The European Cyber security for aviation Standards Coordination Group is created to respond to this need. The ECSCG is a joint coordination and advisory group established to coordinate the cyber security for aviation related standardisation activities. A specific focus will be on activities stemming from the EC and EASA regulations, this does not exclude other market-driven standards.
The ECSCG kick-Off meeting took place on 30th October 2018 at the EUROCAE office in Saint-Denis, France.
Experts from the European regulators (European Commission and EASA) and other European and international standardisation bodies and organisations active in cyber security met to discuss the Terms of Reference of the Coordination Group with the goal to define a way to streamline standards developing activities in Europe.
The tasks of the ECSCG is to:
- develop, monitor and maintain an overarching European cyber security for aviation standards rolling development plan, in particular for those standards aimed at providing means to comply with cyber security rules under development initially based on the existing material contained in ER-017.
- facilitate the sharing of work among the Standard Developing Organisations (SDO's) thus identifying gaps and avoiding overlaps.
- monitor all relevant processes, resource availability and other related risks and issues.
- provide a forum to manage specific issues and resolution of conflicts.
- advise the EC and EASA on cyber security standardisation matters, as required.
- coordinate with other relevant stakeholders and other regional and global activities.
In order to fulfill its tasks, the ECSCG will need to:
- facilitate the participation of the various member organisations, in order to develop a comprehensive set of industry standards needed to cover the whole spectrum of aeronautical cyber security;
- identify and share a common recognition of the fields of competencies of the various contributors in order to avoid the risk of overlapping activities;
- establish and maintain a bidirectional information flow between regulators and all relevant actors, to ensure that changes, delays and new developments can be taken into account;
- maintain awareness of the status of upstream rationale and progress associated with identified needs for standardisation activities.
The main deliverable of the ECSCG is the European cyber security standardisation Rolling Development Plan (RDP) which will be progressively updated to reflect the current situation. It will also provide a method for the identification and discussion of overlaps and gaps, and as a basis for feedback to contributing organisations, to improve overall coordination of standards development.