Aviation industry stakeholders interviewed by the IEC editorial team stress the importance of international standards for protecting the aviation industry from cyber attacks.
Additionally, the IEC 62443 series of standards developed for industrial-process measurement, control and automation, defines procedures for implementing electronically-secure Industrial Automation and Control Systems (IACS), and is also mentioned as being essential for protection from cyber threats.
Aviation industry stakeholders also list the US National Institute of Standards and Technology (NIST) Cyber Security Framework for Improving Critical Infrastructure, as being vital for cyber security. The framework gives guidance to “identify, protect, detect, respond and recover” from cyber threats in order “to provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk”.
For this, the ‘Framework Core’ refers specifically to ISO/IEC 27001 and to standards from the IEC 62443 series.
In addition to managing and protecting from cyber threats, IEC has developed many international standards which are critical for airport security. For example, for cards and personal identification, for machine-readable passports, machine-readable visas and official travel documents, and standards for biometrics.
ISO/IEC 24713–2:2008 is an international standard covering “biometric profiles for interoperability and data interchange” specific to “physical access control for employees at airports”. It covers the basic biometric functions of enrolment, verification and identification and includes a database interface.
A holistic industry-wide risk management approach to all safety and security aspects, (including physical and cyber security), is essential for the aviation industry. This approach requires close cooperation, communication and exchange of information between all stakeholders and operators, implementation of existing standards and the future adoption of those under development.
Going forward, it is essential that future airports and terminal buildings are secure by design, with physical and cyber security measures incorporated from the design phase, not added later.
Read more in IEC e-tech: Thwarting cyber attacks in aviation