The aviation industry relies heavily on computers for every touchpoint of aviation service, from ground to flight operations. Cybersecurity is a term that refers to the safety of such computer systems – it is also called info-security. If nefarious individuals were able to get access to some of your computer systems, they could pose a catastrophic threat to flight operations.
In general, when we talk about cybersecurity we are referring to
Because computers are fully integrated into the most sensitive and risk-prone aspects of flight services, all aviation service providers need to be deeply concerned with the cybersecurity practices of their organization.
Threats come from individuals called hackers. Hackers may try and compromise your computer systems, data, access, and safety instrumentation. They may do this from outside your organization, or they may try it from within your organization.
Cybersecurity in aviation affects areas of flight operations that you would expect, but others that you might not expect. Basically, any area of flight operations that is non-mechanical has cybersecurity implications.
Some ways cybersecurity affects aviation safety are:
The list could go on and on. Just consider how devastating it would be if a hacker gained access to any sensors on an aircraft. Cybersecurity affects aviation safety in nearly every way it possibly could.
Whether or not cybersecurity should be a part of your aviation SMS is a tricky question. The best answer is not the guidance you are probably looking for: it depends.
On the one hand, cybersecurity is an intimate part of safety. On the other hand, aviation safety managers aren’t cybersecurity experts. How much your info-security system and your safety management system are integrated is something your organization will have to work out. Maybe your cybersecurity system is a part of your SMS, or maybe it is a separate entity.
Regardless of whether they are fully integrated or not, info-security and safety teams should work closely to ensure that:
So to get back to the original question, should cybersecurity be a part of your aviation SMS, the short answer is definitely. The long answer is, it depends. Larger organizations may need more separation between safety and cybersecurity teams, whereas smaller organizations may have full integration between the two.
As said, though cybersecurity is an important facet of SMS, safety managers are not the subject-matter experts who should be responsible for cybersecurity. A designated IT manager or cybersecurity expert should be responsible for developing and managing:
That being said, the safety manager may ultimately be responsible for the safety of the entire organization, of which cybersecurity is a significant part. Your safety manager should work closely with the cybersecurity manager to facilitate safe operations.
Ultimately it is the responsibility of the accountable manager of your SMS to ensure that:
Last updated August 2024.