Why cybersafety is a critical component of effective emergency response planning
Matt Shreeve, Director and Aviation Cyber Expert at Helios and chair of the CANSO Cyber Safety Task Force, explores CANSO’s latest emergency response guidance.
As more people fly, our reliance on the resilience of the air traffic management system increases, as does our need to safeguard it. We need to do everything possible to be ready to manage potential threats and avoid service disruption to passengers and other airspace users, and to implement the very latest in safety best practice.
Air traffic control system outages have hit the headlines several times over the last 12 months, for example those affecting the Irish, French and UK service providers. In each instance the air navigation service provider (ANSP) has followed a set of processes for isolating, investigating and resolving the problem, returning to normal operations as quickly as possible.
Whilst none of these incidents was a cyber-attack, the very real possibility of cyber incidents has prompted CANSO to update its emergency response best practice guidance.
The CANSO Emergency Response Planning Guide covers degraded modes of operation through to full-blown emergency. Since the overall approach to developing and assuring emergency and contingency procedures are generally similar to those used in cyber-incident response, the revised Guide is also applicable to non-cyber and well as cyber-related systems outages.
One common aspect between traditional emergency and contingency best practice and emerging cyber-safety requirements is the strong need for rehearsals and exercises to support readiness. These are crucial for cyber-incidents as well as for accidental hardware or software failure and other causes of outages. That said, there are some additional considerations when addressing cybersafety.
One is a greater emphasis on making systems easy to isolate and quarantine should the underlying technical infrastructure be compromised. This allows the cyber experts to deal with the threat while also keeping operations going, albeit in a degraded mode.
Another is that a cyber-incident often needs specialist digital forensics capability to understand the nature and extent of the compromise, support an investigation and probable subsequent prosecution. Digital forensics is a highly technical skill and, as the Guide advises, ANSPs need to consider how to resource this and, if necessary, potentially establish a third-party contract prior to any incident, enabling specialist expertise to be activated the moment the need arises.
Finally, as with all safety best practice, consistency is key. An organisation may have one or more response plans that cover specific areas such as cyber-incident, degraded equipment, natural disasters etc, and it is important that these plans are aligned to reflect the overall principles in the emergency response procedure and ensure a consistent approach.
Taking the next step in cybersafety
As one of the contributors to the revised Guide, and chair of the CANSO Cyber Safety Task Force, I am particularly grateful for the inputs from colleagues at Avinor and CAAS, who led the revision exercise. It has enabled us to gather lots of ‘lessons learned’ from across the globe to share with the wider ATM community and inform and develop emergency response planning.
The Guide itself can be used by ANSPs that want to enhance their emergency response planning, and by those without a formal emergency response plan to develop one and to ensure cyber-incidents are addressed as well. As we all know, it is critical that every ANSP is able to ensure adequate response plans are in place to quickly and efficiently restore services after an unexpected event, including a cyber-related one, and I look forward to exploring this aspect further with CANSO community.
Read the Guide here and find out more about CANSO’s best practice guidance here.