Shared Trans-OrganisationalRisk Management
Stéphane PlichonCybersecurity in Aviation Expert
15 November 2018
Where we are without Risk Management!
15 November 2018 ESCP High Level Meeting, 14-15 November, Toulouse 2
Where we are with stove piped risk management
15 November 2018 ESCP High Level Meeting, 14-15 November, Toulouse 3
The functional chain
15 November 2018 ESCP High Level Meeting, 14-15 November, Toulouse 4
The functional chain in aviation
15 November 2018 ESCP High Level Meeting, 14-15 November, Toulouse 5
The global landscape – Combined perspective
15 November 2018 ESCP High Level Meeting, 14-15 November, Toulouse 6
AircraftSat/VDL
Ground Network
Airport
Dldld
Passengers
ANSP
AOC
ATC functional chains
AOC functional chains
Where are we standing
15 November 2018 ESCP High Level Meeting, 14-15 November, Toulouse 7
4 meetings organised between March and September 2018
• Revealed the variety of risk management approaches
• Highlighted the necessity of finding convergence strategy
The way to convergence
• Adoption of a statement of work
• Defining two sub-groups to deliver risk assessment foundations
• Demonstrate capacity to communicate on shared (safety) risks
STORM sub groups
15 November 2018 ESCP High Level Meeting, 14-15 November, Toulouse 8
Define the risk assessment baseline • Common terminology and comparability criteria• Unified impact, risk, threat level scales • Leveraging commonalities in existing standards
Identify the safety related functional chains and corresponding threat scenarios
• Use EATMA• Threat modelling• Map output from SG1 to assets
SG1
SG2
SG1Stage 2.1
SG1Stage 1
SG2Stage 1
SG2Stage 2
Q4-2018 Q1-2019 Q2-2019
EATMA example: En Route ACC and associated services
15 November 2018 ESCP High Level Meeting, 14-15 November, Toulouse 9
ER ACC Civil aircraft
15 November 2018 ESCP High Level Meeting, 14-15 November, Toulouse 10
The challenge of risk management in Civil Aviation
ESCP High Level Meeting, 14-15 November, Toulouse 11
The Coherence of Risk Assessments1
2 The Comparability of Risk Evaluation
3 The Commonality of Risk Acceptability and Sharing
15 November 2018
• Coherence of vocabulary• Coherence of metrics (impact, risk scales,…)• Coherence of risk definitions
• Being able to compare risk levels• Important for regulators and authorities• Crucial for airlines and manufacturers
• Risks induced by interfaces• Common approach to risk treatment• Sharable risks are safety risks• Residual risks