More info
Description / Abstract:
Airworthiness security is the protection of the airworthiness of
an aircraft from intentional unauthorized electronic interference.
This includes the consequences of malware and forged data and of
access of other systems to aircraft systems.
This guidance provides methods and considerations for securing
airworthiness during the aircraft development life cycle from
project initiation until the Aircraft Type Certificate is issued
for the aircraft type design. It was developed in the context of
DO-326A/ED-202A "Airworthiness Security Process Specification"
which addresses type certification considerations during the first
three life cycle stages of an aircraft type (Initiation,
Development or Acquisition, and Implementation) and DO-355/ED-204,
"Information Security Guidance for Continuing Airworthiness" which
addresses airworthiness security for continued airworthiness.
It is intended to be used in conjunction with other applicable
guidance material, including SAE ARP 4754A/ED-79A, SAE ARP
4761/ED-135, DO-178C/ED-12C, and DO-254/ED-80 and with the advisory
material associated with FAA AC 25.1309-1A and EASA AMC 25.1309, in
the context of part 25 for Transport Category Airplanes which
include an approved passenger seating configuration of more than 19
passenger seats. This guidance is not intended for CFR parts 23,
27, 29, 33.28, and 35.15, normal, utility, acrobatic, and commuter
category airplanes, normal category rotorcraft, transport category
rotorcraft, engines, and propellers.
This document does not address:
a. Physical security or physical attacks on the aircraft (or
ground element),
b. Airport, Airline or Air Traffic Service Provider security
(e.g., access to airplanes, ground control facilities, data
centers),
c. Communication, navigation, and surveillance services managed
by national agencies or their international equivalents (e.g., GPS,
SBAS, GBAS, ATC communications, ADS-B).
The methods and considerations of this document address the
assessment of the acceptability of the airworthiness security risk
and the design and verification of the airworthiness security
attributes as related to system safety and airworthiness. Other
aspects of information security for aerospace systems that do not
affect the airworthiness security of the type design are excluded.
Recommendations for handling those aspects can be found in other
guidance.
More specifically, this guidance addresses the following
areas.
It provides guidance for accomplishing the activities identified
in DO-326A/ED-202A in the areas of Security Risk Assessment and
Effectiveness Assurance.
It provides specific methods for Security Risk Analysis and
managing technical requirements for Network Security Domains.
Purpose
This document describes guidelines, methods and tools used in
performing an airworthiness security process. The guidelines,
methods and tools presented are not intended to be exhaustive and
can be expected to be updated with additional methods and
considerations, including those needed to meet evolving regulatory
assumptions. Applicants can propose alternative practices for
consideration by the authorities. Practices for airworthiness
security are still undergoing evolution and refinement as new
features are deployed and the security threat itself evolves.
RTCA/EUROCAE documents on Aeronautical Systems Security will
address information security for the overall Aeronautical
Information System Security (AISS) of airborne systems with related
ground systems and environment. This guidance material is for
equipment manufacturers, aircraft manufacturers, and anyone else
who is applying for an initial Type Certificate (TC), and
afterwards ( e.g. for Design Approval Holders (DAH)), Supplemental
Type Certificate (STC), Amended Type Certificate (ATC) or changes
to Type Certification for installation and continued airworthiness
for aircraft systems, and is derived from understood best
practice.