Cyber
threats are currently growing at an increasing rate and therefore becoming a
concern to civil aviation. The reduction of cyber vulnerabilities and
associated risks is critical to improve the resilience of the global aviation
system. Given the nature of cyber threats to the air navigation, airports and
other critical aviation systems, it is time for all relevant entities in the
national and international levels to work collaboratively in order to provide a
more proactive and aligned collective response to cyber threats.
Air
navigation and airport infrastructure and information systems are exposed to a
multitude of threat sources, including organised crime, motivated activists or
so called ‘hacktivists’, insider threats and; accidental or inadvertent system
damage due to employee or contractor misuse. Each of these threats is able to
cause a large and wide-spread disturbance to the order of air and ground
operations.
The International Civil Aviation Organization (ICAO)
Asia and Pacific Regional Cybersecurity Symposium 2018 opened
in Hong Kong from 15 to 16 May 2018. The theme of the Symposium
was “Cybersecurity in Air Navigation and Airport Services”. The two-day
Symposium was jointly organised by the ICAO, the Civil Aviation Department
(CAD) and the
Airport Authority Hong Kong (AA).
According to the press statement, Hong Kong is the first
city to host such symposium for the Asia-Pacific Region after a resolution
relating to cybersecurity “Addressing Cybersecurity in Civil Aviation” was
adopted in 2016 by the ICAO Assembly.
Director-General of Civil Aviation Mr Simon Li, Chief
Executive Officer of the AA Mr Fred Lam, and the ICAO Asia and Pacific Regional
Office's senior officer responsible for air traffic management and
communications, navigation and surveillance, Mr Li Peng, officiated at the
opening ceremony.
In his welcoming speech, Mr Simon Li said the accelerated adoption of
information and communication technology systems in the aviation sector,
coupled with the increased digital connectivity between various systems, could
create potential vulnerabilities if the connectivity platform is not duly
secured.
“Robust cybersecurity is increasingly important in order to
sustain aviation growth and avoid any disruption to our air transport system,”
he said.
He added that, pursuant to the ICAO Assembly Resolution of 2016, which called
for co-ordinated actions by aviation regulatory authorities and industry
stakeholders to mitigate the risks of cyber threats, the Symposium today is
well-timed for cybersecurity stakeholders to share knowledge and experience in
this subject.
At the Symposium, around 180 cybersecurity experts and
aviation industry representatives from the ICAO and its members, as well
as overseas and local organisations, met to evaluate the cyber threats faced by
the aviation industry, and to exchange the latest information, technologies and
implementation experiences in cybersecurity.
Guest speakers shared with participants their insights on
various important cybersecurity topics, including cyber threats and risks to
air traffic management, challenges to smart airports, and innovative
technologies and solutions adopted by the aviation industry to tackle cyber
threats.
Cybersecurity threats pose broad ranging challenges to the
aviation industry as a whole across the world and currently being addressed at
global level through the establishment of the ICAO Secretariat Study Group on
Cybersecurity (SSGC). The APAC Region can monitor the progress and contribute
to the efforts of the SSGC to work towards the development of a comprehensive
and unified strategy for cybersecurity that can reflect the global and regional
environments. The urgency of need for the availability of appropriate guidance
and strategy on cybersecurity and cyber resilience was identified by the
symposium. The need was emphasised by most of the participants to share
information about the cyber threats and mitigation measures among the member
states.
However, due to national restrictions and
business reasons, many states do have reservations in sharing such critical
information. In this regard, it was proposed that secured and controlled access
to database may be considered for sharing information, reported attacks,
mitigation measures, security advisories etc. to ensure confidentiality of
information among the notified stakeholders under some kind of trust and
nondisclosure agreement. One example of a platform to share such information
would be the ICAO
Acts of Unlawful Interference Database hosted on the ICAO Secure Portal.