Because the aviation industry relies heavily on computer systems in its ground and flight operations, the security of airline systems can directly impact the operational safety and efficiency of the industry, and indirectly impact its service, reputation and financial health.
So it’s not surprising that the aviation industry now must follow new aviation cybersecurity regulations and standards such as DO-326A in the U.S. and ED-202A in Europe.
The DO-326A/ED-202A set of documents is all about the mitigation of the aviation/aircraft safety effects of “Intentional Unauthorized Electronic Interaction (IUEI),” aka “Cyber Threats,” and which were explicitly excluded from the classic DO-178C/ED-12C/ARP4754A set.
DO-326A/ED-202A currently has three companion documents: ED-201, DO-355/ED-204 and DO-356A / ED-203A, and a few more planned.
DO-326A / ED202A provide requirements and objectives in a similar fashion to DO-178C, DO-254 and ARP4754A; while the DO-326A guidance is just that, certification authorities increasingly assess DO-326A compliance as added requirements for aviation suppliers.
The DO-326A/ED-202A set currently applies to fixed-wing aircraft (Part 25), with clear FAA recommendations for the adaptation/tailoring of DO-326A/ED-202A for general aviation (Part 23), rotorcraft (Parts 27 and 29), engines (Part 33) and propellers (Part 35), and clear indications of it will increasingly be applied to these other aircraft including military beginning in 2022 or thereafter.
With increasing digitization and connectivity, adversaries have significant attack surface and opportunity. The growing complexity of systems, process and supply chain, alongside increasing wireless connectivity, adds to the potential weakening of the physical controls that have protected the aviation sector for so long.
Despite increased regulation to fight cybercrime, most aviation experts agree that there is no single solution to aviation cybersecurity, and it will take positive collaboration across diverse stakeholders. Building partnerships across safety, security, cybersecurity and enterprise IT will also be challenging, but will lead to greatly increased understanding of holistic risk, better reflecting the nature of the complex attack surface being defended.
Want to know more about aviation cybersecurity airworthiness? Tonex offers Aviation Cybersecurity Airworthiness Certification, a 3-day course that introduces participants to the aviation industry’s best practices cybersecurity risk assessment, analysis, development, mitigation and assurance.
Additionally, Tonex offers over 30 other courses in Cybersecurity Foundation, including:
—Computer Network Architecture Training (3 days)
—Car Cyber Threats and Digital Forensics (3 days)
—Cloud Security Training Crash Course (3 days)
—Smart Grid Cybersecurity Training (3 days)
—Introduction to Hacking Training (3 days)
For more information, questions, comments, contact us.