• Does the obligation to report incidents apply to general faults in aviation security, or does it only apply to faults in aviation security caused by IT incidents?

  Does the obligation to report incidents refer to general disruptions to aviation security or only to disruptions to aviation security caused by IT incidents?

  1. a non-reaction has further negative effects on information security as well as on the security of civil air traffic,
  2. additional efforts and resources must be deployed to remedy the disruption which go beyond the efforts and resources of regular operations or work already planned;
  3. the rectification must be carried out by specially provided incident responders or incident teams;
  4. important IT systems or components must be shut down or isolated to avoid further effects,
  5. operational processes have to be changed for the management period,
  6. it causes significant financial damage; or
  7. there is a suspicion that the company is the target of a novel, extraordinary, targeted or, from a technical point of view, remarkable attack or attempted attack, for example a so-called Advanced Persistent Threat (APT).

FAQ about Aviation security