecurity Strategyfirst published in October 2019. Sciacchitano also advocated in his speech for more ICAO member states to adopt the 2010 Beijing Convention and Protocol to establish a global legal framework to deal with “cyber attacks against international civil aviation as crimes”.
“In addition, ICAO has been developing an international aviation trust framework to support civil aviation cyber security and cyber resilience in the air navigation domain,” Sciacchitano said. “This is a very important project, probably the most important in recent years, to support the secure global exchange of digital aviation information and will include procedures, technical specifications and guidance material that supports the current and future requirements of the global network” .