To combat the threats of cyber attacks on military air systems, the British Ministry of Defence has introduced a new regulation to assess and mitigate possible impacts on air safety. This regulation can prove to be a valuable guideline for the assessment and improvement of cyber-resilience of military air-systems, extending its significance not only within the UK but also across international borders.

The safe functioning of contemporary military air systems is under a substantial threat due to cyber-attacks. To address this emerging and non-traditional danger to air safety, the Military Aviation Authority (MAA) - an organization within the British Ministry of Defence, has taken proactive steps by introducing the Cyber Security for Airworthiness (CSA) regulation. This regulation aims to safeguard safety-related systems and ensure protection against cyber threats.

Military air systems typically consist of various types of aircraft, such as fighter jets, bombers, transport planes, helicopters, unmanned aerial vehicles (UAVs), and specialized aircraft tailored for specific tasks. Additionally, these systems encompass the ground support infrastructure, communication networks, avionics, radar systems, weapon systems, and personnel required for the effective and safe operation of the aircraft.

An evolving ecosystem = an enhanced amount of vulnerabilities

As the aviation ecosystem evolves, it becomes more intricate and interconnected. In both civil and military contexts, the proper functioning of avionic systems is crucial for safe operations. To enhance efficiency and performance, advanced network architectures are being implemented, allowing seamless data transmission between avionic and other systems. However, these technological advancements also come with potential risks to airworthiness and air safety if not adequately safeguarded.

Older legacy air systems typically possess fewer inherent threats because of their older federated architectures, customized computer technologies, and lower dependence on avionic systems for safe operations. Nevertheless, it remains crucial to comprehend and address any existing risks associated with these systems.

Furthermore, it is important to be aware that type design changes, which bring about new capabilities, might establish connections with older systems. These connections could have been developed without taking into account proper cyber security controls, consequently introducing new vulnerabilities to the previously secure legacy systems. As a result, it becomes imperative to carefully assess and mitigate any potential risks arising from such connections and ensure the overall cyber security of the entire integrated air system.

The European Perspective

The European Union Aviation Safety Agency (EASA) has adopted a comprehensive approach to establishing a cyber-resilient aviation ecosystem. This approach focuses on addressing the challenge in two primary domains: 

  • Product security -  ensuring the security of aircraft and engines, and
  • Organization security -  safeguarding aviation organizations concerning their personnel and processes.

To address these concerns, it is essential to conduct thorough cyber security assessments for connected systems. By doing so, any potential airworthiness and air safety risks can be identified and appropriately mitigated, ensuring the continued safety and reliability of modern military air systems.

So what does this mean?

The new CSA regulations aim to ensure the comprehensive evaluation of cyber security threats for all air systems within or destined for the UK Military Aircraft Register (MAR). These assessments are conducted to identify any potential risks to airworthiness and air safety. To counteract these risks, appropriate mitigations are applied to ensure the continued safety and reliability of the systems.

Moreover, the regulations emphasize the importance of informing air system owners about any identified air safety risks related to cyber security (CSA risks). By doing so, owners can better comprehend these risks and take ownership of addressing them. These risks are then seamlessly integrated into the core activities of air safety management, ensuring a holistic approach to safeguarding airworthiness and air safety.

The Aviation Information Sharing & Analysis Center (A-ISAC)

The A-ISAC serves as a global consortium dedicated to cybersecurity information exchange within the aviation industry. Established in 2014 by seven prominent aviation companies, the A-ISAC has become the central coordinating body for handling cyber threats across the global aviation community, earning trust through its operations.

By fostering collaboration among various stakeholders in the aviation sector, the A-ISAC works towards enhancing resilience against cyber threats. Their threat intelligence is a product of collective contributions from hundreds of analysts within the aviation industry.

Next Steps

Talk to the SkyRadar team to discuss solutions that help your organization to withstand the increasing threat of cyberattacks on the aviation sector. 

New call-to-action

New call-to-action