Safety Versus Security

Overview:
The convergence of safety and cybersecurity is reshaping how aviation stakeholder manages operational risk. Cybersecurity resilience, defined as the ability of systems to respond to, and recover from cyber incidents while maintaining critical function, is essential to ensuring safe and continuous air navigation services. Safety critical systems often rely on legacy or highly certified platforms that cannot be rapidly patched or changed without impacting operations, creating exposure to evolving cyber threats and increasing dependence on compensating controls and robust recovery capabilities. This session examines how cyber vulnerabilities can translate into safety hazards and how resilient architecture, processes, and governance can protect safety outcome even when prevention and patching are constrained.

Session Objectives:
• Describe how cybersecurity, cyber resilience, and safety interact with aviation system/services and wider aviation operations.
• Recognise how cyber threats to safety-critical systems can lead to safety hazards, especially where patching is delayed or restricted.
• Discuss resilience strategies (segmentation, patching, redundancy, recovery) that help maintain safe operations when systems are under cyber stress or partially degraded.
• Identify ways to embed cyber resilience principles into safety management systems, policies, and CANSO/ICAO aligned frameworks.
• Share lessons and practices that strengthen collective aviation cyber resilience across the CANSO community.