The information on this page details what we asked, what you said and what we're doing with the results in regard to the Cyber Security Oversight Survey undertaken in 2022.
We asked
The Cyber Security Oversight Team conducted a survey of all Cyber Security Responsible Managers to ask for views via email on the CAA Cyber security oversight process for aviation (CAP1753) and the Cyber Assessment Framework (CAF) for Aviation Guidance (CAP1850).
The survey aimed to establish how the approach was influencing cyber security within civil aviation and to identify any improvement suggestions that entities would like the team to make.
You said
Responses to this survey reflected challenges faced by industry entities.
You told us that you had significant difficulty in navigating the Cyber Assessment Framework (CAF), and that the CAF itself was not appropriate for all organisations.
The feedback did not just relate to Information Technology itself, it extended to the training and capabilities of teams, with a need to increase specific industry capabilities, including growth of the avionics and Air Traffic Management (ATM).
Several comments related to a lack of engagement and communications with industry and urged the team to do more.
Overall, there was strong support on the principles and the need to implement cyber security standards for aviation. You told us that you felt that the team contributed positively towards cyber security in aviation.
We did
The CAF (under CAP 1753 process) is the instrument that the CAA uses to establish initial Cyber Security Oversight, identifying priority areas in the form of corrective action plans against the CAF. The initial CAF audit and critical system scoping exercises were extremely valuable to establish the initial baseline position across industry.
Our experts have also worked with colleagues at National Cyber Security Centre (NCSC) to define a CAF Foundational Elements framework, which is suitable for smaller organisations who may not have the in-house cyber expertise to effectively navigate the CAF.
Regarding engagement, the CAA Cyber Oversight Team run the Cyber Security Industry Working Group (CSIWG), which is a multi-stakeholder group formed of UK aviation industry, government, CAA Aerospace Cyber Security, other relevant CAA teams and invited ASSURE Cyber Suppliers.
We will aim to make the industry ready for any new regulation being implemented and will work in collaboration with industry to attempt that this happens moving forward.
Working alongside the Airport Operators Association (AOA), we have established ongoing dialogue to work through issues relating to meeting requirements for cyber security.
During 2023 we also introduced a regular newsletter and we will look to continue this to keep entities informed on developments within the team.
Provide page feedback
Please enter your comments below, or use our usual service contacts if a specific matter requires an answer.
Fields marked with an asterisk (*) are required.