Civil Aviation Act, 2009 (Act No. 13 of 2009)

Regulations

Civil Aviation Regulations, 2011

Part 109 : Aviation Security Training Organisations

Subpart 3 : Instructor Certification

109.03.10 Measures to mitigate threats of cyber-attacks

Purchase cart Previous page Return to chapter overview Next page

 

(1) An ASTO shall identify critical information and communication technology systems and data used for aviation purposes in accordance with risk assessment, develop and implement the following measures, to prevent unlawful interference and protect the confidentiality, integrity and availability of identified critical systems:
(a)security by design;
(b)suppl y chain security;
(c)network separation; and
(d)protection and limitation of any remote access capabilities.

 

(2)An ASTO shall develop procedures for—
(a)testing of cyber-security;
(b)cyber-security response;
(c)cyber-security incident analysis; and
(d)cyber-security incident reporting.

 

(3)An ASTO shall report any cyber-security  incident to the Director within 48 hours of occurrence.

 

[Regulation 109.03.10 inserted by regulation 27(a) and 27(f) of Notice No. R.1503, GG45491, dated 15 November 2021 (Twenty-First Amendment of the Civil Aviation Regulations, 2021)]