An Aviation Sector CSIRT for Sub-Saharan Africa

Abstract

Computer Security Incident Response Teams (CSIRTs) provide information security incident response services to communities. The South African Cybersecurity Hub (SACH) acts as a national point of contact for the coordination of cybersecurity incidents in South Africa, but to date has only been successful in assisting with the establishment of a finance sector CSIRT. No mention of a transport or critical infrastructure sector CSIRT, under which an aviation CSIRT can report aviation sector cyber-attacks is made. The aviation community is mandated to sustain safety and security of operations and passengers in Southern Africa. Acknowledging the urgency and importance of protecting civil aviation’s critical infrastructure, information and communication technology systems and data against cyber threats this research identifies that there is a need for a CSIRT framework for the Sub-Saharan aviation community. An aviation CSIRT should implement frameworks, programs and international information security standards, and aviation communities need to share cyber information with the CSIRT. To achieve such a framework, globally established CSIRTs are reviewed. Since the aviation sector is complex to manage, there is a need to establish an integrated CSIRT approach that include stakeholders within the ecosystem. A proposed aviation CSIRT requires the adoption of best practice cyber security incident response standards as a practical solution to manage aviation cyberattacks.