2-Day DO-326A/ED-202A & DO-356A/ED-203A Practical Workshop by Tonex
A focused, interactive workshop covering the security framework for avionics, data flow, connectivity analysis, and security architecture validation.
This workshop offers hands-on, practical learning on implementing DO-326A/ED-202A and DO-356A/ED-203A. Participants will gain a deep understanding of the practical applications of DO-326A/ED-202A, equipping them to conduct robust cybersecurity assessments and ensure aerospace system security and compliance.
The DO-326A/ED-202A Aerospace Cybersecurity Framework Workshop provides structured guidelines to enhance security in aerospace systems, addressing new challenges as aviation technology becomes more connected. With increased reliance on internet-based services, traditional aerospace protocols like ACARS are evolving, now incorporating Internet Protocol (IP) and other advanced data features. This shift, while beneficial, introduces new security risks that impact aircraft safety.
Aerospace Security Framework Overview
Historically, avionics development did not prioritize cybersecurity, making retrofitting for security both costly and complex. The Aerospace Security Framework is designed to build a cohesive, secure environment by combining best practices from industry standards like DO-326A/ED-202A for avionics and ISO 27000 or NIST standards for IT infrastructures. DO-326A/ED-202A provides structured guidance on secure development practices for Line Replaceable Units (LRUs), helping secure on-board and ground communications.
Key Framework Components
- RTCA DO-326A and EUROCAE ED-202A
- Purpose: Establishes an airworthy security process for avionics to ensure secure aircraft operation and mitigate cyber threats.
- Applicability: This standard focuses on aerospace systems, particularly LRUs, providing security criteria and assessment guidance.
- Security Assurance Levels
- Levels: Defines security assurance levels that match system criticality, guiding the risk assessment and mitigation measures to maintain aircraft safety.
- Guidance: DO-326A/ED-202A outlines these levels, specifying processes for threat analysis and countermeasure validation.
- Supporting Standards
- DO-356A/ED-203A: Complements DO-326A/ED-202A by detailing threat and risk assessment processes and security measures specific to external connectivity.
- DO-355/ED-204A: Adds guidance on managing external interfaces and mitigating risks associated with connectivity to networks and devices.
- DO-178C/ED-12C Integration: Aligns cybersecurity practices with software considerations, enhancing secure software architecture and system reliability.
Learning Objectives:
- Understand cybersecurity requirements for aerospace systems.
- Conduct risk assessments in alignment with DO-326A and DO-356A.
- Apply the V-model to develop and verify secure aerospace systems.
- Explore tools supporting validation and verification processes compliant with these standards.
Audience:
- Cybersecurity engineers, avionics developers, and aerospace certification authorities.
Course Modules:
Module 1: Introduction to Aerospace Cybersecurity Standards
- Overview of DO-326A/ED-202A and supporting frameworks like DO-356A.
- Key principles and objectives for cybersecurity in aerospace applications.
Module 2: Risk Assessment and Security Assurance Levels
- Steps to assess cybersecurity threats and define security assurance levels.
- Case studies on determining risk levels for various avionics components.
Module 3: Secure Design and Validation Processes
- Using the V-model for aerospace security architecture and certification.
- Designing secure systems with an emphasis on Line Replaceable Units (LRUs).
Module 4: Data Flow and Connectivity Impact Assessment
- Creation and analysis of data flow diagrams.
- Evaluating connectivity to external devices or networks and mitigating associated risks.
Module 5: Validation and Verification Tools and Techniques
- Practical application of tools to validate and verify cybersecurity compliance.
- Hands-on exercises in compliance processes and security testing for DO-326A/ED-202A.