The Nigerian Civil Aviation Authority (NCAA) has no issued twin directives to bolster aviation security and cybersecurity across the sector. These enhanced aviation security cybersecurity protocols will take effect on October 1, 2025. Director General Capt. Chris Najomo signed two directives on March 25, 2025. Both aim to align Nigeria’s aviation sector with global safety benchmarks.
Failure to comply by October 1, 2025, may result in penalties.
The first directive, Baseline Security Training and Screener Certification referencing Circular DGCA/AVSEC/AOL/25/003 (NCAA/DAVSEC/HQ/OD/6/1/33), the NCAA mandates that all aviation security personnel complete the Basic STP 123 AVSEC Course before deployment. The training, now part of the National Civil Aviation Security Training Programme (NCASTP), ensures personnel possess standardized skills to implement security measures under Nigeria’s National Civil Aviation Security Programme (NCASP).
Certification of personnel conducting screenings (via X-rays or other means), with records subject to NCAA audits. Compliance from airports, airlines, ground handlers, cargo operators, and allied service providers.
The move aligns with ICAO Annex 17 (Standard 3.4.1) and seeks to “equip personnel with knowledge to effectively mitigate security risks,” stated Capt. Najomo.
The second directive on Cybersecurity Safeguards for Critical Systems under Circular DGCA/AVSEC/AOL/25/004(NCAA/DAVSEC/HQ/OD/6/1/34), entities must adopt stringent cybersecurity protocols outlined in Appendix Y to the NCASP 2024. The guidelines require: identification and protection of critical ICT systems through measures like “security by design” and network separation.
Submission of system details to the NCAA, regular vulnerability assessments, and cybersecurity awareness training for staff.
Immediate reporting of cyber incidents to authorities.
Applicable to airports, airlines, air traffic services (NAMA), weather services (NIMET), and drone operators, the directive cites Nigeria’s Civil Aviation Regulation (Part 17.59) and aims to safeguard data confidentiality and integrity.
The enhanced aviation security cybersecurity protocols address dual threats: physical and digital. Director General Capt. Najomo called the reforms “non-negotiable for modern aviation.” He emphasized that the dual directives address “evolving physical and digital threats to aviation,” ensuring Nigeria meets international benchmarks. Stakeholders have six months to adopt new training and IT frameworks. Non-compliance by October 2025 risks penalties.
The NCAA said entities must submit training records and cybersecurity policies to NCAA regional offices or via info@ncaa.gov.ng. Failure to comply by October 1, 2025, may result in penalties.
These steps mark Nigeria’s push to modernize aviation security amid global concerns over terrorism and cyber attacks, reinforcing its commitment to safe and resilient air travel.
