Call us: +41 43 508 5191 or send us an email:
Ensuring safety in the air and on the ground
In the aviation industry, cybersecurity is of growing importance. As aircraft, manufacturing, and operations rely heavily on digital systems, the potential for cyber threats has increased significantly. Zentric is dedicated to providing comprehensive cybersecurity concepts and solutions tailored specifically to civil aviation, ensuring the safety and protection of flights, service organizations, and suppliers at a high level.
The importance of cybersecurity in civil aviation
Civil aviation faces new challenges due to its reliance on interconnected systems and the critical nature of its operations. Threats can originate from diverse sources, including state-sponsored actors, criminal organizations, and insider threats. The consequences of a successful cyberattack in this sector can be catastrophic—endangering passengers and crew, impacting national security, and undermining economic stability.
Key focus areas
Swiss requirements by the Federal Office of Civil Aviation
The Swiss authority mandates minimum cybersecurity requirements. These are especially relevant for civil aviation companies operating in Switzerland or partnering with Swiss organizations and ensure compliance with national regulations.
(EU) 2022/1645 and (EU) 2023/203
Regulation on managing information security risks related to aviation security for aviation organizations and regulatory authorities.
ISO/IEC 27001
An internationally recognized standard for Information Security Management Systems (ISMS), providing a systematic approach to handling sensitive corporate information.
Security of aircraft systems
Modern aircraft are equipped with advanced avionics and communication systems that can be vulnerable to cyberattacks. Ensuring the security of these systems is essential to prevent unauthorized access and potential sabotage.
Air Traffic Management (ATM)
Air traffic control systems are indispensable for managing flight traffic. Protecting these systems from cyber threats ensures safe and efficient operations and prevents disruptions.
Airport and airfield infrastructure
Airports are complex environments with many connected systems, including baggage handling, security screening, and passenger information systems. Securing these systems is vital for smooth airport operations and the protection of sensitive data.
Flight schools and training centers
Flight schools and training centers use simulators and other digital tools that may be targeted by cyber threats. Protecting these systems ensures that pilot training remains safe and uninterrupted.
Suppliers and accessory providers
Suppliers of aircraft components and accessories are integral to the aviation ecosystem. Ensuring their cybersecurity is essential to prevent supply-chain attacks that could affect aircraft safety and performance.
Standards and regulations
Compliance with international standards and regulations is a cornerstone of effective cybersecurity in civil aviation.
DO-326A/ED-202A
Guidelines to ensure cybersecurity of aircraft systems throughout the entire lifecycle—from development and implementation to operation and maintenance.
DO-356A/ED-203A
Technical requirements for protecting aircraft systems against cyber threats.
DO-355A/ED-204A
Focused on protecting onboard electronic systems, offering guidance to identify and mitigate potential vulnerabilities.
We conduct all necessary cybersecurity risk assessments to identify risks arising from vulnerabilities in your systems and help you develop strategies to mitigate those risks.
We provide specialized training programs for aviation personnel to improve their understanding of cybersecurity threats and best practices. Our awareness campaigns foster a strong security culture within your organization.
To ensure adequate readiness, Zentric plans, organizes, and conducts incident response exercises tailored to your needs and the civil aviation context. These exercises simulate real-world attack scenarios and help your team practice and refine response strategies. This proactive approach improves overall preparedness and resilience to potential cyber threats.
Zentric uses its own exercise platform, zDryRun.
Our experts help you prepare for potential cybersecurity incidents by developing incident response plans with you. These plans enable a swift and effective response and minimize the impact of security breaches.
In the event of a cybersecurity incident, our digital forensics team is prepared to investigate and analyze it. This helps understand the attack and ideally prevent future occurrences.
Navigating the complex web of aviation cybersecurity regulations can be challenging. Zentric provides expert guidance to ensure your organization meets all relevant standards and regulatory requirements.
Conclusion
In the fast-moving field of civil aviation, maintaining robust cybersecurity measures is essential for both safety and operational integrity. Our comprehensive cybersecurity services and solutions provide the protection you need against emerging threats—covering flight schools, accessory providers, and all stakeholders across the aviation sector.
For more information on how Zentric can support your civil aviation cybersecurity needs, contact us today.
Security incident?
Landis+Gyr-Strasse 1, 6300 Zug, Phone: +41 43 508 51 91, Email: info@zentric.ch
Managing Directors: Thomas Conrad & Chris Ditze-Stephan
___
Call us: +41 43 508 5191
or send us an email:
If you’d like to send an email with higher confidentiality, please use our public PGP key.
___
0. Preamble
If you do not want your current IP address to be stored here or by other software library providers associated with us, please leave this site or refrain from using internet web browsers, mail clients, or other internet tools in general. Merely by confirming the input of a web address (DNS name)—even before accessing our or any other website—your IP address is transmitted to DNS servers, routers, and possibly search engines and is at least temporarily stored and processed.
1. Name and contact details of the data protection contact
A dedicated Data Protection Officer is not mandatory at Zentric. The point of contact is Mr. Chris Ditze-Stephan.
