ICAO organises Asia and Pacific Regional Cybersecurity Symposium 2018 in Hong Kong
Cyber threats are currently growing at an increasing rate and therefore becoming a concern to civil aviation. The reduction of cyber vulnerabilities and associated risks is critical to improve the resilience of the global aviation system. Given the nature of cyber threats to the air navigation, airports and other critical aviation systems, it is time for all relevant entities in the national and international levels to work collaboratively in order to provide a more proactive and aligned collective response to cyber threats.
Air navigation and airport infrastructure and information systems are exposed to a multitude of threat sources, including organised crime, motivated activists or so called ‘hacktivists’, insider threats and; accidental or inadvertent system damage due to employee or contractor misuse. Each of these threats is able to cause a large and wide-spread disturbance to the order of air and ground operations.
The International Civil Aviation Organization (ICAO) Asia and Pacific Regional Cybersecurity Symposium 2018 opened in Hong Kong from 15 to 16 May 2018. The theme of the Symposium was “Cybersecurity in Air Navigation and Airport Services”. The two-day Symposium was jointly organised by the ICAO, the Civil Aviation Department (CAD) and the Airport Authority Hong Kong (AA).
According to the press statement, Hong Kong is the first city to host such symposium for the Asia-Pacific Region after a resolution relating to cybersecurity “Addressing Cybersecurity in Civil Aviation” was adopted in 2016 by the ICAO Assembly.
Director-General of Civil Aviation Mr Simon Li, Chief Executive Officer of the AA Mr Fred Lam, and the ICAO Asia and Pacific Regional Office's senior officer responsible for air traffic management and communications, navigation and surveillance, Mr Li Peng, officiated at the opening ceremony. In his welcoming speech, Mr Simon Li said the accelerated adoption of information and communication technology systems in the aviation sector, coupled with the increased digital connectivity between various systems, could create potential vulnerabilities if the connectivity platform is not duly secured.
“Robust cybersecurity is increasingly important in order to sustain aviation growth and avoid any disruption to our air transport system,” he said. He added that, pursuant to the ICAO Assembly Resolution of 2016, which called for co-ordinated actions by aviation regulatory authorities and industry stakeholders to mitigate the risks of cyber threats, the Symposium today is well-timed for cybersecurity stakeholders to share knowledge and experience in this subject.
At the Symposium, around 180 cybersecurity experts and aviation industry representatives from the ICAO and its members, as well as overseas and local organisations, met to evaluate the cyber threats faced by the aviation industry, and to exchange the latest information, technologies and implementation experiences in cybersecurity.
Guest speakers shared with participants their insights on various important cybersecurity topics, including cyber threats and risks to air traffic management, challenges to smart airports, and innovative technologies and solutions adopted by the aviation industry to tackle cyber threats.
Cybersecurity threats pose broad ranging challenges to the aviation industry as a whole across the world and currently being addressed at global level through the establishment of the ICAO Secretariat Study Group on Cybersecurity (SSGC). The APAC Region can monitor the progress and contribute to the efforts of the SSGC to work towards the development of a comprehensive and unified strategy for cybersecurity that can reflect the global and regional environments. The urgency of need for the availability of appropriate guidance and strategy on cybersecurity and cyber resilience was identified by the symposium. The need was emphasised by most of the participants to share information about the cyber threats and mitigation measures among the member states.
However, due to national restrictions and business reasons, many states do have reservations in sharing such critical information. In this regard, it was proposed that secured and controlled access to database may be considered for sharing information, reported attacks, mitigation measures, security advisories etc. to ensure confidentiality of information among the notified stakeholders under some kind of trust and nondisclosure agreement. One example of a platform to share such information would be the ICAO Acts of Unlawful Interference Database hosted on the ICAO Secure Portal.