Air Transport Publications
Login   |   Register
jobs Jobs
events Events
My bookmarks

Safe and secure

A proposed declaration on cybersecurity was adopted by the 39th ICAO Assembly in 2016, so should airlines be worried about the implications of the incoming EU cybersecurity regulations? Stephanie Taylor investigates

On 25 May 2018, the European Union will introduce two new cybersecurity regulations, but according to Robert Brown, Executive Chairman of UK-based cybersecurity company RazorSecure, 80% of the aviation industry is not prepared to meet them.

The first is the General Data and Privacy Regulations (GDPR) directive, which decrees data privacy is a right for EU citizens. The EU’s definition of personal data is supposedly broader than in the US, and includes everything from credit card numbers to Internet Protocol addresses and CCTV images.

“The essence of this law is data ownership. EU citizens own their own data under GDPR, so that means companies need consent to store it and that EU citizens can revoke their consent if they so wish,” explains Brown. “What aviation companies don’t seem to understand is that this right applies to all EU citizens wherever they are, not just when they’re in Europe. It’s a far-reaching thing.”

The consequences are far-reaching too. If companies are deemed non-compliant with the GDPR, or personal information is stolen from them and they don’t inform regulators of a breach within 72 hours, they could be faced with fines amounting to 2% of their global annual revenue (4% if they’re a repeat offender).

Take Uber, which recently admitted suffering a security breach in 2016 that affected 57 million users. That year, the company reported a net revenue of $6.5 billion, meaning if the GDPR was already in place, they would have been handing over a cool $120 million in fines.

The second incoming regulation is the Network and Information Systems (NIS) directive, which is subject to the same steep penalties. It concerns critical infrastructure (including airlines and airports) and, as Brown identifies, “anything that, if it doesn’t work properly, can cause problems for us as a nation”.


He continues: “The old way of protecting assets – putting up a firewall up and using network segregation – uses static cyber tools, but the EU is asking for active cybersecurity. That means it wants all these systems monitored regularly in real-time, so they can detect anything that’s not normal and then protect themselves.”

This is the first time cybersecurity will be subject to legal requirements – something that rugged computer solutions provider, VT Miltope is taking seriously. At the APEX EXPO in Long Beach during September 2017, the company signed an exclusive two-year contract with RazorSecure to use the latter’s Delta software to protect its Cabin Wireless Access Points (CWAPs).

Brown says the formation of the partnership was swift – the two companies had first met six months earlier at the Aircraft Interiors Expo in Hamburg (RazorSecure itself was only founded in 2015). Integrating RazorSecure’s Delta software with VT Miltope’s CWAPs took approximately three months from start to finish.

“We have to go through a formal process,” states Brown. “We work with engineers on the integration process, then we have to go through stress testing to make sure what we’ve added hasn’t affected the performance of their unit. The final part is to do penetration testing. We get an independent company to test the solution and make sure we as RazorSecure aren’t adding any vulnerabilities into the system. Then we bench test it, and away we go!” >>


To download the PDF file for this article, you have to pay the amount by pressing the PayPal button below!

Filename: Safe and secure.pdf
Price: £10

Contact our team for more information!

The Airlines channel

Industry blog
Highlights from the Cabin Refurbishment & Repair Conference


You must be logged in to post a comment.

Please login or sign up for a free account.

Disclaimer text: The views expressed in the above comments do not necessarily express the views of Air Transport Publications Ltd. or any of its publications.