Cybersecurity (EASA Part-IS) Workshop

AAIS was delighted to partner with EASA to bring the aerospace community a full-day Cybersecurity (EASA Part-IS) Workshop in Singapore. Held on 10 April 2026 at Republic Polytechnic, the workshop drew over 160 industry professionals seeking to strengthen cyber resilience in their organisations amid an evolving landscape.

Featuring EASA experts, Mr Gian Andrea Bandieri, Section Manager Cybersecurity in Aviation & Conflict Zones, and Mr Vasileios Papageorgious, Cybersecurity in Aviation Expert, the session was rich with discussions on the evolving threat landscape and regulatory developments impacting aviation. Participants gained practical insights into strengthening cybersecurity resilience within increasingly digitalised and interconnected operational environments.

Over various sessions, speakers highlighted how advancements in technology have enhanced operational efficiency while simultaneously increasing exposure to cyber threats such as ransomware, data breaches, and denial-of-service attacks. Emphasis was placed on adopting a risk-based approach to cybersecurity, supported by strong governance, clear accountability, and organisation-wide awareness.

 

For cross-learning and reference, speakers also shared an overview of evolving European cybersecurity regulations and implementation expectations, including governance, risk assessment, incident management, and information security oversight. They stressed the importance of identifying critical assets, managing third-party and supply chain risks, and aligning cybersecurity efforts across IT, operational, and safety functions. Practical guidance was also provided on implementing Information Security Management Systems (ISMS) through a phased and proportionate approach tailored to organisational size, complexity, and risk exposure.

Key takeaways:

  • Cybersecurity must be integrated across the organisation through strong governance, clear accountability, and collaboration between IT, operational, and safety functions
  • A risk-based approach remains fundamental, requiring organisations to continuously identify critical assets, assess emerging threats, and review their cybersecurity posture
  • Third-party and supply chain security are increasingly critical, with organisations encouraged to extend cybersecurity requirements and oversight to contractors, vendors, and service providers
  • Effective incident management capabilities are essential, including timely detection, reporting, containment, and structured information-sharing processes
  • ISMS implementation should be phased and proportionate, with organisations focusing on foundational elements such as governance, risk assessment, and documentation before advancing towards greater maturity
  • Regulatory compliance requires demonstrable practices, supported by competent personnel, continuous improvement, and ongoing monitoring rather than documentation alone

Interactive Q&A sessions were availed during various segments for participants to clarify and share their perspectives. These discussions reinforced that cybersecurity is a continuous process requiring regular review, effective reporting mechanisms, competency development, and collaboration across stakeholders.

Overall, the workshop offered valuable guidance to support organisations in enhancing their cybersecurity readiness, regulatory compliance, and long-term operational resilience. AAIS extends our appreciation to Mr David Waller, EASA Representative in Southeast Asia, our esteemed speakers, and all participants for their valuable time, active engagement, and thoughtful questions, which contributed greatly to the rich exchange of knowledge. We also thank Republic Polytechnic for their generous support as venue partner.