Cybersecurity and Digital Trust in Chadian Civil Aviation: A Compliance and Sovereignty Issue

1. Context: an authority undergoing major reform

The Civil Aviation Authority of Chad (ADAC), a public administrative and technical body responsible for regulating, overseeing and promoting the safety and security of civil aviation, has since 2024 undertaken a major institutional turnaround program. This program includes the adoption of a new decree on ADAC's organization and operation, a progressive debt clearance plan, a financial audit entrusted to an international firm, and a technical cooperation agreement signed with the International Civil Aviation Organization (ICAO) on assessing and developing the skills of technical staff.

In this context of alignment with international standards, the cybersecurity dimension — still largely absent from ADAC's stated priorities — is nonetheless now a central component of ICAO requirements, with direct implications for the civil aviation safety and security oversight that ADAC is working to strengthen.

2. Cybersecurity, ICAO's new standards pillar

ICAO has made cyber-resilience an integral component of civil aviation security. Annex 17 to the Chicago Convention, which sets out standards and recommended practices on security, has through several amendments incorporated provisions on cyber threats, and ICAO has published an aviation cybersecurity strategy structured around several pillars aimed at ensuring a sector resilient to cyberattacks while remaining safe, reliable and innovative. The Muscat Ministerial Declaration on Aviation Security and Cybersecurity, adopted in December 2024, and the resolution of ICAO's 42nd Assembly Session dedicated to cybersecurity in civil aviation, confirm that this issue is now addressed at the sector's highest governance level.

Concretely, these frameworks cover the protection of air traffic management and surveillance systems (notably ADS-B systems, exposed to jamming and spoofing risks), the security of aeronautical communications, the protection of passenger data and reservation systems, and the resilience of airport digital infrastructure. Member states are invited to integrate these requirements into their national oversight frameworks, as part of ICAO's universal security audit programme.

3. Growing exposure against still-limited capacities

The global aviation sector is devoting a growing share of its IT budgets to cybersecurity — a study by the International Air Transport Communications society (SITA) found this share increasing for both airports and airlines. For civil aviation authorities in developing countries, the main obstacle identified internationally remains the lack of dedicated budgetary and human resources to develop appropriate cybersecurity strategies and tools.

For Chad, this issue is particularly acute: airport management, ticketing and communication systems with regional bodies (ASECNA, ASSA-AC, AAMAC, CAFAC) constitute sensitive interconnection points, whose security underpins both compliance with ICAO audits and ADAC's credibility with its regional and international partners.

4. Digitization and security of administrative procedures

Beyond operational navigation and communication systems, ADAC manages a significant volume of administrative procedures with high reliability stakes: issuance and renewal of aeronautical personnel licences, certificates of airworthiness and operation, aircraft registration, and approvals for training organizations and airlines. Digitizing these procedures, when based on secure digital identity and electronic certification infrastructure, helps reduce processing times, limit the risk of document fraud, and facilitate interoperability with national platforms (such as Gouv-Connect) and regional and international civil aviation databases.

This digitization is also a prerequisite for meeting the traceability and auditability requirements expected in ICAO's Universal Safety Oversight Audit Programme (USOAP), which examines in particular states' ability to maintain reliable, up-to-date records.

5. Cross-cutting levers: cybersecurity, electronic certification and local presence

The issues outlined above — cyber-resilience of operational systems, growing exposure against limited capacities, digitization of administrative procedures — converge on a shared conclusion: ADAC's ability to meet ICAO requirements rests on two complementary trust infrastructures. On one hand, technical and organizational cybersecurity covering ADAC's and airports' information systems, aligned with ICAO frameworks (Annex 17, aviation cybersecurity strategy, Doc 8973) and with the national framework led by ANSICE.

On the other hand, an electronic certification and digital identity infrastructure enabling the security and digitization of licence, certificate and registration records, ensuring their interoperability with regional systems (ASECNA, AAMAC, CAFAC) and national platforms (Gouv-Connect). To be sustainable, these systems must be backed by local expertise capable of providing maintenance, training technical staff, and coordinating with national and regional authorities.

6. Collaboration pathways

In line with the reform momentum ADAC has pursued since 2024, several reinforcement avenues can be considered. MEDASH SARL, a company based in N'Djamena active in economic and sociological studies, IT integration, computer equipment supply and internet services, identifies four concrete collaboration pathways:

1. Cyber-resilience diagnostic. Conduct an assessment of ADAC's and Chad's main airports' information systems, aligned with ICAO frameworks (aviation cybersecurity strategy, Doc 8973), to identify gaps to close before upcoming oversight audits (USOAP).
2. Electronic certification infrastructure for aeronautical registries. Secure and digitize licence, airworthiness and operation certificate, and registration records through an electronic certification infrastructure interoperable with regional systems (ASECNA, AAMAC, CAFAC) and national platforms (Gouv-Connect).
3. Development of a national civil aviation cybersecurity policy. Support ADAC in developing a policy incorporating Annex 17 provisions on cyber threats, in line with the national cybersecurity framework led by ANSICE.
4. Training and local support. Train ADAC's technical staff on aviation cybersecurity issues, complementing the technical cooperation agreement signed with ICAO, with a local presence in N'Djamena enabling long-term follow-up.

7. Summary

Civil aviation cybersecurity is no longer a peripheral topic: it is now an explicit pillar of ICAO standards and a criterion assessed in safety and security oversight audits. For ADAC, engaged since 2024 in an institutional turnaround and international compliance effort, integrating this dimension now represents both an anticipation of future requirements and a lever for modernizing its own administrative procedures.

Chadian actors with combined expertise in cybersecurity, electronic certification and knowledge of international aviation standards are particularly well placed to support this effort. MEDASH remains available to ADAC, regional bodies and technical and financial partners wishing to explore any of these pathways further.

Sources

• ADAC Chad, "ADAC's Mission," adac.td.
• Tribune Echos / Les Nouvelles d'Afrique, "Here is ADAC's plan to revive civil aviation in Chad," August 19, 2024.
• ICAO, "Aviation Cybersecurity Strategy," 42nd Assembly Session document.
• ICAO, Resolution A42-19 "Cybersecurity in civil aviation," Resolutions adopted by the Assembly, provisional edition October 2025.
• ICAO, Working paper on Annex 17 — Aviation Security, 42nd Assembly Session.
• Permanent Representation of France to ICAO, "Dossier: Cybersecurity and air transport."
• European Parliament, "Air transport: civil aviation security," Fact Sheets on the European Union.