Regulations applicable or affecting the cyber security of civil aviation are the following:
I. International legislation
Nr. crt. |
Type and code of the normative act |
Title of the normative act |
1. |
Chicago Convention of the International Civil Aviation Organization (ICAO) |
Annex 17 - Aviation safety Annex 8 - Airworthiness of aircraft Annex 10 - Aeronautical communications Annex 19 - Safety management Annex 15 - Aeronautical IT services. |
2. |
ICAO Security Manual |
Doc 8973 (edition 11, September 2019) |
3. |
ICAO ATM Security Manual |
Doc 9985 |
4. | ICAO Resolution A40-10 |
on addressing cyber security in civil aviation (October 2019) |
5. |
developed by ICAO and approved at the 40th ICAO Assembly in 2019 |
|
6. |
given by ICAO following the meeting of 4-6 April 2017 in Dubai, on the cyber security of civil aviation; |
|
7. |
following the ICAO Summit of May 9, 2018 in Bucharest, on recommendations for cyber security in international civil aviation |
|
8. |
ICAO resolutions, decisions and documents issued on the basis of the 40th ICAO Assembly |
of 2019, (of which, relevant are A40-WP / 26, A40-WP / 28, A40-WP / 172, A40-WP / 221, A40-WP / 219, A40-WP / 243, A40-WP / 283 , A40-WP / 295) |
II. European legislation
Nr. crt. |
Type and code of the normative act |
Title of the normative act |
9. |
on ENISA (European Union Agency for Cyber Security) and on the certification of cyber security for information and communication technology and repealing Regulation (EU) No 182/2011 526/2013 (Regulation on cyber security) |
|
10. |
on restrictive measures against cyber attacks which pose a threat to the Union or its Member States |
|
11. |
amending Implementing Regulation (EU) 2015/1998 laying down detailed measures for the implementation of the common basic standards in the field of aviation security with regard to cyber security measures |
|
12. |
amending Regulations Implementing (EU) 2015/1998, (EU) 2019/103 and (EU) 2019/1583 as regards the reassignment of airlines, operators and entities providing security controls for cargo and mail arriving from third countries, as well as the postponement of certain regulatory requirements in the field of cybersecurity, background checks, standards for explosive detection systems and explosive trace detection equipment, as a result of the COVID-19 pandemic |
|
13. |
on common rules in the field of civil aviation and establishing the European Union Aviation Safety Agency (EASA), amending Regulations (EC) No 882/2004 2111/2005, (CE) nr. 1008/2008, (EU) no. 996/2010, (EU) no. 376/2014 and Directives 2014/30 / EU and 2014/53 / EU of the European Parliament and of the Council, as well as repealing Regulations (EC) no. 552/2004 and (EC) no. Regulation (EC) No 216/2008 of the European Parliament and of the Council and of Council Regulation (EEC) No 3922/91 |
|
14. |
laying down common requirements for providers of air traffic management / air navigation services and other functions of the air traffic management network and for their supervision, repealing Regulation (EC) No 882/2004 482/2008, of the Implementing Regulations (EU) no. 1034/2011, (EU) no. 1035/2011 and (EU) 2016/1377, as well as amending Regulation (EU) no. 677/2011 |
|
15. |
on the rules and procedures for the operation of unmanned aerial vehicles |
|
16. |
on measures for a high common level of security of networks and information systems in the Union |
|
17. |
establishing the European Electronic Communications Code establishes a harmonized framework for the regulation of electronic communications networks, electronic communications services, associated facilities and associated services, as well as certain aspects of terminal equipment |
|
18. |
EASA-EPAS 2019-2023 |
|
19. |
version 01 / September 2019, developed by EASA |
|
20. |
Document ECAC Doc 30 |
of the European Civil Aviation Conference (ECAC), 13th edition, with subsequent amendments |
21. |
following the EASA Summit on Cyber Security in Civil Aviation (8-9 November 2016) |
|
22. |
following the EASA Summit on Cyber Security in Civil Aviation (8-9 November 2017) |
III. National legislation
III.1. Laws, Governmental Decisions and Ordinances, Orders of Ministry of Transportation
Nr. crt. |
Type and code of the normative act |
Title of the normative act |
23. |
on ensuring a high common level of security of computer networks and systems; ►M1: OG no. 2 / 01.30.2019 |
|
24. |
on the establishment of the National Cyber Security Incident Response Center - CERT-RO |
|
25. |
for the approval of the Cyber Security Strategy of Romania and of the Action Plan at national level regarding the implementation of the National Cyber Security System |
|
26. |
on the approval of the National Aviation Safety Program |
|
27. |
for the approval of the National Training Program in the field of civil aviation security (PNPSAC) |
|
28. |
Order of the Minister of Transport, Infrastructure and Communications no. 46/2020 |
For the modification and completion of the Order of the Minister of Transports, constructions and tourism no. 2190/2005 on the use of the airport security tariff |
29. |
developed according to Regulation (EU) no. 2018/1139 and of the UNWTO no. 1182/2016 |
III.2. Romanian Civil Aeronautical Regulations - RACR, Civil Aviation Procedures and Instructions - PIAC
Nr. crt. |
Type and code of the normative act |
Title of the normative act |
30. |
Procedures and Instructions of Civil Aeronautics regarding the training of civil aviation personnel in the field of cyber security ”, edition 1/2019, approved by the Decision of the General Director of AACR no. D670 / 19.06.2019 |