Civil Aviation Act, 2009 (Act No. 13 of 2009)

Regulations

Civil Aviation Regulations, 2011

Part 111 : Aviation Security

111.01.19 Measures relating to cyber threats

Purchase cart Previous page Return to chapter overview Next page

 

(1) A designated airport, air carrier, air traffic and navigation service provider and catering stores and supplies service provider shall identify critical information, communication technology systems and data used for aviation purposes in accordance with risk assessment, develop and implement the following measures to prevent unlawful interference and protect the confidentiality, integrity and availability of identified critical systems:
(a)security by design;
(b)supply chain security;
(c)network separation; and
(d)protection and limitation of any remote access capabilities.

 

(2)A designated air port, air carrier of a scheduled service, air traffic and navigation service provider and catering stores and catering supplies service provider shall develop procedures for—
(a)testing of cyber-security;
(b)cyber-security response;
(c)cyber-security incident analysis; and
(d)cyber-security incident reporting.

 

(3) A cyber-security incident shall be reported to the Director within 48  hours of occurrence.

 

[Regulation 111.01.19 inserted by regulation 29(d) of Notice No. R. 1503, GG45491, dated 15 November 2021 (Twenty-First Amendment of the Civil Aviation Regulations, 2021)]