Public
Industry
ASD's view on cybersecurity in aviation
Explore ASD’s perspective on the EU’s NIS2 Directive and its impact on aviation cybersecurity. Understand why ASD believes the existing Part IS framework surpasses NIS2 in providing robust security measures, reducing administrative burdens, and protecting the EU’s aviation safety and economy.
ASD has expressed concerns over the applicability to aviation manufacturing of the EU’s latest Network and Information Security (NIS2) Directives. NIS2 aims to establish a common level of network and infrastructure security across the Member States. However, ASD argues that it adds unnecessary complexity and costs without significantly improving cybersecurity.
ASD believes that the existing framework, Part IS (EU 2022/1645 applicable to Production Organisations and EU 2023/203 applicable to competent authorities of Production Organisations), already provides robust cybersecurity measures. The association suggests considering EU 2022/1645 Part IS as a lex specialis to EU 2022/2555 NIS2. The application of NIS2 would increase the administrative burden by adding an additional authority for each Member State where production sites exist. ASD emphasises that Part IS is more comprehensive and extensive than NIS2 for critical entities.
ASD argues that the existing Part IS requirements, which mandate an Information Security Management System (ISMS), exceed the requirements for Important Entities in NIS2 and are proportionate for the size and complexity of an aviation organisation. Therefore, ASD considers Part IS to be the most effective and comprehensive sector-specific legislation to protect against threats to aviation safety and the economy of the European Union.
ASD Position Paper on Applicability of NIS2 to Aviation Manufacturing
ASD's Position Paper on the applicability of NIS2 to aviation manufacturing imposes an unnecessary burden and is redundant to existing aviation regulations. 8 November 2023.