Introducing CAA ASSURE – Enabling the Aerospace industry to
achieve higher standards of safety
In aerospace and aviation, the physical aspects of safety are no longer exclusively synonymous with security. The CAA has also decided to focus on cybersecurity with the introduction of ASSURE.
Leamington Spa, Warwickshire: LRQA Nettitude have recently announced a new accreditation with the Civil Aviation Authority and Crest. The CAA ASSURE accreditation introduces a new cybersecurity audit model for third parties providing services to the Aerospace industry. Within this, there are a new set of requirements that ensure cybersecurity providers are subject to a rigorous and continuous accreditation process under the ASSURE Scheme.
This scheme is part of the wider UK Aviation Cyber Strategy, in which the CAA have set out an approach that ensures cybersecurity will continue to be collaborative and supportive for the sector. The CAA’s vision is that the UK’s transport sector remains ‘safe, secure and resilient in the face of cyber threats, and able to thrive in an increasingly interconnected, digital world’. As part of this, the CAA were tasked by DfT to develop and implement a regulatory framework for cybersecurity, as well as facilitating oversight of the industry’s activities that relate to mitigating potential cyber risks for civil aviation in the UK.
The CAA has reformatted the Cyber Assessment Framework (CAF), developed by the NCSC, specifically for aviation, in which it will be used by aviation organisations to self-assess against fourteen principles across four broad objectives. ASSURE Cyber Suppliers and Cyber Professionals will then perform an ASSURE Cyber Audit on an aviation organisation’s CAF for Aviation self-assessment.
Ben Densham, CTO of LRQA Nettitude comments –
“It’s essential that the ever-changing threats from cyber risks are understood from both a security and safety standpoint. The CAA ASSURE Scheme is a robust and tailored scheme designed to deliver assurance to aviation providers that these risks are being identified, the impacts understood and the appropriate measures being put in place. Ensuring the UK’s aviation sector is best prepared to meet the current and future cyber threats is the objective and LRQA Nettitude is pleased to be able to support and champion this.”
Peter Drissell, Director of Aviation Security at the UK Civil Aviation Authority (CAA) comments –
“The CAA is committed to broad and collaborative engagement with industry and key stakeholders to continuously improve our cybersecurity oversight model. “By working with CREST to develop the ASSURE accreditation scheme, the aviation industry has access to the highest levels of skill, knowledge and competence to face the changing threat landscape and encourage a proactive approach to cybersecurity.”
The benefits of this new partnership include.
- We are now an accredited ASSURE Cyber Supplier in which our staff have become accredited ASSURE Cyber Professionals across all specialism areas in the process.
- Our knowledgeable, experienced and qualified cyber professionals can be deployed to assess an audit.
- We can provide a validated opinion of ‘achieved’, ‘partially achieved’ or ‘not achieved’ with associated commentary against each CAF for Aviation contributing outcome.
- Recommendations will be provided where ‘partially achieved’ or ‘not achieved’ contributing outcomes have been identified from an ASSURE Cyber Audit.
About LRQA Nettitude:
Founded in 2003, as an industry thought leader, LRQA Nettitude aspires to lead the way in cybersecurity and technical assurance, on a global scale. Whilst many cybersecurity measures are reactive to emerging threats, we believe in proactively working with our clients to put in place preventative measures that reduce business’s vulnerabilities.
LRQA Nettitude provide a range of award-winning cybersecurity services from Penetration Testing to Security Risk and Consulting, Compliance Management, Incident Response, Training, Managed Security Services and Vulnerability Research.
CREST is an international not-for-profit accreditation and certification body that represents and supports the technical information security market.
The Civil Aviation Authority (CAA) is the statutory corporation which oversees and regulates all aspects of civil aviation in the United Kingdom. Its areas of responsibility include: supervising the issuing of pilots’ licences, testing of equipment, calibrating of navaids, and many other inspections (Civil Aviation Flying Unit), managing the regulation of security standards, including vetting of all personnel in the aviation industry (Directorate of Aviation Security), and overseeing the national protection scheme for customers abroad in the event of a travel company failure (Air Travel Organisers’ Licensing – ATOL). The CAA is a public corporation of the Department for Transport, liaising with the government via the Standards Group of the Cabinet Office.