Urgent reporting
Urgent aviation cyber security incidents that impact aviation safety or security shall be reported via the channels below:
- For safety: Occurrence reporting | Civil Aviation Authority (caa.co.uk)
- For security: Speak to your organisation's Security Manager
Operators of Essential Services (regulated under NIS)
Operators of Essential Services (OES) should report all incidents that meet the mandatory reporting thresholds to the Department for Transport (DfT) Cyber Compliance Team at: NISIncidents@dft.gov.uk no later than 72 hours after the OES is aware that a notifiable incident has occurred.
OES are reminded that NIS incidents include both cyber and non-cyber related disruption, and are defined in the regulation as: "any incident which has a significant impact on the continuity of the essential service which that OES provides". For more information, including the thresholds that determine the significance, please refer to the document: Implementing the Network and Information Systems Directive in the transport sector - GOV.UK (www.gov.uk)
For advice and support in handing cyber related incidents, OES are encouraged to contact the NCSC using the form: Report a Cyber Incident - Report a Cyber Incident - NCSC. Please note that contacting the NCSC does not satisfy the mandatory requirement for NIS reporting as set out in the regulations.
All aviation organisations
The CAA advise that severe cyber security incidents are initially reported to the NCSC via https://report.ncsc.gov.uk/
For less severe cyber security incidents, the NCSC advise reporting via the Action Fraud website.
Voluntary reporting
With cyber‑attacks becoming an increasingly routine threat across UK aviation, incident information sharing is more critical than ever to sustaining the sector’s cyber resilience. It enables the timely identification of emerging threats, supports coordinated defence across highly interconnected systems and suppliers, and ensures that lessons derived from individual incidents strengthen the collective security posture of the entire industry.
To support this effort, the Civil Aviation Authority (CAA) Cyber Team encourages Operators of Essential Service (OES) to voluntarily share incident information with the National Cyber Security Centre (NCSC). The NCSC, part of GCHQ, is the UK’s technical authority on cyber security and plays a central role in understanding and responding to cyber incidents across the country. It acts as the national Single Point of Contact for cyber incidents under the Network and Information Systems (NIS) Regulations 2018 and operates as the UK’s Computer Security Incident Response Team (CSIRT). Through these roles, the NCSC provides early warnings, expert guidance, and assessments of cyber threats affecting essential sectors, including aviation.
The NCSC has no regulatory role within the NIS regime. This means that OES can share information voluntarily without concern that it will trigger enforcement action or create additional obligations. Instead, the information helps the NCSC build a more accurate picture of the national threat landscape and provide timely advice to protect the sector as a whole.
Importantly, organisations must continue to meet their mandatory reporting responsibilities to the Department for Transport (DfT) and CAA in line with existing NIS guidance, CAA Aviation Safety occurrence reporting guidance and CAA Aviation Security reporting guidance, including voluntary reporting considerations with the DfT at NISincidents@dft.gov.uk. Voluntary reporting to the NCSC complements this process by contributing to wider national understanding and resilience.
All CAA regulated aviation organisations can voluntarily share cyber security incident information with the CAA via cyber@caa.co.uk.