Context Information Security is one of the first companies to be accredited for the new Civil Aviation Authority (CAA) ASSURE scheme, part of the CAA’s Cyber Security Oversight Strategy for the UK aviation sector, to keep pace with the rapidly changing cyber security threat landscape.
Supported by partner, Frazer-Nash Consultancy, Context is one of a small number of specialist companies that can conduct ASSURE cyber security audits of aviation organisations on behalf of the CAA. Context has been accredited by CREST, the not-for-profit body that represents the technical cyber security industry, which worked closely with the CAA to develop the ASSURE scheme.
The ASSURE scheme defines the CAA’s approach to oversight of cyber security regulations, including the security of Network and Information Systems (NIS) regulations that apply to Operators of Essential Services (OES) within the UK’s Critical National Infrastructure (CNI). In the Aviation sector, OES include the airlines, airports and air navigation service providers that deliver critical aviation services to consumers.
Through the ASSURE scheme, aviation organisations will perform self-assessments of their approach to managing cyber security, then procure an accredited third-party with expertise in cyber security, risk management and operational technology (OT) to audit the reports on behalf of the CAA.
“We are delighted to be one of the first accredited organisations for the ASSURE scheme. This positions Context and Frazer-Nash at the vanguard of supporting assurance and oversight activities for cyber security in the aviation sector,” said Mark Raeburn, CEO at Context.
Greg Pope, who leads the partnership between Context and Frazer-Nash, added, “Attackers always looking to exploit vulnerabilities and develop new ways of breaching cyber security defences. Our combined expertise in cyber security, and broad knowledge of the aviation sector, together with our deep understanding of IT and OT, puts us in a strong position to support the UK’s efforts to provide world-leading protection against cyber-attack.”
The vision for CAA Cyber Security Oversight is: “To have a proportionate and effective approach to cyber security oversight that enables aviation to manage their cyber security risks without compromising aviation safety, security or resilience.”
“We are committed to broad and collaborative engagement with industry and key stakeholders to continuously improve our model and have been working closely with the Department for Transport (DfT) and National Cyber Security Centre (NCSC) to develop a scheme for aviation which is scalable and consistent,” said Nicole Keeley, Head of Cyber Security Oversight at CAA.