EUROCAE, the European standards organisation for aviation.
Civil aviation is an increasingly attractive target for cyber-attacks. New technologies such as e-enabled aircraft, new generation CNS/ATM systems and drones are changing the risk landscape of the aviation system. At the same time, there is growing demand for guidance and leadership in cybersecurity, where EUROCAE WG-72 has brought a significant technical contribution through four EDs: ED-201, 202A, 203 and 204.
We have leading expertise in the field of cyber-security and SecMS. Andy Boff is the lead consultant for cybersecurity on the aviation side of Egis, and also guides data management and system engineering projects. He has pioneered the introduction of modern cybersecurity standards into operational environments – including ISO 27001 certification of operational Air Traffic Control (ATC) systems at NATS. He is recognised internationally as an expert in operational cybersecurity, and is a member of the Leadership Team for EUROCAE’s Security Standards Working Group, and holds both CEH (Certified Ethical Hacker, technical) and CISSP (Certified Information Systems Security Professional, managerial) certifications.
Egis is also experienced in developing and delivering successful training courses – both in our own right and under licence, so EUROCAE invited us to develop a new and bespoke two-day training course for them, to share best practice in cybersecurity standards in aviation.
Role of Egis
- Set out the Learning Objectives for the course and a proposed content outline.
- Gather feedback on the proposed structure and content from a selection of fellow experts from WG-72.
- Develop all course materials, including interactive exercises and handouts.
- Design certificates.
- Support EUROCAE with event planning, promotion and evaluation.
- Liaise with delegates in advance of delivery.
- Deliver the training course through 2018-2019.
- Conduct a review of the training and make recommendations for iterations.
We designed a content-rich interactive training course, with plenty of opportunity for delegates to embed learning with group and individual exercises.
The first training course took place at EUROCAE headquarters in Paris and attracted participants from all walks of aviation life and from across three continents. It was oversubscribed and was quickly followed by a second course a few weeks later.
The programme covered key concepts and challenges, for instance the similarities and differences between safety and security. Standards will play a big part in linking rules to practice, so awareness of the latest regulatory developments was crucial to many.
The training then moved on to look at the standards landscape, exploring which groups have produced what standards and guidance. This included aviation-specific standards (eg from EUROCAE and CEN) and non-aviation-specific cyber standards (eg from ISO and NIST), covering airworthiness, ATM/CNS, airports and more general standards.
The course was a resounding success, with 95% of attendees rating it good, very good or excellent.