In December 2024, aviation security professionals and state delegations from around the world gathered in Muscat, Oman, for the International Civil Aviation Organisation (ICAO) annual Security Week. With the theme “Sustainable Future of Aviation Through Security,” the event delved into critical topics, including aviation cyber security and other emerging challenges in the sector. Among the many highlights of this pivotal week was the adoption of the Muscat Declaration on Aviation Security and Cybersecurity, setting a new course for safeguarding global aviation.
In this Q&A, we sat down with Dorota Broom to reflect on key moments from the event and discuss the significance of the Muscat Declaration in ensuring aviation continues to connect the world, foster social and economic development, and facilitate travel, trade, and tourism — while remaining effectively protected.
CAAi attended ICAO Security Week. What are your initial reflections?
Security Week provided an excellent opportunity to connect with many of our colleagues, strengthen existing relationships, and establish new ones. We extend our heartfelt thanks to the hosts, the Oman CAA, for their incredible hospitality. The event beautifully reflected the cultural diversity of aviation, particularly within the aviation security community. We also sincerely thank all ICAO staff for their exceptional support.
How would you describe the Muscat Declaration and its significance for aviation security?
The Muscat Declaration is a strategic commitment to enhancing global aviation security and cybersecurity, focusing on collaboration, the capability to recognise threats, integration between safety and security, and ensuring a well-trained, motivated, and capable workforce.
The Declaration affirms that aviation connects the world, making trade, tourism, and development possible, and therefore must be appropriately protected. The lack of major security incidents does not reflect a lower security risk; therefore, vigilance must be maintained. Ensuring appropriate human resources in the aviation security sector is also challenging, which is why training, capability building, prioritisation, and coordination remain critical.
How does CAAi contribute to the global aviation security community, and what actions is it taking to support the priorities outlined in the Muscat Declaration?
To ensure support reaches those who need it most and in support of ICAO’s No Country Left Behind initiative, CAAi, as a registered Social Enterprise, established a reinvestment fund in 2017. By allocating funds from standard service fees, CAAi can deploy critical assistance to States, aviation organisations, and individuals who might otherwise lack access to essential resources. We provide support across all Global Aviation Security Plan (GASeP) priority areas and are well-positioned to offer guidance on the key issues highlighted in the Muscat Declaration.
Photo: CAAi’s Matthew Margesson, Sophie Hibbin and Dorota Broom attending ICAO Security Week with Rapiscan in Muscat, Oman.
What steps should be taken following the adoption of the Muscat Declaration to ensure it translates into tangible outcomes?
The Muscat Declaration provides a strategic framework, but it must be translated into clear, actionable steps to truly make an impact. We need to define practical measures under each point of the declaration. States, organisations, and industry leaders that have pioneered innovative approaches or implemented successful initiatives should be studied, and their best practices shared widely.
Equally important is measuring progress to ensure the declaration doesn’t remain a document of good intentions. Regular reviews, workshops, and progress reports will be vital to track how effectively the actions are being implemented and whether they are addressing the intended challenges. By fostering a culture of accountability and cooperation, we can ensure the Muscat Declaration drives real, meaningful improvements in global aviation security and cybersecurity.
Let’s start with awareness of threats to aviation. What can we do to strengthen efforts in addressing new and existing threats from insiders and cyber-attacks?
First, by offering targeted training on threats to aviation and risk management, we empower staff at all levels to identify and respond effectively to potential risks. It is important to provide specialised techniques to address insider threats for supervisors, managers, and senior managers. For example, CAAi is delivering Managing Insider Risks training, where delegates go through the insider risk assessment process and learn about group-level risk assessment. Additionally, raising awareness of insider risk among all staff is fundamental. This can be done through security culture campaigns. On behalf of ICAO, CAAi developed a range of free security culture tools that organisations can download and use.
How can we encourage the implementation of regular cybersecurity training and awareness sessions for aviation personnel to ensure they have the necessary skills?
Regulators are best placed to encourage the industry to regularly train their staff—not necessarily by enforcing it, but by developing voluntary programmes. For example, SeMS in the UK is voluntary, yet many entities decide to introduce the system as its benefits are clear. The development of clear and straightforward guidance materials for the industry would also help.
Incorporating cybersecurity culture into the broader security culture strategy is vital in today’s rapidly evolving digital landscape. This ensures that cybersecurity risks are addressed alongside traditional security concerns, providing a more holistic and robust framework for aviation security. The first step would be to review your security culture strategy, identify gaps, and incorporate cybersecurity culture into the strategy.
”The lines between physical security and cyber threats are increasingly blurred in today’s interconnected environment
Another point specified by the Declaration is to give aviation security and cybersecurity the same importance, high priority, and support as applied to other aspects of civil aviation. How can this be achieved?
