![Page 1: Airworthiness and Cyber Security Oversight · Step 1: Engagement. Step 2: Critical Systems Scoping. Step 3: Cyber Self-Assessment for Aviation. Step 4: ASSURE Cyber Audit. Step 5:](https://reader034.vdocument.in/reader034/viewer/2022052014/602bfa33babf1c6c6428526f/html5/thumbnails/1.jpg)
Airworthiness and Cyber Security Oversight
Nicky KeeleyHead of Cyber Security Oversight
![Page 2: Airworthiness and Cyber Security Oversight · Step 1: Engagement. Step 2: Critical Systems Scoping. Step 3: Cyber Self-Assessment for Aviation. Step 4: ASSURE Cyber Audit. Step 5:](https://reader034.vdocument.in/reader034/viewer/2022052014/602bfa33babf1c6c6428526f/html5/thumbnails/2.jpg)
What is cyber security?
![Page 3: Airworthiness and Cyber Security Oversight · Step 1: Engagement. Step 2: Critical Systems Scoping. Step 3: Cyber Self-Assessment for Aviation. Step 4: ASSURE Cyber Audit. Step 5:](https://reader034.vdocument.in/reader034/viewer/2022052014/602bfa33babf1c6c6428526f/html5/thumbnails/3.jpg)
Why is this relevant?
Video on lateral movement removed due to size
![Page 4: Airworthiness and Cyber Security Oversight · Step 1: Engagement. Step 2: Critical Systems Scoping. Step 3: Cyber Self-Assessment for Aviation. Step 4: ASSURE Cyber Audit. Step 5:](https://reader034.vdocument.in/reader034/viewer/2022052014/602bfa33babf1c6c6428526f/html5/thumbnails/4.jpg)
![Page 5: Airworthiness and Cyber Security Oversight · Step 1: Engagement. Step 2: Critical Systems Scoping. Step 3: Cyber Self-Assessment for Aviation. Step 4: ASSURE Cyber Audit. Step 5:](https://reader034.vdocument.in/reader034/viewer/2022052014/602bfa33babf1c6c6428526f/html5/thumbnails/5.jpg)
To have a proportionate and effective approach to cyber security oversight that enables aviation to manage their cyber security
risks without compromising aviation safety, security or resilience.
To stay up-to-date and positively influence cyber security within aviation to support the UK’s National Cyber Security Strategy.
Our Vision
![Page 6: Airworthiness and Cyber Security Oversight · Step 1: Engagement. Step 2: Critical Systems Scoping. Step 3: Cyber Self-Assessment for Aviation. Step 4: ASSURE Cyber Audit. Step 5:](https://reader034.vdocument.in/reader034/viewer/2022052014/602bfa33babf1c6c6428526f/html5/thumbnails/6.jpg)
Regulatory Landscape
![Page 7: Airworthiness and Cyber Security Oversight · Step 1: Engagement. Step 2: Critical Systems Scoping. Step 3: Cyber Self-Assessment for Aviation. Step 4: ASSURE Cyber Audit. Step 5:](https://reader034.vdocument.in/reader034/viewer/2022052014/602bfa33babf1c6c6428526f/html5/thumbnails/7.jpg)
Cyber Security Oversight ProcessStep 1:
Engagement
Step 2:Critical Systems Scoping
Step 3:Cyber Self-Assessment for
Aviation
Step 4:ASSURE Cyber Audit
Step 5:Provisional Statement of
Assurance
Step 6:Final Statement of Assurance
and Letter of Compliance
See CAP1753
![Page 8: Airworthiness and Cyber Security Oversight · Step 1: Engagement. Step 2: Critical Systems Scoping. Step 3: Cyber Self-Assessment for Aviation. Step 4: ASSURE Cyber Audit. Step 5:](https://reader034.vdocument.in/reader034/viewer/2022052014/602bfa33babf1c6c6428526f/html5/thumbnails/8.jpg)
Critical System Scoping
• Think about your essential services– top down
• Keep an eye on what’s critical to avoid scope creep
• Find your security boundaries
• Identify your critical suppliers
• Don’t forget your operational technology!
![Page 9: Airworthiness and Cyber Security Oversight · Step 1: Engagement. Step 2: Critical Systems Scoping. Step 3: Cyber Self-Assessment for Aviation. Step 4: ASSURE Cyber Audit. Step 5:](https://reader034.vdocument.in/reader034/viewer/2022052014/602bfa33babf1c6c6428526f/html5/thumbnails/9.jpg)
CAF for Aviation
![Page 10: Airworthiness and Cyber Security Oversight · Step 1: Engagement. Step 2: Critical Systems Scoping. Step 3: Cyber Self-Assessment for Aviation. Step 4: ASSURE Cyber Audit. Step 5:](https://reader034.vdocument.in/reader034/viewer/2022052014/602bfa33babf1c6c6428526f/html5/thumbnails/10.jpg)
ASSURE Cyber Suppliers ASSURE Cyber Professionals
ASSURE Cyber Audit
![Page 11: Airworthiness and Cyber Security Oversight · Step 1: Engagement. Step 2: Critical Systems Scoping. Step 3: Cyber Self-Assessment for Aviation. Step 4: ASSURE Cyber Audit. Step 5:](https://reader034.vdocument.in/reader034/viewer/2022052014/602bfa33babf1c6c6428526f/html5/thumbnails/11.jpg)
Statement of Assurance
Completed Critical Systems Scoping Templates
Completed Critical system scoping diagrams
ASSURE Audited CAF for Aviation for all in-scope systems
ASSURE Audit Report
Corrective Action Plan supporting documents
![Page 12: Airworthiness and Cyber Security Oversight · Step 1: Engagement. Step 2: Critical Systems Scoping. Step 3: Cyber Self-Assessment for Aviation. Step 4: ASSURE Cyber Audit. Step 5:](https://reader034.vdocument.in/reader034/viewer/2022052014/602bfa33babf1c6c6428526f/html5/thumbnails/12.jpg)
Performance Based Oversight
![Page 13: Airworthiness and Cyber Security Oversight · Step 1: Engagement. Step 2: Critical Systems Scoping. Step 3: Cyber Self-Assessment for Aviation. Step 4: ASSURE Cyber Audit. Step 5:](https://reader034.vdocument.in/reader034/viewer/2022052014/602bfa33babf1c6c6428526f/html5/thumbnails/13.jpg)
Letter of Compliance• Engagement with CAA• Completion of critical system scoping
activity• Completion of Cyber Self-Assessment• Procurement of ASSURE Cyber Audit
where required• Progress towards or maintenance of
appropriate and proportionate cyber security controls in line with the agreed profile
• Notification of reportable incidents (if applicable)
• Notification of cyber security change• Information requests