All together, serving Civil Aviation

Regulations applicable or affecting the cyber security of civil aviation are the following:

I. International legislation

Nr. crt.

Type and code of the normative act

Title of the normative act

1.  

Chicago Convention of the International Civil Aviation Organization (ICAO)

Annex 17 - Aviation safety

Annex 8 - Airworthiness of aircraft

Annex 10 - Aeronautical communications

Annex 19 - Safety management

Annex 15 - Aeronautical IT services.

2.   

ICAO Security Manual

Doc 8973 (edition 11, September 2019)

3.  

ICAO ATM Security Manual

Doc 9985

4.   ICAO Resolution A40-10

on addressing cyber security in civil aviation (October 2019)

5.  

International Cyber Security Strategy in Civil Aviation

developed by ICAO and approved at the 40th ICAO Assembly in 2019

6.  

The Dubai Declaration

given by ICAO following the meeting of 4-6 April 2017 in Dubai, on the cyber security of civil aviation;

7. 

ICAO Bucharest Communique

following the ICAO Summit of May 9, 2018 in Bucharest, on recommendations for cyber security in international civil aviation

8. 

ICAO resolutions, decisions and documents issued on the basis of the 40th ICAO Assembly

of 2019, (of which, relevant are A40-WP / 26, A40-WP / 28, A40-WP / 172, A40-WP / 221, A40-WP / 219, A40-WP / 243, A40-WP / 283 , A40-WP / 295)

 

II. European legislation

Nr. crt.

Type and code of the normative act

Title of the normative act

9.  

Regulation (EU) 2019/881 

on ENISA (European Union Agency for Cyber Security) and on the certification of cyber security for information and communication technology and repealing Regulation (EU) No 182/2011 526/2013 (Regulation on cyber security)

10.  

Regulation (EU) 2019/796

on restrictive measures against cyber attacks which pose a threat to the Union or its Member States

11.  

Regulation (EU) 2019/1583

amending Implementing Regulation (EU) 2015/1998 laying down detailed measures for the implementation of the common basic standards in the field of aviation security with regard to cyber security measures

12.  

Regulationl (EU) 2020/910

amending Regulations Implementing (EU) 2015/1998, (EU) 2019/103 and (EU) 2019/1583 as regards the reassignment of airlines, operators and entities providing security controls for cargo and mail arriving from third countries, as well as the postponement of certain regulatory requirements in the field of cybersecurity, background checks, standards for explosive detection systems and explosive trace detection equipment, as a result of the COVID-19 pandemic

13. 

Regulation (EU) 2018/1139

on common rules in the field of civil aviation and establishing the European Union Aviation Safety Agency (EASA), amending Regulations (EC) No 882/2004 2111/2005, (CE) nr. 1008/2008, (EU) no. 996/2010, (EU) no. 376/2014 and Directives 2014/30 / EU and 2014/53 / EU of the European Parliament and of the Council, as well as repealing Regulations (EC) no. 552/2004 and (EC) no. Regulation (EC) No 216/2008 of the European Parliament and of the Council and of Council Regulation (EEC) No 3922/91

14. 

Regulation (EU) 2017/373

laying down common requirements for providers of air traffic management / air navigation services and other functions of the air traffic management network and for their supervision, repealing Regulation (EC) No 882/2004 482/2008, of the Implementing Regulations (EU) no. 1034/2011, (EU) no. 1035/2011 and (EU) 2016/1377, as well as amending Regulation (EU) no. 677/2011

15. 

Regulation (EU) 2019/947

on the rules and procedures for the operation of unmanned aerial vehicles

16. 

Directive (EU) 2016/1148 

on measures for a high common level of security of networks and information systems in the Union

17. 

Directive (EU) 2018/1972

establishing the European Electronic Communications Code establishes a harmonized framework for the regulation of electronic communications networks, electronic communications services, associated facilities and associated services, as well as certain aspects of terminal equipment

18.  

EASA's European Aviation Safety Plan 2019-2023

EASA-EPAS 2019-2023

19. 

European Cyber Security Strategy in Civil Aviation

version 01 / September 2019, developed by EASA

20.

Document ECAC Doc 30

of the European Civil Aviation Conference (ECAC), 13th edition, with subsequent amendments

21. 

The Bucharest Declaration

following the EASA Summit on Cyber Security in Civil Aviation (8-9 November 2016)

22.

The Krakow Declaration

following the EASA Summit on Cyber Security in Civil Aviation (8-9 November 2017)

 

 III. National legislation

III.1. Laws, Governmental Decisions and Ordinances, Orders of Ministry of Transportation

Nr. crt.

Type and code of the normative act

Title of the normative act

23. 

Law no. 362/2018 (consolidated)

on ensuring a high common level of security of computer networks and systems;

►M1: OG no. 2 / 01.30.2019
►M2: GEO no. 76 / 12.13.2019
►M3: GEO no.4-16.01.2020

24.   

Government Decision no. 494/2011

on the establishment of the National Cyber Security Incident Response Center - CERT-RO

25.   

Government Decision no. 271/2013

for the approval of the Cyber Security Strategy of Romania and of the Action Plan at national level regarding the implementation of the National Cyber Security System

26.   

Government Decision no. 1193/2012

on the approval of the National Aviation Safety Program

27.   

Order of the Minister of Transport no. 1079/2018

for the approval of the National Training Program in the field of civil aviation security (PNPSAC)

28.  

Order of the Minister of Transport, Infrastructure and Communications no. 46/2020

For the modification and completion of the Order of the Minister of Transports, constructions and tourism no. 2190/2005 on the use of the airport security tariff

29.  

EASA's European Aviation Safety Plan 2019-2023

developed according to Regulation (EU) no. 2018/1139 and of the UNWTO no. 1182/2016

 

 III.2. Romanian Civil Aeronautical Regulations - RACR, Civil Aviation Procedures and Instructions - PIAC

Nr. crt.

Type and code of the normative act

Title of the normative act

30. 

PIAC-PPSCy – Ed. 1/2019

Procedures and Instructions of Civil Aeronautics regarding the training of civil aviation personnel in the field of cyber security ”, edition 1/2019, approved by the Decision of the General Director of AACR no. D670 / 19.06.2019

 

Last update: 16/02/2021, 02:10:31