The lines between physical security and cyber threats are increasingly blurred in today’s interconnected environment. For years, we have been emphasising that aviation security should be given the same importance as aviation safety. Eventually, the development of a strong security culture became a GASeP priority area, and now the whole concept is much more advanced and mature.
We should first review our security culture strategy and ensure cybersecurity culture is part of it. As with security culture, senior management commitment is essential. However, we can also review our approach to cybersecurity oversight, moving towards a risk—and performance-based approach.
Another point of the Muscat Declaration is to expedite the implementation of the ICAO Aviation Cybersecurity Strategy and its Cybersecurity Action Plan. These documents are easy to read and well-structured; cross-checking the documents with what we already have implemented in our organisation may be an easy first step — expediting their implementation and ensuring equal priority for cybersecurity.
How can we ensure effective coordination of aviation safety, security, and cybersecurity to benefit from shared knowledge and strengthened efforts?
CAAi is currently working on a three-year research project for EASA titled “Impact of Security Measures on Safety.” We have learned that better integration between safety and security is much needed and even expected; however, the development of specific communication and integration channels may be challenging.
We should start by building a deeper understanding of their interdependencies and identifying where security can learn from safety. In the security domain, this means being open to cooperation with our safety colleagues, investigating which safety meetings we can attend, developing information exchange channels, and analysing how safety colleagues can contribute and what information can be shared without compromising sensitive data. Training is another key aspect—providing security personnel with a basic understanding of safety and cybersecurity concepts and safety colleagues with basic principles of security issues and current threats could help bridge knowledge gaps and foster a more integrated approach. Finally, promoting collaboration through campaigns that encourage breaking down silos, sharing information, and learning together is essential. This is by no means an easy task; it requires cultural and perceptual changes, but we are certainly at the beginning of this integration process.
How can we secure sufficient resources to ensure qualified and competent professionals are available to regulate, operate, manage, maintain, and oversee the effective implementation of aviation security and cybersecurity measures?
This is indeed a challenging area, but the solution may lie in a deeper focus on professionalisation and the integration of human factors into aviation security roles. Elevating these roles to make them attractive career choices is crucial. This means offering competitive remuneration and career progression opportunities and enhancing the perceived value and prestige of these positions within the broader aviation sector. We need to invest in tailored education and training programmes, establish clear professional pathways, and create recognition frameworks that acknowledge the expertise and dedication required for these roles.
Fostering a culture that emphasises the importance of security and cybersecurity as integral to aviation safety is essential. Collaborating with academic institutions and industry stakeholders to build a pipeline of qualified professionals and leveraging global initiatives to share best practices and resources will also be key to addressing this resource challenge effectively.
Photo: Sophie Hibbin delivering a speech at ICAO Security Week.
How can States be supported in adopting risk-based and outcome-focused policies, standards, regulations, and innovative approaches?
First, review the approach to policy and regulation development to ensure it aligns with modern risk-based methodologies. Assessing the maturity of regulators and industry players can help identify gaps and areas for improvement. Implementing more mature standards requires a degree of maturity from both the regulator and the industry. Developing a maturity assessment tool could be beneficial. Tailored risk assessment and management training should be provided to build competence and confidence among regulators and stakeholders.
Investigating specific areas within aviation security where outcome-focused policies and requirements can be applied will further drive innovation and efficiency. For example, the UK CAA implemented performance-based oversight in security training and introduced a new instructor certification system using an outcome-based digital assessment as part of its modernisation journey.
”It’s clear that the Muscat Declaration serves as a vital roadmap for advancing global aviation security and cybersecurity
The Muscat Declaration emphasises the need for more comprehensive guidance materials on security and cybersecurity. How can enhanced cooperation in their development be achieved?
The Muscat Declaration highlights cooperation as a recurring theme, pointing out that much more can be achieved in this area. Cooperation can be fostered at multiple levels, starting with international platforms and established working groups that can drive collaborative efforts. Within individual entities, there is significant potential to enhance integration by fostering stronger connections between cybersecurity teams and other areas, such as security and safety.
Having discussed most of the key points of the Muscat Declaration and proposed specific actions, what are your overall reflections on its vision and the steps needed to achieve its objectives?
It’s clear that the Muscat Declaration serves as a vital roadmap for advancing global aviation security and cybersecurity. The emphasis on enhanced cooperation, awareness of threats, comprehensive guidance materials, and bridging gaps in resources and diversity highlights a forward-thinking and inclusive vision for the future. The Declaration also underscores the importance of professionalisation, specialised skills, and fostering a culture of collaboration across all levels of the aviation sector. Achieving this is everyone’s responsibility.
Photo: Highlights of Sophie’s presentation at ICAO Security Week in Muscat, Oman.
In conclusion, the Muscat Declaration sets a clear path for advancing global aviation security and cybersecurity through cooperation, training, and integrated frameworks. By turning its principles into actionable steps and fostering a culture of vigilance and collaboration, the aviation community can ensure a safer, more sustainable future for global connectivity.
