ENISA works towards a more resilient European Aviation System.
Aviation sector
While aiming at harvesting the benefits of digital transformation in order to streamline operations or enhance its customers’ experience, aviation is evolving at a fast pace towards interconnection systems and the use of IoT. The flipside of this transformation is the rising danger posed by cyberattacks that take the opportunities provided by a wider and sometimes unprotected attack surface.
The industry is a vast ecosystem of different players along the supply chain. Within the scope of the NIS Directive we find air carriers, airport managing bodies, core airports and entities operating ancillary installations contained within airports and traffic management control operators providing air traffic control (ATC) services.
ENISA has been working on aviation cybersecurity since 2010, aiming at enhancing the security and resilience of air transport in Europe together with all relevant key stakeholders and sectorial agencies (e.g. EASA, Eurocontrol). Relevant work includes studies, such as the 2016 'Securing Smart Airports' and cyber exercises.
ENISA actively works towards increasing the cybersecurity capabilities and the overall cyber resilience of the Aviation Sector by:
- Engaging in structured collaboration with EASA and other sectorial stakeholders;
- Participating in the European Strategic Cooperation Platform;
- Contributing with technical advice on regulatory matters, e.g. horizontal rule on 'Management of information security risks' (EASA Opinion No 03/2021);
- Promoting cybersecurity information exchange in the community by supporting the creation of the European Aviation ISAC (EA-ISAC);
- Facilitating knowledge building activities.