Conversation Aviation Magazine #3 - Article on Cyber Risks
The 3rd edition of the Conversation Aviation Magazine has been published and includes a dedicated article about understanding Cybersecurity Risks.
But what type of risks are we are talking about and what do we need to do to mitigate them?
What can you do?
There are three things you can do to help our efforts to mitigate cyber risks.
- Firstly, please follow all company procedures when it comes to operating or maintaining any systems that you use in your day-to-day work and when it comes to the use of USB sticks.
- Be aware of potential phishing or other possible attacks that might come to you as an individual, especially through email. Ana and her security team continually produce promotions of common threats and things you can do and these are always available on the company intranet.
- Finally, please report any situation that you think might cause Cyber Risks. For example, if you open anything by accident in an email, please report it so we can take action quickly. The main thing is to report it, Cyber Risks are continually evolving and even the most aware people can be taken in – don’t be afraid, nothing will happen to you if you report something.
- Conversation Aviation Magazine #03 2023
But who is Ana? Who are part of the security team? And which company is this?
Well Safewings of course!
Maybe you need a little bit of context here...Let me tell you a bit more about the magazine then.
The Magazine
The Conversation Aviation Magazine is published every quarter as an EASA publication, created in a collaborative way with organisations from across the aviation community. In principle, each publication takes place after the end of each quarter, aiming at 4 editions per year.
During the course of each quarter, the articles are published on the Air Ops Community so you can read them as individual articles and not just as part of the magazine. Videos, posters, and even some podcasts on the different topics are also included.
This edition is focusing on Winter Ops. Apart from the article on cyber security, a great selection of articles covers the Winter Ops theme including the mental health of staff, the role of human factors / aviation psychologists, the origins of flight education, communication and standard phraseology and sustainable flying.
Interested to know more?
Then check the Related Content below and become a member of the Air Ops community!
Cyber today is a big trash can into which we throw everything and anything (including some of our responsibility). In my opinion, two essential things are missing: It is a tool, a digital machine: without human actions it does nothing. The fault is therefore mainly human. I would be even more cautious about wanting to add it to aviation, it is much broader than that, what about aeronautical documentation and end user agrements? Cloud Act-GDPR mitigation ?
Hello Dominique, indeed Cyber(security) has become a buzzword nowadays. However the accountability (and responsibility for the most part) remains to humans. From a cybersec perspective, the digitalisation of aviation underlines the need for the implementation of security controls. The decision of which security controls are more relevant it's a decision based mostly on the risk and available resources. Some tech solutions may be decided not to be implemented and thus no cybersec controls might be necessary. However, as aviation continues to be digitalised, new challenges arise, including in our domain and it is important to work collaboratively to counter those challenges.
Hello Vasileios, yes I understand and I agree with the arguments in your answer. Thank you for this one by the way. I would like to draw your attention to the fact that the Cyber world is a bit like a cooking recipe, everyone knows it and no one knows what’s in it. Starting with the decision-makers, those who will organize or manage an activity that includes Cyber. In general they turn to a Cyber “expert”, and that’s not good. This is like deciding without knowing. For example: if project management methods like “Agility” are adapted to the digital world, it is unmanageable from an aeronautical point of view with certifications (we receive SBs up to three weeks after their publication) . Another example, security control and spoofing, in a digital world how can we ensure that the control is compliant? How to control without opening the code door? without forgetting that these technologies are often particularly sensitive and expensive, how can we ask a supplier to reveal their codes to verify/control? We also forget that signal jamming has existed for much longer, what did we learn back then?
Please log in or sign up to comment.