News & Views
Crest and CAA join ASSURE
CREST and CAA have become accredit first companies under new ASSURE scheme supporting the CAA’s Cyber Security Oversight Process for Aviation.
Developed in partnership with CREST (www.crest-approved.org), the not-for-profit accreditation and certification body for the technical security industry, ASSURE will play a key role in The Civil Aviation Authority’s (CAA) Cyber Security Oversight strategy (www.caa.co.uk/Commercial-industry/Cyber-security-oversight/Cyber-security-oversight/) to enable the aviation industry – including airlines, airports and air navigation service providers – to manage their cyber security risks without compromising aviation safety, security or resilience and to support the UK governments’ National Cyber Security Strategy.
To become an accredited ASSURE Cyber Supplier, an organization must have CREST membership in one of its core disciplines and submit an application for ASSURE accreditation for review by CREST and the CAA. Accredited ASSURE Cyber Professionals must demonstrate extensive knowledge in at least one of the following three ASSURE Specialisms: Cyber Audit & Risk Management, Technical Cyber Security Expert and ICS/ OT Expert.
“The CAA is committed to broad and collaborative engagement with industry and key stakeholders to continuously improve our cyber security oversight model,” says Peter Drissell, Director of Aviation Security at the CAA. “By working with CREST to develop the ASSURE accreditation scheme, the aviation industry has access to the highest levels of skill, knowledge and competence to face the changing threat landscape and encourage a proactive approach to cyber security.”
“ASSURE is the latest scheme to strengthen the UK’s Critical National Infrastructure against growing cyber threats and supports the CAA’s Cyber Security Oversight strategy,” adds Ian Glover, President of CREST. “CREST has also been working with the UK banking, telecommunications, nuclear and utilities sectors to develop effective accreditation schemes and intelligence-led cyber security testing and is also helping governments and regulators in other countries to adopt the same approach.”