Customised support and guidance to help aviation industry entities make informed decisions
On the back of decades-long consulting and engineering support to aviation, Egis today offers a specialist team to help ANSPs, airports and OEMs throughout the system development lifecycle, ensuring cybersecurity and safety are seamlessly integrated. Working with your teams, we can design and implement Secure by Design strategies tailored to local regulatory and operational needs. Our role can range from conducting Security Risk Assessments and facilitating collaborative risk evaluations to implementing advanced security frameworks, ensuring systems are resilient and aligned with global best practices. We also provide ongoing support in validating system performance, optimising solutions during integration, maintaining compliance during operations, and training staff on system security best practices. By bridging the gap between ANSPs, airports and OEMs, Egis fosters collaboration, helping both parties navigate the complexities of cybersecurity while preserving safety and operational excellence.
Laying the groundwork for Security by Design
The Secure by Design approach, integrated with the V-Model, enables ANSPs to strike a balance between safety and security. Conducting an Information Security Assessment as part of the design process ensures vulnerabilities are addressed early, while collaboration with OEMs ensures alignment with operational needs and regulatory requirements. By embedding security into the development lifecycle and leveraging the expertise of partners like Egis, ANSPs can safeguard operations and passengers in an increasingly complex and interconnected threat landscape.
Laying the groundwork for Security by Design involves a comprehensive approach to embedding security into the core of system development. This process begins with understanding the operational requirements from which the local technical concepts are derived, which provides a foundational understanding of the system's technical framework. A thorough system review and validation ensure that potential vulnerabilities are identified and addressed early on. This is followed by developing detailed system requirements that prioritise security as a fundamental component. Finally, the development of cybersecurity specifications delivers specific protocols and standards to safeguard the system against threats, ensuring a robust and resilient design from the beginning.
Security Risk Assessment
Conducting a Security Risk Assessment is a critical process for safeguarding key information assets and ensuring system security. It starts with identifying the key information assets to be protected through scoping and establishing the architectural basis for a comprehensive security review. Risk analysis follows, determining the likelihood and impact of potential threats to assess their severity. This is complemented by an evaluation of the high-level design architecture to pinpoint vulnerabilities within the system's structure. An initial risk register is then developed, capturing the uncontrolled security risk exposure before mitigation efforts. Finally, applicable security controls are identified to address the assessed risks, laying the foundation for targeted protective measures to enhance overall security resilience.
Development of cybersecurity requirements
The development of cybersecurity requirements involves a comprehensive approach that begins with understanding the current environment and identifying critical aspects that support the system’s performance, availability, and reliability. To ensure long-term effectiveness, these requirements must be developed with an appreciation of the Air Traffic Control (ATC) operational environment and context and be adaptable to future evolving security and functional needs. Justification for the requirements is achieved by mapping them to both aviation-specific security standards and relevant non-aviation standards, ensuring a robust and well-rounded framework that addresses the unique challenges of the domain while leveraging broader industry best practices.
Review of the regulatory landscape
The review of the security regulatory landscape involves a systematic assessment of existing regulations, directives, and standards that govern cybersecurity within the aviation sector. This process starts with identifying applicable international, regional, and national regulations and standards from bodies such as the International Civil Aviation Organisation (ICAO), European Union Aviation Safety Agency (EASA), European Organisation for Civil Aviation Equipment (EUROCAE), and others. Special attention is given to areas of overlap, gaps, and emerging regulatory trends that may impact the compliance of system design. The objective is to ensure alignment with current obligations while anticipating future requirements, thereby supporting proactive security governance and informed decision-making across all levels of the organisation.
Educate staff on security best practices in the aviation industry
Educating staff on security best practices in the aviation industry requires a comprehensive training approach that begins by aligning staff education with the latest security best practice guidance coming from both international security frameworks and the aviation sector. The training also integrates wider security areas such as risk management, security controls, risk assessments, and ATM-specific system security. This continuous education fosters a security-conscious culture, enabling employees to make informed decisions that contribute to operational resilience and regulatory adherence.