Embracing aviation security culture - cyber training raises awareness and capacity-building
    Embracing aviation security culture - cyber training raises awareness and capacity-building
    Interview

    Embracing aviation security culture - cyber training raises awareness and capacity-building

    11 October 2022

    Dr. Rebekah Tanti-Dougall (LL.B., LL.M. (IMLI), LL.D.) is an ICAO-certified training instructor and JAA TO’s expert facilitator in aviation cyber security. Dr Tanti-Dougall is a legal consultant on legal aspects of aviation security, including cyber security. 
    She was the Chair of the ICAO Secretariat Study Group on Cyber Security Working Group on Legal Matters during its term, and is now an observer to the ICAO Cyber Security Panel on behalf of Malta. Dr. Tanti-Dougall has authored various articles on aviation security and cyber terrorism and has participated as guest speaker at numerous international conferences on cyber terrorism, legal aspects of cyber security and aviation. 
    She is also a legal advisor to the Bureau of Air Accidents in Malta, and is Secretary to the European Network of Civil Aviation Safety Investigation Authorities (ENCASIA).
    JAA TO: JAA TO’s only training on aviation cyber security is becoming more and more important in a tech-centred world. What are the objectives of this course?

    Threats against aviation aren’t new, new is the more frequent and sophisticated malpractice of cyberattacks. The course provides an overview of cyber broken down into different modules:

    1. Introduction to cyber, what is a cyber threat?
    2. Who are the attackers? What are their motifs? What are the attacking methods?
    3. Understanding the various initiatives on regional and international level
    4. Focusing on the legal aspects and current international legal frameworks (EU, ICAO, Tokyo Convention, The Hague Convention, Beijing Convention)
    5. Exploring concepts of jurisdiction and other legal elements
    JAA TO: What is a cyberattack against aviation?

    Simply put, all attempts via cyberspace targeting the air transport sector for the purpose of disrupting, disabling, destroying, or maliciously controlling a system can be classified as cyberattacks. With more and more automation, and a high increase in dependency on information technology, and a system of systems,  aviation may be deemed to be vulnerable to cyber threats, be it by hackers, cybercriminals or cyber terrorists.

    JAA TO: What are the lessons learned from previous attacks in the aviation industry and how to move forward?

    It is interesting to refer to the 9/11 events, and what the industry could learn from this in relation to cyber. After 9/11, there was a Commission set up to identify possible failures in aviation security. It noted that the failure of the industry to ‘imagine’ future threats meant that as a result, training and capabilities will not be developed, and management will not be trained. This, in my opinion, is applicable to cyber, and it would be in the interest of the industry as a whole for organisations in the aviation industry to invest in training and capability development.

    JAA TO: In your opinion, is cyber a real threat to the aviation industry?

    In my opinion, cyber is indeed a real threat to the aviation industry and it would be difficult to deny this. Terrorists and those who want to attack the industry may be deemed to be one step ahead and this is why as an industry we should have a preventive approach rather than a reactive approach. And this is even more so because aviation will always be an appealing target for those who want to attack.

    JAA TO: What can teams/organisations do to prevent future attacks?

    Aviation organisations should take a proactive approach regarding cyber security, With an emphasis on the human element in order to be aware of cyber security hygiene, with regard to passwords for example, as well as best practices, and this to achieve an over cyber security culture, where the effort of each individual matters to the organisation.

    JAA TO: What is the importance of training in relation to aviation cyber security?

    So it is important for organisations in the aviation industry to invest in training their employees in order to ensure awareness and capacity-building which are key to fostering and promoting a cyber security culture. As a result, creating such a cyber security culture would result in one of the most valuable assets in the company which would be a critical core value with cyber security being everyone's responsibility.

    JAA TO: How can organisations build a first line of defence?

    Organisations can build a first line of defence through training and capacity building of their personnel, across all levels of the organisation, be it management, IT and security, which in turn would foster an inherent value in each individual, creating a cyber security culture. This is because the human element is extremely important when we speak about cyber security and cyber resilience, and it becomes the first line of defence.

    JAA TO: In recent years, the aviation industry has experienced cyberattacks disrupting operations. How well is aviation protected against the multitude of cybercrimes?

    Aviation is evolving towards a higher dependency on digitalisation and systems interconnection, a system of systems. During this course, we look at various attacks aviation has seen through cyber in order to highlight the need for aviation to achieve a level of resilience, and this through not only the technical infrastructure that a company required, but also training and capacity-building for personnel which is important at all levels of the company, be it management, security, IT, and other personnel. This is important to foster a cyber security culture and increase cyber security resilience.    

    About JAA Training Organisation ✈

    The JAA Training Organisation (JAA TO) is a Dutch non-profit organisation and the Associated Body of the European Civil Aviation Conference (ECAC). JAA TO has a history of 50+ years training the aviation industry and national authorities on regulation in the air transport sector. JAA TO is the only Platinum Training Centre of Excellence (TCE) in Europe recognised by the International Civil Aviation Organization (ICAO). JAA TO is an IATA Dangerous Goods CBTA Centre of Excellence, an ACI World Accredited Training Partner, recognized Dutch National Aviation Security Training Centre and a leading member of the EASA Virtual Academy (EVA).

    JAA TO schedules more than 300 training courses annually on topics such as safety, security, drones and management. Within the aviation community, JAA TO offers a platform to learn and exchange views on latest regulatory developments. In addition, JAA TO provides advisory services, knowledge solutions, training consultancy and assistance with capacity building for (aviation) training departments.

    Zrzut ekranu 2024-08-14 103948.png
    Powered by