The European Cyber security for aviation Standards Coordination Group (ECSCG)
Aircraft and air traffic management systems are witnessing the development and integration of automated functions. Such developments improve the safety process and allow to maximise the use of resources. However, as safety increasingly relies on information systems, cyber security is becoming critical. Information system security in the aeronautical environment is both critical and subject to domain-specific regulatory constraints. The regulatory and standardisation requirements are complex, defined by both aeronautical and cyber security initiatives.
In order to enable the development of aeronautical cyber security in a coordinated and harmonised way, it is essential to ensure that the necessary and appropriate standards are available in due time. Considering that only finite resources are available, there is a strong need to streamline relevant standardisation activities in Europe and globally.
The European Cyber security for aviation Standards Coordination Group is created to respond to this need. The ECSCG is a joint coordination and advisory group established to coordinate the cyber security for aviation related standardisation activities. A specific focus will be on activities stemming from the EC and EASA regulations, this does not exclude other market-driven standards.
The ECSCG kick-Off meeting took place on 30th October 2018 at the EUROCAE office in Saint-Denis, France.
Experts from the European regulators (European Commission and EASA) and other European and international standardisation bodies and organisations active in cyber security met to discuss the Terms of Reference of the Coordination Group with the goal to define a way to streamline standards developing activities in Europe.
The tasks of the ECSCG will be to:
- develop, monitor and maintain an overarching European cyber security for aviation standards rolling development plan, in particular for those standards aimed at providing means to comply with cyber security rules under development initially based on the existing material contained in ER-017.
- facilitate the sharing of work among the Standard Developing Organisations (SDO's) thus identifying gaps and avoiding overlaps.
- monitor all relevant processes, resource availability and other related risks and issues.
- provide a forum to manage specific issues and resolution of conflicts.
- advise the EC and EASA on cyber security standardisation matters, as required.
- coordinate with other relevant stakeholders and other regional and global activities.
In order to fulfil its tasks, the ECSCG will need to:
- facilitate the participation of the various member organisations, in order to develop a comprehensive set of industry standards needed to cover the whole spectrum of aeronautical cyber security;
- identify and share a common recognition of the fields of competencies of the various contributors in order to avoid the risk of overlapping activities;
- establish and maintain a bidirectional information flow between regulators and all relevant actors, to ensure that changes, delays and new developments can be taken into account;
- maintain awareness of the status of upstream rationale and progress associated with identified needs for standardisation activities.
The main deliverable of the ECSCG will be the European cyber security standardisation Rolling Development Plan (RDP) which will be progressively updated to reflect the current situation. It will also provide a method for the identification and discussion of overlaps and gaps, and as a basis for feedback to contributing organisations, to improve overall coordination of standards development.