Today’s Aviation sector relies on a technology backed world. Maintaining safe, secure, and resilient operations is your focus and our number one priority when assisting Aviation organisations.

Contact our Aviation Cyber Security Experts

Civil Aviation Authority

The Civil Aviation Authority (CAA) is the UK’s Aviation regulator. It is responsible for the regulation of Aviation safety in the UK, determining policy for the use of airspace, the economic regulation of Heathrow, Gatwick and Stansted airports, the licencing and financial fitness of airlines and the management of the ATOP financial protection scheme for holidaymakers.

The CAA Cyber Security Oversight Team is responsible for all cyber security regulatory activity within any of the CAA regulatory domains. All organisations in scope of the Cyber Security Oversight Process CAP1753 must partner with an accredited CAA ASSURE organisation in order to conduct their cyber security audits.


The multi-faceted and multi-disciplinary nature of Aviation cyber security means that it is critical to develop a common vision for defining a global cyber security strategy. Aligning with local and international Aviation security and management provisions, your cyber security strategy should evolve around the following components – 

CAA ASSURE Cyber Audits

Released in 2020 by the Civil Aviation Authority, CAA Assure is a third-party cyber security audit scheme that has been developed in partnership with CREST to provide rigorous and continuous audits to organisations in the Aviation sector. 

As a regulatory responsibility, Aviation organisations must ensure they meet the oversight responsibilities that fall under CAP 1753 – ‘The Cybersecurity Oversight Process for Aviation’. This is a six-step approach to ensuring cyber security oversight for Aviation organisations operating within the United Kingdom. 


These six steps include:

All UK Aviation organisations in scope of the cyber security oversight process for Aviation (CAP 1753), will need to procure cyber audit services from an accredited ASSURE Cyber Supplier. As one of only a small number of ASSURE and CREST accredited providers in the UK, Dionach have demonstrated extensive knowledge in the following three ASSURE Specialisms: Cyber Audit & Risk Management, Technical Cyber Security and ICS/OT. As such, we are ideally positioned to assist Aviation organisations with preparing to meet the continuously changing and rigorous Aviation standards and regulations. 

For further information on the implementation of a CAA ASSURE audit, speak to our team to discuss howe we work with you to implement an ASSURE audit.

Compliance service

How are Dionach positioned to help Aviation Organisations?

Dionach’s cyber security experts have a solid history of experience working with Civil Aviation and other transport sectors, delivering safe audits of critical Operational Technology (OT) and Process Control Networks (PCNs). As a trusted cyber security partner for Aviation organisations, our long standing 20-year background, combined with our in-house innovation and research team, enable us to stay on top of the latest cyber security threats to the Aviation sector. 

Get a Quote our Aviation Cyber Security Experts


CAA Assure

As one of only a small number of UK ASSURE accredited providers, Dionach have shown specialist knowledge in the areas of Cyber Audit & Risk Management, Technical Cyber Security Expert and ICS/OT Expert and are ideally placed to provide Aviation cyber security services.
psi (1)


Dionach have been deemed by the PCI Security Standards Council to meet specific information security education requirements and have taken the appropriate training from the PCI Security Standards Council to be able to effectively perform PCI compliance assessments.
isologo2 (1)

ISO 27001

Upholding the same rigorous standards we deploy to our clients, Dionach are ISO 27001 certified, reflecting our dedication to upholding the highest Information Security Management standards in accordance with the latest regulations and recommendations.


Dionach are certified by CREST for Vulnerability Assessments, Intelligence Led Penetration Testing (STAR), Cyber Security Incident Response (CSIR), and Penetration Testing. Our CREST qualified consultants include CREST Practitioner Security Analysts, CREST Registered Penetration Testers, CREST Certified Infrastructure Testers and CREST Certified Web Application Testers.


Dionach are a NCSC CHECK Green Light provider of manual Penetration Testing services. We are experienced in identifying security weaknesses and vulnerabilities in the target systems and producing a comprehensive and detailed report in line with NCSC’s requirements, outlining the issues identified and practical recommendations on how to resolve them.


We deliver the whole spectrum of cyber security services, from long-term, enterprise wide strategy and implementation projects to single penetration tests.

Our team works with you to identify and assess your organisation’s vulnerabilities, define enterprise-wide goals, and advise how best to achieve them.

Our recommendations are clear, concise, pragmatic and tailored to your organisation.

Independent, unbiased, personalised – this is how we define our services. We guide you to spend wisely and invest in change efficiently.

Find out how we can help with your cyber challenge



Breaking into the Cloud: Red Team Tactics for AWS Compromise

Traditionally, Red Teaming has always put an extensive focus on environments with an on-premises network managed by Active Directory. The MITRE ATT&CK framework ( includes a number of TTPs for these environments, such as the exploitation of Active Directory-specific services and scenarios (e.g. Kerberos, NTLM issues, escalation to Domain Admins). However, nowadays a large number […]

The Growing Cybersecurity Risks of AI and Mitigations: External and Internal Threats

As artificial intelligence (AI) continues to advance and permeate various industries, it brings about significant benefits and transformative capabilities. However, along with its tremendous potential, AI could also impact organisations’ cyber risk profile by introducing new risks which have not been previously considered. In this article, we will explore the growing threats associated with AI, […]

How to classify sensitive data within your organisation (2/2)

In this second part of our two-part blog we will discuss the requirements to correctly classify your data. Following on from part one once the identification and classification of your data has been completed you need to focus upon data handling. Establish Data Handling Requirements There are numerous forms of technical, operational and management controls […]
Contact Us

Contact Us React out to one of our cyber experts and we will arrange a call