As airports continue to embrace digital transformation and rely on advanced technologies, safeguarding critical assets and sensitive data has become paramount. In this current digital age, the aviation industry faces an ever-evolving landscape of cyber threats, making robust cybersecurity measures a necessity.
Through advocacy and the development of programs and services, ACI World is fully committed to developing safe and secure airport operations in the realm of cybersecurity. Our comprehensive approach focuses on equipping airports with training, tools, and guidance to mitigate risks, detect and respond to threats, and build resilient systems.
APEX in Cybersecurity
The APEX Cybersecurity Assessment program is an onsite airport review led by industry peers and experts and serves as a starting point for assessing cybersecurity practices at airports. The program provides a holistic and proactive approach to assessing and enhancing an airport’s cybersecurity posture.
Cybersecurity External Resources
Below is an overview of regulations, standards, and guidance related to aviation cybersecurity at a global level. It is meant to be a starting point and will be regularly updated.
For more information, comments, and suggestions related to this web page, or if you would like to engage with us on aviation cybersecurity, please contact us at airportit@aci.aero.
ICAO Cybersecurity Action Plan – The ICAO Cybersecurity Action Plan was developed to support States and the industry in the adoption of the Aviation Cybersecurity Strategy. This document provides fundamental information for ICAO, States, and the industry on the proposed principles, measures, and actions to achieve the objectives of the Aviation Cybersecurity Strategy.
ICAO Cybersecurity Policy Guidance – ICAO has developed guidelines relative to the protection and resilience of critical infrastructure against cyber threats within international civil aviation.
NIST Cybersecurity Framework (CSF) 2.0 | Workshop #2 – The NIST Cybersecurity Framework 2.0 offers an updated and comprehensive set of guidelines and best practices designed to help organizations manage and reduce cybersecurity risks effectively.
MITRE ATT&CK Framework – MITRE ATT&CK is a comprehensive knowledge base and methodology for understanding and categorizing the tactics, techniques, and procedures (TTPs) that adversaries use to compromise and navigate through computer systems.
ISO/IEC 27001 Standard – Information Security Management Systems – ISO/IEC 27001 provides a model to facilitate the process of establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system.
Aviation ISAC (a-isac.com) – The A-ISAC website is a valuable resource for aviation-specific cybersecurity threats and intelligence sharing.
AirCyber – Air Cyber is a collaborative program for the standardization and increased maturity of cybersecurity levels.
IATA - Aviation Cyber Security – From the airline industry side, IATA also supports shaping the nature of how the industry responds to cyber security challenges.
ATM cybersecurity maturity model | EUROCONTROL – The Cybersecurity Maturity Model describes a range of capabilities to be adopted in an organization for an effective approach to cybersecurity.
SafeSkies – The National Safe Skies Alliance, Inc. is a non-profit organization that works with airports, government, and industry to maintain a safe and effective aviation security system.
Cybersecurity Training
ACI’s training in cybersecurity provides airports with a comprehensive offer intended for all levels of airport managers and specialists. Through our training programs, ACI provides individuals with the knowledge and tools for the effective management of cybersecurity for their airport’s systems, networks, and data.
Cybersecurity Publications
ACI World produces cybersecurity publications highlighting best practices and industry driven statistics and analyses. Browse our list of publications below to gain insight on the industry and to find resources dedicated to improving airports cyber environment.