2. Collection and storage of personal data as well as type and purpose of their use
a) When visiting the website
When accessing our website www.zentric.* the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion:
- IP address of the requesting computer,
- date and time of access,
- the website from which the access occurs,
- name and URL of the page retrieved,
- browser used and, if applicable, the operating system of your computer, as well as the DNS name of your internet provider.
The data mentioned are processed as follows:
- required for the functioning of the https protocol,
- evaluation for system security and stability when needed, and
- for administrative purposes, for example: blocking attacker IP addresses in case of attacks.
The legal basis for data processing is Article 6(1) GDPR. Our legitimate interest follows from the purposes listed above. Under no circumstances do we use the logged data to draw conclusions about your person.
b) Use of the contact form
If you submit inquiries via our contact form, your name and email address or phone number are required for us to respond. All other information is optional. Data processing for the purpose of contacting us is based on Article 6(1) GDPR on the basis of your voluntary consent. Personal data collected for the use of the contact form will be deleted automatically—or manually where appropriate—after your inquiry has been handled.
You can also contact us at any time by email or phone.
3. Disclosure of data
Your personal data from the contact form will expressly not be transferred to third parties for purposes other than those listed below.
4. Cookies
We indirectly use cookies through libraries in use on our site.
Notes on cookies (general): Information may be stored in a cookie that relates to the specific device used.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. Completely disabling cookies may mean that you cannot use all functions of a website.
7. Rights of data subjects
You have the right at any time:
- pursuant to Article 15 GDPR, to obtain information about your personal data processed by us. In particular, you may obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if not collected by us, and the existence of automated decision-making including profiling and, where applicable, meaningful information about its details;
- pursuant to Article 16 GDPR, to demand the immediate rectification of inaccurate or completion of your personal data stored by us;
- pursuant to Article 17 GDPR, to demand the erasure of your personal data stored by us, unless processing is required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
- pursuant to Article 18 GDPR, to demand the restriction of processing of your personal data where the accuracy of the data is contested by you, the processing is unlawful and you oppose the erasure, we no longer need the data but you require it for the establishment, exercise, or defense of legal claims, or you have objected to processing pursuant to Article 21 GDPR;
- pursuant to Article 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller;
- pursuant to Article 7(3) GDPR, to revoke at any time a consent once given to us. As a result, we may no longer continue the data processing that was based on this consent for the future; and
- pursuant to Article 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or work, or at our registered office.
8. Right to object
Where your personal data are processed on the basis of legitimate interests pursuant to Article 6(1) GDPR, you have the right, pursuant to Article 21 GDPR, to object to the processing of your personal data on grounds relating to your particular situation, or where the objection is to direct marketing. In the latter case, you have a general right to object which we will implement without you having to state a particular situation.
If you wish to exercise your right of revocation or objection, an email to
datenschutzbeauftragter@zentric.de is sufficient.
9. Data security
During your website visit we use TLS with the highest encryption level supported by your browser. Usually this is 256-bit encryption. If your browser does not support 256-bit encryption, we fall back to 128-Bit v3 technology. You can recognize whether a page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in your browser’s status bar. This weaker encryption may be disabled in the future depending on developments.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
10. Cloudflare
Our website partially processes elements provided by Cloudflare, a Content Delivery Network (CDN) of Cloudflare Inc., USA. All data transmitted to or from this website (including your IP address) are processed via Cloudflare’s global network. Cloudflare uses “cookies” that can be stored on your computer and improve the performance and security of the website. The information generated by the cookie about your use of this website is cached and logged inside and outside the European Union. According to Cloudflare, cached data are generally deleted within 4 hours, and at the latest after one week. For more information, see Cloudflare’s privacy policy: https://www.cloudflare.com/security-policy and what Cloudflare logs: https://blog.cloudflare.com/what-cloudflare-logs/.
By using our website, you consent to the processing of data collected about you by Cloudflare in the manner and for the purposes described above.
11. Twitter
Functions and content of the Twitter service may be integrated within our online offering (e.g., images, videos, texts, and buttons that users can use to express approval of content, subscribe to the authors of content, or our posts). If users are members of the Twitter platform, Twitter can assign the retrieval of the above content and functions to the user profiles there. Twitter is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law (link). Privacy policy: https://twitter.com/en/privacy, Opt-Out: https://twitter.com/personalization.
(Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
12. Google
We use the jQuery JavaScript library. To increase our website’s loading speed and provide you a better user experience, we use Google’s CDN (content delivery network) to load this library. It is very likely that you have already used jQuery from Google’s CDN on another site. In that case your browser can access the copy stored in the cache and it doesn’t need to be downloaded again. If your browser does not have a cached copy or for any reason downloads the file from Google’s CDN, data are transmitted from your browser to Google Inc. (“Google”). You agree in this case that your data may be transferred to the USA.
13. Currency and changes to this privacy policy
This privacy policy is currently valid and was last updated in May 2018. Due to the further development of our website and offers or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy.
Insecurity means: "The worst possible damage that can occur if your worst enemy had control of [your] computer."
Thinking Security, S.M. Bellovin