Aircraft Systems, Safety and Cyber-security: RTCA DO-326A guidance
Laurent Fabre, Critical Systems Labs
The increasingly integrated nature of electronic systems and network-intensive technologies in airborne systems, and the connection of these systems with ground-based systems, demands the use of effective processes to ensure that the assessment of airworthiness hazards takes sufficient account of information security threats. RTCA DO-326A, Airworthiness Security Process Specification, augments previously existing guidance for aircraft certification to handle the information security threat to aircraft safety.
The publication of RTCA DO-326A / EUROCAE ED-202A will have a substantial influence on aircraft system development with direct references to this standard by many aviation certification authorities including the FAA and EASA.
In this context this tutorial will review the concepts and the security process described in RTCA DO-326A. As a member of the editorial group that developed the 326A version, the tutorial presenter will share insights on particular concepts such as security effectiveness and some of the approaches to be compliant with the standard.
Additionally, this tutorial explains how to position and integrate this security guidance versus other key and well-established standards related to system safety assessment and the development of aircraft systems respectively SAE ARP 4761 and SAE ARP 4754.
To complete this introduction to recently released aircraft cyber-security guidance, this tutorial presents the scope of two other cyber-security related publications developed by the Special Committee-216. The titles of these two other documents are:
- Information Security Guidance for Continuing Airworthiness (RTCA DO-355)
- Airworthiness Security Methods and Considerations (RTCA DO-356)
In general, this tutorial will benefit all aircraft system engineers and engineering managers who want to gain insights about new expectations from aircraft certification authorities in the domain of cyber-security. Additionally, this tutorial will be of most benefit to avionics designers, system safety engineers and security engineers who want to learn how the security process described in this guidance document interacts with the disciplines of safety assessment and aircraft design.