Practical Guides
Essential Reading
Aviation Cybersecurity Guide
Aviation cybersecurity is now regulated by three overlapping frameworks: CAA CAP 1753, EASA Part-IS, and NIS2 — with fines for non-compliance reaching €10M or 2% of global turnover.
Aviation Incident Response Guide
Aviation operators must notify the CAA (NIS incidents), ICO (personal data breaches within 72 hours), and potentially EASA — all while managing operational disruption and media scrutiny.
Passenger Data and GDPR
British Airways was fined £20M by the ICO for a 2018 breach — the ICO found that BA failed to implement appropriate security measures for 500,000 customers' data.
Further Reading
Third-Party Vendor Risk in Aviation
EASA Part-IS and CAA CAP 1753 both explicitly require aviation operators to assess third-party supply chain cybersecurity risk — making vendor risk management a regulatory obligation.
Cyber Essentials for Aviation
Cyber Essentials certification is increasingly required by aviation insurers and supply chain partners — and the five controls map directly to CAA CAP 1753 baseline security expectations.