Integrated Risk Management - an EASA perspective

Rachel Daeschler SM2017 EUR/NAT, Tallinn, Estonia 17 October 2017

2

What is our experience?

Managing the safety impact of security measures Cockpit doors Chemical Oxygen Generators in lavatories Laptop ban

Direct involvement in the mitigation of security risks Conflict Zones Cybersecurity in aviation

3

Laptop Ban

As a consequence of the potential ban of large Portable Electronic Devices (PEDs) from the passenger cabin, aviation safety authorities reviewed the potential safety impact.

Incidents involving lithium batteries in PEDs – 2012 - 2016

4

Laptop Ban

The transfer of large PEDs from cabin to cargo would increase significantly the risk of fire in the cargo compartment

And so would increase the risk of an uncontrollable fire

Additional safety measures would be necessary

5

Conflict Zones – what needs to be done?

Assessment of airspace security risks Mitigation: NOTAMs, Information, fly/no fly decisions

6

Conflict Zones – a European Alerting System

Cooperation between EU institutions, States, EASA, airlines Achieving a common EU risk assessment Using EASA’s Safety Publication system to support the mitigation

Conditions resulting from exploitation of vulnerabilities having an adverse safety

effect on the aircraft and/or its occupants

Cybersecurity in Aviation – what are we worried about?

Cybersecurity in Aviation – why are we worried…

EFB

ATM WWW

Pax Entert. Services

Software Hardware Software Software Hardware

Health and Usage Data

WWW

Flight Plans Weight & Balance

Manufacturer MRO Airline

Supp

liers

Software tampering Denial of SW crates distribution ICA modification

Maintenance data (e.g. lifing) corruption Tampering of GSE and EFB

Asset diversion SW tampering during shop maintenance

Denial of Service Attack Trojan, Virus and Malware infection

CNS Data spoofing CNS Data corruption

Cybersecurity: an example of integrated risk assessment

Cybersecurity in Aircraft Certification

9

10

Causes

Particular Risks

(System) Failures

(Human) Errors

Intentional Interaction

Cybersecurity in Aviation – Aircraft Certification

Maj

or

Min

or

Cata

stro

phic

Haza

rdou

s

Effects on

safety

Haza

rdou

s

Effects on

safety

Maj

or

Min

or

Haza

rdou

s

Effects on

safety

14

Closing remarks

Security risks vs safety risks: the notion of intent Integrating safety and security risk management is challenging

Organisations, Methodologies, Culture

But is needed when… there are interdependencies/conflicts in the risk mitigation strategies When the risk assessment is complex and better integrates upfront all sources of failures/errors/intentional interactions

Cooperation/Coordination between aviation security and aviation safety authorities can already achieve a lot

Thank you for your attention.