Urgent aviation cyber security incidents that impact aviation safety or security shall be reported via the channels below:
- For safety: Occurrence reporting | Civil Aviation Authority (caa.co.uk)
- For security: Speak to your organisation's Security Manager
Operators of Essential Services (regulated under NIS)
Operators of Essential Services (OES) should report all incidents that meet the mandatory reporting thresholds to the DfT Cyber Compliance Team at: NISIncidents@dft.gov.uk (using the form in Annex F of the link below) no later than 72 hours after the OES is aware that a notifiable incident has occurred.
OES are reminded that NIS incidents include both cyber and non-cyber related disruption, and are defined in the regulation as: "any incident which has a significant impact on the continuity of the essential service which that OES provides". For more information, including the thresholds that determine the significance, please refer to the document: Implementing the Network and Information Systems Directive in the transport sector - GOV.UK (www.gov.uk)
For advice and support in handing cyber related incidents, OES are encouraged to contact the NCSC using the form: Report a Cyber Incident - Report a Cyber Incident - NCSC. Please note that contacting the NCSC does not satisfy the mandatory requirement for NIS reporting as set out in the regulations.
All aviation organisations
The CAA advise that severe cyber security incidents are initially reported to the NCSC via https://report.ncsc.gov.uk/
For less severe cyber security incidents, the NCSC advise reporting via the Action Fraud website.