Security clearance for classified missions in the air & space domain

The European Defence Agency (EDA) has put on in Brussels the Cyber Defence Industry Day to look at cybersecurity challenges in the air & space domain. Both domains comprise highly complex systems exposed to obvious and challenging cybersecurity risks. The conference addressed the existing challenges and sought possible solutions for improving cybersecurity and resilience.

During this conference Julio Vivero, Business Partner of GMV’s International Sector, dealt with the issue of security clearance for classified missions. Quite often, part of the mission data used or exchanged is considered to be classified by the European Union. In such a case the security mission has to be accredited, bearing in mind a series of implications that need to be known and met before the mission can be cleared for going ahead.

The main document laying down the rules on this issue is 2013/488/EU: Council Decision of 23 September 2013 on the security rules for protecting EU classified information, which has then spawned more specific documents dealing with particular mission features and some technical requirements.

Vivero’s speech described the main requirements for the clearance of missions processing EU Classified Information (EUCI). This clearance is in turn granted by a Security Accreditation Authority (SAA), which is assigned to the mission concerned in the light of various factors. In general the National Security Agencies (NSAs) of the member states involved in processing the EUCI mission infrastructure also take part in the process.