The stated principles are that:
UAS must not increase the risk to existing airspace users and must not deny airspace to them. This policy requires a level of safety and security equivalent to that of manned aviation.
UAS must have adequate security to protect the system from unauthorised modification, interference, corruption or control/command action. These considerations must be taken into account during the risk assessment process, outlined in CAP 722A.
The regulation provides security factors to consider in the form of holistic approaches in which companies need to pay attention to technical, policy, and physical security to ensure issues aren’t overlooked to keep security and safety tight, while complying with the CIA triad (Confidentiality, integrity, accessibility of data).
It also discusses aspects to be addressed such as employees, location, accessibility, technology, management structure and governance, detailing the specifics of what these include.
Finally, there is a reference back to the cybersecurity obligation of UAS in the specific category: “measures to protect against unlawful interference and unauthorised access”.
This document will provide the updated regulations as an appendix for anyone who may need to review them beneath. Alternatively, you can access the reference document CAP722 on the CAA website here.
CAP722A can be accessed on the CAA website here.