[Business Continuity Strategy] [Template 1]
With Singapore's position as a global aviation hub, any disruption to CAAS’s IT infrastructure or a cyber threat could result in significant operational, reputational, and regulatory consequences.
CBF-9, IT & Cyber Resilience, is one of CAAS’s most critical business functions. This function supports all aviation safety, air navigation, regulatory compliance, and enterprise-wide systems.
The objective of this chapter is to map out the detailed business processes (Sub-CBFs) that underpin CBF-9. These processes are essential for maintaining the resilience of IT systems and ensuring robust cyber defences.
Through this breakdown, CAAS can effectively assess the risks associated with IT and cybersecurity disruptions, determine recovery priorities, and develop appropriate mitigation strategies in alignment with national and international aviation regulatory requirements.
|
Sub-CBF Code |
Sub-CBF |
Description |
Example in CAAS Context |
|
9.1 |
Air Traffic Management (ATM) Systems Resilience |
Ensures the availability, integrity, and performance of ATM-related IT systems. |
Maintenance and failover capability of the LEMATAR (Long-range En-route ATC Radar) and ATC communication systems. |
|
9.2 |
Cybersecurity Monitoring & Threat Response |
Real-time monitoring, detection, and response to cyber threats across CAAS’s digital infrastructure. |
Cyber Defence Operations Centre (CDOC) detects threats on the MyICA–CAAS Portal Interface. |
|
9.3 |
Critical System Backup & Data Recovery |
Periodic backup of essential data and IT systems to enable rapid restoration. |
Scheduled backups of flight data records and air navigation charge systems. |
|
9.4 |
Enterprise IT Infrastructure Continuity |
Maintaining the operability of enterprise systems like HR, finance, and internal portals. |
Continuity of SAP-based systems for procurement and personnel management. |
|
9.5 |
Digital Aviation Services Platform (DASP) Resilience |
Supports digital services including drone registration, flight approvals, and stakeholder APIs. |
Ensuring 24/7 uptime of the UAS (Unmanned Aircraft Systems) portal. |
|
9.6 |
Cloud and Third-Party Service Continuity |
Ensuring resilience in systems hosted externally or provided by third-party vendors. |
SLA enforcement with GovTech Singapore for cloud hosting services. |
|
9.7 |
IT Governance & Compliance Management |
Policy enforcement, audits, and incident documentation to comply with cybersecurity standards. |
Annual audit aligned with CSA’s Cybersecurity Code of Practice (CCoP) for critical infrastructure. |
|
9.8 |
Disaster Recovery Planning and Testing |
Formal DR planning and periodic testing of recovery capabilities. |
Quarterly DR simulation for Airport Operations Systems (AOS) and database clusters. |
As aviation continues to digitalise, the dependency of CAAS on resilient IT infrastructure and proactive cyber defence capabilities has never been more pronounced. The detailed Sub-CBFs within CBF-9 provide a granular view of the operational priorities necessary to protect core aviation functions and public trust.
By identifying and documenting these critical sub-processes, CAAS is not only aligning with its business continuity management framework but also reinforcing its commitment to national resilience, regulatory compliance, and uninterrupted service delivery in the face of cyber or IT-related threats.
The mapping of these detailed processes serves as the foundation for assessing potential vulnerabilities, prioritising investments in cyber resilience, and integrating IT recovery into the broader CAAS crisis and continuity management plans.
Resilience Redefined: Implementing BCM at Civil Aviation Authority of Singapore |
||||||
| eBook 3: Starting Your BCM Implementation |
||||||
| MBCO | P&S | RAR T1 | RAR T2 | RAR T3 | BCS T1 | CBF |
| CBF-1 Air Navigation Services |
||||||
| DP | BIAQ T1 | BIAQ T2 | BIAQ T3 | BCS T2 | BCS T3 | PD |
To learn more about the course and schedule, click the buttons below for the BCM-300 Business Continuity Management Implementer [BCM-3] and the BCM-5000 Business Continuity Management Expert Implementer [BCM-5].
| |
||
|
Please feel free to send us a note if you have any questions. |
||