Airworthiness Security Methods and Considerations
|Publication Date:||21 June 2018|
Airworthiness security is the protection of the airworthiness of an aircraft from intentional unauthorized electronic interaction. Existing safety processes have not had to consider intentional disruption.
Intentional unauthorized electronic interaction (also known as "unauthorized interaction" within the scope of this document) is defined as a circumstance or event with the potential to affect the aircraft due to human action resulting from unauthorized access, use, disclosure, denial, disruption, modification, or destruction of information and/or aircraft system interfaces. This includes the consequences of malware and forged data and the effects of external systems on aircraft systems but does not include physical attacks or electromagnetic disturbance.
This document provides methods and considerations for showing compliance for airworthiness security during the aircraft design and development life cycle. It was developed as a companion document to DO-326A / ED-202A which addresses security process aspects of aircraft certification. Guidance for airworthiness security during the complete aircraft life cycle is provided through the additional companion document RTCA DO-355 / EUROCAE ED-204, Information Security Guidance for Continuing Airworthiness, which addresses the airworthiness security for the continued airworthiness outside of design and development.
This document assumes that its readers are knowledgeable of applicable guidance material. The guidelines in this document were developed in the context of 14 CFR Part 25 and EASA CS-25. It may be applicable to other regulations, such as Parts 23, 27, 29, 33, and 35 (CS- 23, CS-27, CS-29, CS-E, CS-P). It does not assume that applicants are in compliance with the guidance materials referenced in this document but does assume that the applicant has in place a comprehensive flight safety program as part of development and continued airworthiness which is compliant with regulation, and an applicant may tailor this guidance appropriately in negotiation with regulatory authorities.
The methods and considerations of this document provide guidance for accomplishing the airworthiness security process activities identified in DO-326A / ED-202A. See section 1.3 for a discussion of the guidance provided. Appendix C lists the DO-326A / ED-202A activities and references that are addressed in this version of the document. The scope of this document is limited to protection of airworthiness security - the aspects of information security which could compromise the safety of the aircraft. The safety aspects of physical attacks - known as Aviation Security - are out of scope of the document and can be found in documents such as ICAO Convention Annex 17. Any use of this document for aspects of information security outside of airworthiness security - e.g. security of business interests - is considered out of scope of this document. Figure 1-1 illustrates these uses of security.
This document provides a set of methods and guidelines that may be used within the airworthiness security process defined in RTCA DO-326A / EUROCAE ED-202A, Airworthiness Security Process Specification. It is recognized that alternative methods to the processes described or referenced in this document may be available to an organization desiring to obtain certification.
This document does not provide guidelines concerning the structure of an individual organization or how the responsibilities for certification activities are divided. No such guidance should be inferred from the descriptions provided.