Aviation Cybersecurity Oversight
3-day course | Classroom & In-company training, or
4-day course | Virtual training (5-hour daily sessions)
- ICAO TRAINAIR PLUS COURSE
- Interpret the 6 steps of the UK CAA’s Cybersecurity Oversight Process for Aviation
- Learn how to conduct a critical systems scoping exercise
- Explore the synergies between SMS and SeMS
What is Cybersecurity Oversight?
Cybersecurity risk profiles are dynamic, meaning attackers are always looking to exploit vulnerabilities and can quickly develop new ways of breaching cyber defences. The aviation sector’s progressively interconnected systems require the sector to maintain an up-to-date awareness of both direct and indirect cybersecurity threats and hazards. The changing threat landscape therefore, encourages a proactive approach to cybersecurity and in response means aviation organisations need dynamic protection.
In line with ICAO’s Aviation Cybersecurity Strategy and the corresponding Cybersecurity Action Plan, ICAO is partnering with the UK’s Civil Aviation Authority (CAA) to address cybersecurity oversight.
The course builds on UK CAA’s experience in developing and implementing its cybersecurity oversight framework to ensure a proportionate and effective approach to cybersecurity oversight that enables aviation to manage their cybersecurity risks without compromising aviation safety, security, or resilience.
Aviation regulations increasingly include cybersecurity requirements and the aviation sector needs to demonstrate compliance with them. This ICAO TRAINAIR Plus course provides in-depth knowledge and insight into the cybersecurity regulations and how the oversight process developed by the UK CAA is one model that could be used to cover them.
The course provides practical examples and application of this material which can be taken away with you. This course is not a cybersecurity training course and will not provide general cybersecurity awareness or training.
This course is suitable for individuals in any role responsible for managing or implementing cybersecurity / Information Security, Compliance Managers or other regulators implementing cybersecurity oversight.
This training course will include the following topics:
- ICAO Annex 17
- Aviation Cybersecurity regulatory requirements and threat landscape
- Cybersecurity Oversight Process for Aviation (CAP1753)
- Cybersecurity Strategy
By the end of this course, learners will be able to:
- Describe the relevant aviation cybersecurity regulatory requirements applicable to the aviation sector internationally and nationally, as well as explain how Risk Based Oversight (RBO) and Performance Based Oversight (PBO) can be utilised.
- Understand and interpret the 6 steps that form the UK CAA’s Cybersecurity Oversight Process for Aviation (CAP1753), as one model for cybersecurity oversight.
- Understand the importance of identifying a scope and how to conduct a critical systems scoping exercise.
- Measure an organisation against the 14 principles of cybersecurity good practices, identify a variety of standards which are available to use (e.g., NIST, ISO27K standards), and understand how the UK’s Cyber Assessment Framework for Aviation could be used to support this.
- Prepare and consolidate the evidence required for a Cyber Audit and requirements around levels of assurance.
- Understand how to collate self-assessments, conduct audits and create Corrective Action Plans.
- Understand the synergies between Safety Management System (SMS) and Security Management System (SeMS), as well as the possible options for implementing an Information Security Management Framework using the documentation produced from self-assessment, audit, and corrective actions plans.
- Understand as a regulator or NAA, how to set a required level of cybersecurity and considerations on how to assess cybersecurity submissions from overseen entities.
You should be a stakeholder for cybersecurity within your organisation, you might be responsible for cybersecurity or for its oversight.
Meet your Instructors
Aviation Cybersecurity Oversight
Shaun Southall is a Cyber Security Oversight Specialist with the UK Civil Aviation Authority, bringing over 20 years of experience across physical and information security disciplines. Shaun has a strong working knowledge of both industry-specific regulations, and broader control frameworks as part of his role of progressing Airports, Airlines and Air Navigation Service Providers through the UK’s Cyber Security Oversight Process for Aviation which is his core area of responsibility since joining the CAA in 2021.
Shaun’s expertise spans Governance, Risk and Compliance, and his other core competency areas include Cloud Security and Quantitative Risk Analysis. He holds a number of industry accreditations, and in 2020 he completed the International Security Management Institute’s Level 6 Certified Security Management Professional Diploma. Shaun was also awarded ‘Freedom of the City of London’ for services to the Security Industry.
Shaun’s training experience includes developing and co-delivering ‘Continued Professional Development Days’ for ASIS CPP holders for several years. More recently, Shaun has been part of ECAC’s BPNA (Best Practices for National Auditors) training programme, delivering several modules from the three-day course to delegates from Civil Aviation Authorities across Europe, underlining his passion for improving standards in cybersecurity throughout the aviation industry.
We offer two different ways to attend this course:
- Face-to-Face Classroom Course: Embrace the traditional learning method by attending our physical training venue. Benefit from direct interaction with our instructors and fellow participants, creating an immersive and hands-on learning experience. To book a classroom course, please check the booking table at the top of this page and select your preferred training venue location.
- Instructor-Led Virtual Course: Enjoy the flexibility of attending this training remotely from your home or office with our live virtual course. Engage in interactive learning from anywhere in the world. We usually use WebEx or Zoom for our virtual courses. To attend this course virtually, look for the ‘online’ venue option in the booking table above.
Please note that course durations may vary slightly between our face-to-face and virtual deliveries. Please refer to the start and end date of your chosen course.
Our goal is to offer flexible, effective and convenient course delivery methods that suit your preferences and learning needs. Please choose the option that works best for you!
If you can’t see a classroom or virtual option, we likely haven’t released the next set of dates. Please get in touch to find out when we’ll announce the new dates, and we’ll be sure to keep you informed once they are available or even add you to our waiting list.
No reviews yet
Other courses you might be interested in
Accountable Manager – Security Management System (SeMS)
This 1-day course will provide a high level overview of the principles of a Security Management System, outline the role of the Accountable Manager and illustrate how implementing a SeMS will help maintain the integrity of aviation security within entities responsible for managing their own security risks.