The UK’s Civil Aviation Authority (CAA) has unveiled its new Assure cybersecurity scheme, developed in partnership with CREST, the not-for-profit accreditation and certification body for the technical security industry.
Assure will play a key role in the CAA’s Cybersecurity Oversight strategy, enabling the aviation industry – including airlines, airports and air navigation service providers – to manage cybersecurity risks without compromising aviation safety, security or resilience, and to support the UK government’s National Cybersecurity Strategy.
Crest and the CAA have accredited the first specialist cybersecurity third-party suppliers under the rigorous and continuous accreditation process defined in the Assure framework. To become an accredited Assure cyber supplier, an organization must have Crest membership in one of its core disciplines and submit an application for Assure accreditation for review by Crest and the CAA. Accredited Assure cyber professionals must demonstrate extensive knowledge in at least one of the following three Assure specialisms: cyber audit and risk management, technical cybersecurity and ICS/ OT.
“The CAA is committed to broad and collaborative engagement with industry and key stakeholders to continuously improve our cyber security oversight model,” said Peter Drissell, director of aviation security at the CAA. “By working with Crest to develop the Assure accreditation scheme, the aviation industry has access to the highest levels of skill, knowledge and competence to face the changing threat landscape and encourage a proactive approach to cybersecurity.”
Where stipulated by the CAA, aviation organizations will be required to complete a self-assessment of their cyber security using the CAA’s Cyber Assessment Framework (CAF) for Aviation, which can be applied to organizations of varying size and complexity. Organizations may then be required to contract with an Assure cyber supplier through the Assure buyer’s platform to audit their completed CAF for Aviation self-assessment, on behalf of the CAA.