Our Vision

Cybersecurity vision.png



GCAA National Civil Aviation Cybersecurity Strategy


​​The UAE’s National Cybersecurity strategy aims to create a safe and strong cyber infrastructure in the UAE that enables its citizens, residents and stakeholders to fulfill their aspirations and empower businesses to thrive in a safe and secure environment. The UAE Cyber Security Council ( CSC ) responsible for developing and overseeing a cyber security strategy that promotes a secure and resilient cyber infrastructure in the United Arab Emirates and developing a comprehensive cybersecurity strategy and creating a safe and strong cyber infrastructure in the UAE. The strategy is based on 5 pillars and a number of initiatives aiming to mobilize the whole cybersecurity ecosystem in the UAE.
 
 
In line with the UAE National Cybersecurity strategy, the General Civil Aviation Authority (GCAA) developed its own civil aviation strategy to combat threats posed by cybersecurity to civil aviation operations in the UAE. This strategy is known as the ‘GCAA National Civil Aviation Cybersecurity Strategy’. This new GCAA Cybersecurity Strategy is our plan to ensure that the UAE remains assured, capable, and above all resilient in this fast-moving digital world and we continue to adapt, innovate and invest in order to protect and promote UAE’s civil aviation interests in the cyber space.

His Excellency Abdulla Bin Touq Al Marri
Minister of Economy
Chairman of the General Civil Aviation Authority
 ​
 


I am proud to present the General Civil Aviation Authority’s (GCAA’s) National Cybersecurity Strategy. This document will guide our collective efforts to prioritize cybersecurity measures within civil aviation over the years ahead.
 
The GCAA National Cybersecurity Strategy aligns with and supports the UAE National Cybersecurity Strategy. It defines clear pathways to integrate and improve the GCAA’s cybersecurity posture, safeguard the civil aviation systems, and build our capacity to meet the ever-changing cybersecurity environment through collaborative partnerships.
 
 
With each passing year, the magnitude and volume of cyber threat is increasing rapidly.  Cyber-attacks can be damaging as well as extremely expensive for civil aviation operations to endure. In addition to financial damage suffered by the entities, it can also inflict untold reputational damage to any organization. Cyber-attacks these days are becoming progressively destructive and Cybercriminals are using more sophisticated ways to initiate them.
 
The GCAA National Aviation Cybersecurity vision is to ensure that the Civil Aviation sector in the UAE remains safe, secure, reliable, sustainable and resilient to cyber-attacks. This is achieved by recognizing the obligations under the Convention on International Civil Aviation (Chicago Convention) to ensure the safety, security, and continuity of civil aviation, taking into account cybersecurity.
 
The aim of the GCAA Cybersecurity strategy is for the civil aviation industry to have in place a robust, flexible and dynamic mitigative measures to reduce potential cyber risks, supported by an agreed proportionate regulatory oversight scheme. This will enable civil aviation industry stakeholders to exploit the benefits of cyberspace without compromising aviation safety, security, air navigation, and continuity of services.
 
H. E. Saif Mohammed Al-Suwaidi
Director General of General Civil Aviation Authority of United Arab Emirates
 

Check and download the National Civil Aviation Cybersecurity Strategy:
GCAA National Civil Aviation Cybersecurity Strategy-V1-Jun-2023.pdf



THE UAE Civil Aviation Cybersecurity Policy



The ​objectives of the Civil Aviation Cybersecurity Policy are to ensure the security, resilience, and self-strengthening of the civil aviation system against cyber threats and risks. Additionally, it aims to facilitate seamless coordination in civil aviation cybersecurity response, fostering collaboration with key entities such as the UAE National Cybersecurity Council, State Security Department, Ministry of Interior, and Ministry of Defense.
 
H. E. Saif Mohammed Al-Suwaidi
Director General of General Civil Aviation Authority of United Arab Emirates

 Check and download the National Civil Aviation Cybersecurity Policy:
UAE CIVIL AVIATION CYBERSECURITY POLICY Issue 1.pdf

 

The National Civil Aviation Cybersecurity Guidelines

"In an era of rapid digital transformation, the aviation industry is more inter-connected than ever. With this increased connectivity comes the need for robust cybersecurity measures. We are proud to issue the National Civil Aviation Cybersecurity Guidelines, that align with the UAE Civil Aviation Cybersecurity Policy. A vital framework for safeguarding the integrity, confidentiality, and availability of aviation systems to its civil aviation stakeholders.

The National Civil Aviation Cybersecurity Guidelines aim to offer recommendations and best practices to help aviation stakeholders in the UAE develop their Cybersecurity programs to comply with the national mandate and protect against ever-evolving cyber threats. As a dynamic document, it will be regularly updated to stay ahead of emerging risks and ensure the resilience of the civil aviation system in the UAE.

Together, we are committed to building a secure aviation environment that not only meets today's challenges but also anticipates and takes into account threats of tomorrow."
 

H. E. Saif Mohammed Al-Suwaidi
Director General of General Civil Aviation Authority of United Arab Emirates


 Check and download the National Civil Aviation Cybersecurity Policy:

GCAA National Civil Aviation Cybersecurity Guidelines Version 1 Sept 2024.pdf


Reporting of Security Breaches (ROSB)



In today's ever-evolving threat landscape, maintaining a secure aviation environment is paramount. A robust and efficient mechanism for reporting security breaches, especially cyber security incidents, through the designated Reporting of Security Breaches (ROSB) Portal is crucial. The ROSB system plays a pivotal role in our commitment to cyber security, acting as a key element in addressing the dynamic challenges posed by evolving cyber threats. Swiftly identifying and reporting incidents related to cyber threats through the ROSB portal ensures proactive response, and dedication to protect aviation assets and infrastructure against cyber threats.


Access the system from here​


 

Aviation Security – Voluntary Reporting System



The objective of Aviation Security - Voluntary Reporting System is to enhance aviation security and cybersecurity through the collection of reports from the general public, on actual or potential aviation security deficiencies from the general public. This voluntary reporting system is different from mandatory reports captured from the registered users by GCAA through the Reporting of Security Breaches (ROSB) system.
 
The GCAA pays particular attention to ensuring the confidentiality of such information and protecting individuals' privacy. The UAE laws prohibit the processing of personal data without the consent of its owner, except for some cases in which the processing is necessary to protect public interest or when it is necessary for the proper administration of justice.​​​​
 
Access the system from here​


 GCAA Cybersecurity Action Plan


The goal of the Cybersecurity Action Plan is to achieve the objectives outlined in each of the seven pillars of the  National Civil Aviation Cybersecurity Strategy, It's a live plan that evolves with current developments in the field of cybersecurity and defines the objectives and measures to be followed to implement the civil aviation cybersecurity strategy and the framework.

 

The Cybersecurity Action Plan is a controlled document and to view the roadmap, please get in touch with the GCAA Cybersecurity Task Force through: Cyber@gcaa.gov.ae​​




 ​


​​
​​