GCAA National Civil Aviation Cybersecurity Strategy


​​The UAE’s National Cybersecurity strategy aims to create a safe and strong cyber infrastructure in the UAE that enables its citizens, residents and stakeholders to fulfill their aspirations and empower businesses to thrive in a safe and secure environment. The UAE Cyber Security Council ( CSC ) responsible for developing and overseeing a cyber security strategy that promotes a secure and resilient cyber infrastructure in the United Arab Emirates and developing a comprehensive cybersecurity strategy and creating a safe and strong cyber infrastructure in the UAE. The strategy is based on 5 pillars and a number of initiatives aiming to mobilize the whole cybersecurity ecosystem in the UAE.
 
 
In line with the UAE National Cybersecurity strategy, the General Civil Aviation Authority (GCAA) developed its own civil aviation strategy to combat threats posed by cybersecurity to civil aviation operations in the UAE. This strategy is known as the ‘GCAA National Civil Aviation Cybersecurity Strategy’. This new GCAA Cybersecurity Strategy is our plan to ensure that the UAE remains assured, capable, and above all resilient in this fast-moving digital world and we continue to adapt, innovate and invest in order to protect and promote UAE’s civil aviation interests in the cyber space.

His Excellency Abdulla Bin Touq Al Marri
Minister of Economy
Chairman of the General Civil Aviation Authority
 ​
 


I am proud to present the General Civil Aviation Authority’s (GCAA’s) National Cybersecurity Strategy. This document will guide our collective efforts to prioritize cybersecurity measures within civil aviation over the years ahead.
 
The GCAA National Cybersecurity Strategy aligns with and supports the UAE National Cybersecurity Strategy. It defines clear pathways to integrate and improve the GCAA’s cybersecurity posture, safeguard the civil aviation systems, and build our capacity to meet the ever-changing cybersecurity environment through collaborative partnerships.
 
 
With each passing year, the magnitude and volume of cyber threat is increasing rapidly.  Cyber-attacks can be damaging as well as extremely expensive for civil aviation operations to endure. In addition to financial damage suffered by the entities, it can also inflict untold reputational damage to any organization. Cyber-attacks these days are becoming progressively destructive and Cybercriminals are using more sophisticated ways to initiate them.
 
The GCAA National Aviation Cybersecurity vision is to ensure that the Civil Aviation sector in the UAE remains safe, secure, reliable, sustainable and resilient to cyber-attacks. This is achieved by recognizing the obligations under the Convention on International Civil Aviation (Chicago Convention) to ensure the safety, security and continuity of civil aviation, taking into account cybersecurity.
 
The aim of the GCAA Cybersecurity strategy is for the civil aviation industry to have in place a robust, flexible and dynamic mitigative measures to reduce potential cyber risks, supported by an agreed proportionate regulatory oversight scheme. This will enable civil aviation industry stakeholders to exploit the benefits of cyberspace without compromising aviation safety, security, air navigation and continuity of services.
 
H. E. Saif Mohammed Al-Suwaidi
Director General of General Civil Aviation Authority of United Arab Emirates
 


GCAA National Civil Aviation Cybersecurity Strategy-V1-Jun-2023.pdf



THE UAE Civil Aviation Cybersecurity Policy



The ​objectives of the Civil Aviation Cybersecurity Policy are to ensure the security, resilience, and self-strengthening of the civil aviation system against cyber threats and risks. Additionally, it aims to facilitate seamless coordination in civil aviation cybersecurity response, fostering collaboration with key entities such as the UAE National Cybersecurity Council, State Security Department, Ministry of Interior, and Ministry of Defense.
 
H. E. Saif Mohammed Al-Suwaidi
Director General of General Civil Aviation Authority of United Arab Emirates
 
UAE CIVIL AVIATION CYBERSECURITY POLICY Issue 1.pdf

 

Reporting of Security Breaches (ROSB)



In today's ever-evolving threat landscape, maintaining a secure aviation environment is paramount. A robust and efficient mechanism for reporting security breaches, especially cyber security incidents, through the designated Reporting of Security Breaches (ROSB) Portal is crucial. The ROSB system plays a pivotal role in our commitment to cyber security, acting as a key element in addressing the dynamic challenges posed by evolving cyber threats. Swiftly identifying and reporting of incidents related to cyber threats through the ROSB portal ensures proactive response, and dedication to protect aviation assets and infrastructure against cyber threats.

Access the system from here​


 

Aviation Security – Voluntary Reporting System



The objective of Aviation Security - Voluntary Reporting System is to enhance aviation security and cybersecurity through the collection of reports from the general public, on actual or potential aviation security deficiencies from the general public. This voluntary reporting system is different from mandatory reports captured from the registered users by GCAA through the Reporting of Security Breaches (ROSB) system.
 
The GCAA pays particular attention to ensure the confidentiality of such information and protect the privacy of individuals. The UAE laws prohibit processing of personal data without the consent of its owner, except for some cases in which the processing is necessary to protect a public interest or when it is necessary for the proper administration of justice.
 
Access the system from here​


 

 ​