The CAA Cyber Security Oversight Team was established to provide effective oversight of the UK aviation industry’s management of cyber security risk, to support aviation safety, security and economic resilience. It has been developed to meet UK, European and International aviation regulatory obligations for cyber security.
We have created a cyber security regulatory framework that enables industry to demonstrate that appropriate risk management and mitigations are operating and effective.
Our cyber security oversight process is described in CAP 1753.
“To have a proportionate and effective approach to cyber security oversight that enables aviation to manage its cyber security risks without compromising aviation safety, security or resilience.
To stay up-to-date and positively influence cyber security within aviation to support the UK’s National Cyber Security Strategy.”
Reporting a Cyber Security Incident
Urgent aviation cyber security incidents that impact aviation safety or security shall be reported via the channels below:
For security: TSOC@dft.gov.uk TSOC 24/7 number: (020 7944 3111 / 3777)
Operators of Essential Services (regulated under NIS)
In addition to seeking advice from NCSC, Operators of Essential Services (OES) shall report cyber security incidents that meet the mandatory reporting thresholds to DfT’s Cyber Compliance Team at NISIncidents@dft.gov.uk (using the form in Annex F of the link below) no later than 72 hours after the OES is aware that a notifiable incident has occurred.
All Aviation Organisations
The CAA advise that severe cyber security incidents are initially reported to the NCSC via https://report.ncsc.gov.uk/.
For less severe cyber security incidents, the NCSC advise reporting via the Action Fraud website.
- Reporting a cyber security incident (ncsc.gov.uk)
- Incident management - NCSC.GOV.UK
- Cyber Security Information Sharing Partnership (CiSP) - NCSC.GOV.UK
- Early Warning - NCSC.GOV.UK
- All topics - NCSC.GOV.UK
- Large organisations - NCSC.GOV.UK
- Small & medium sized organisations - NCSC.GOV.UK
- The UK’s National Cyber Security Strategy
- Department for Transport’s (DfT) Aviation Cyber Security Strategy
- ICAO’s Cyber Security Strategy
Provide page feedback
Please enter your comments below, or use our usual service contacts if a specific matter requires an answer.
Fields marked with an asterisk (*) are required.
Latest from UK Civil Aviation Authority
- UK Civil Aviation Authority confirms level of cap on future charges of Heathrow Airport Limited in the best interest of consumers
- UK Civil Aviation Authority announces members of its new Environmental Sustainability Panel
- UK Civil Aviation Authority announces landmark changes for pilots and air traffic controllers living with HIV