In a report drawn up in cooperation with the global commercial aviation sector, the World Economic Forum (WEF) has highlighted the need for the aviation industry to unify its approach to cybersecurity. The report is entitled ‘Pathways to a Cyber Resilient Aviation Industry’ and it was published on Wednesday. The WEF also announced that it had launched an initiative called Cyber Resilience in Aviation.
Both the report and the initiative were created by the WEF in partnership with more than 50 aviation associations and companies. These included the International Civil Aviation Organisation (ICAO – a specialist body of the United Nations), the International Air Transport Association (the representative body for the world's airlines), the Airports Council International, the Aerospace Industries Association, other associations, regulators, manufacturers, individual airline groups, services, computer software, internet and cybersecurity companies, consultants, accountants and insurers, among others.
“The aviation industry has developed a strong track record of safety, resilience and security practises for physical threats and must integrate cyber risks into this culture of safety and resilience,” highlighted WEF Centre for Cybersecurity Industry Solutions head Georges De Moura. “A common understanding and approach to existing and emerging threats will enable industry and government actors to embrace a risk-informed cybersecurity approach to ensure a secure and resilient aviation ecosystem.”
There was a need for a global alignment of aviation cybersecurity regulations. A cyber resilience baseline had to be created across the aviation supply and value chain. An impartial assessment and benchmarking framework had to be designed. And international information-sharing standards had to be developed.
“Adopting a collaborative cyber resilience stance and creating trust between cross-sector organisations, national and supranational authorities is the logical yet challenging next step,” pointed out Deloitte Belgium partner Chris Verdonck. “However, if the effort is not collective, cyber risks will persist for all. Further solidifying an extensive and inclusive community and developing and implementing a security baseline is key to adapt to the current digital reality.”
It was necessary for countries to facilitate reskilling of personnel and to reward the more open reporting of incidents involving aviation. As for the individual organisations and companies, they had to integrate cyber resilience into their general business resilience practices and ensure the necessary risk assessments and prioritisation were undertaken. They also had to improve the collaboration between themselves.