search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
TECH TALK


EASA MOVES FORWARD ON CYBERSECURITY


Aircraft today are basically fl ying


network hubs with seats, fuel tanks, and wings. Onboard networks are a critical means by which to manage operational systems including fl ight control, in-fl ight entertainment (IFE), air-ground communications, cabin support, and navigation systems. Software and database updates happen at regular frequencies before fl ights, as well as maintenance and lifecycle information being off -loaded. A myriad of cybersecurity-related policies and procedures exist to protect aircraft from cyber-related attacks that may jeopardize the safety of passengers and crew. To combat the ever-growing need to better secure aircraft, the European Aviation Safety Agency (EASA) issued a potential new cybersecurity amendment (RMT.0720) which addresses how aircraft electronic networks and systems are certifi ed in February 2019. This Notice of Proposed Amendment (NPA - Amendment 2019-01 TE.RPRO.00034-009) is intended to better mitigate the potential eff ects of cybersecurity threats to aviation safety earlier in the lifecycle of an airborne product containing software, rather than retrofi tted in at a later time. The need for this has been debated amongst various industry groups for many years, and we are now seeing one of the fi rst signifi cant


regulatory actions on this. EASA will accept comments from the industry comments through May 22, 2019, and anticipates fi nalizing the new rules by the third quarter of this year. These amendments will also create more harmonization between EASA and FAA regulations in this area. This new set of amendments is aimed at manufacturers (and operators) of new or modifi ed aircraft systems and networks attempting certifi cation which will now be required to demonstrate better capabilities in these systems to handle threats that can lead to unauthorized access and disruption of electronic information or electronic aircraft system interfaces. Modern aircraft network designs are typically based upon Internet Protocol (IP) methodology, which is well understood globally and thus, off ers many methods for intended and unintended access to electronic ports of airborne systems and components. EASA used the recommendations


from the group named the Aviation Rulemaking Advisory Committee (ARAC), which develops regulations using committees/working groups that are made up of members of the aviation community and the FAA. The ARAC then formed the Aircraft Systems Information Security and Protection (ASISP) working group to produce standards for protecting


BY JOHN PAWLICKI | OPM RESEARCH


IN THIS DIGITAL AGE THAT WE LIVE IN, WHERE EVERYTHING POSSIBLE COMMUNICATES SOMEHOW WITH THE WORLD AT LARGE, PROVIDING STRONGER CYBER PROTECTION HAS BECOME PARAMOUNT. THE AVIATION INDUSTRY KNOWS THIS ALL TOO WELL, AS THE TRANSITION TO E-ENABLED AIRCRAFT, LARGE AND SMALL, HAS HAPPENED IN A RATHER SHORT AMOUNT OF TIME. IT CAN BE ARGUED THAT THIS TRANSITION HAS OUTPACED THE AVIATION INDUSTRIES ABILITY TO OVERSEE ITSELF PROPERLY.


aircraft systems from existing and emerging cyber threats.


WHAT IS THE ASISP


WORKING GROUP? The FAA has been addressing cyber vulnerabilities during certifi cation using Special Conditions (SCs) since 2005. Some have questioned if this was the best method for dealing with cyber issues, so in 2014 the FAA asked the ARAC to form a new working group to defi ne recommendations on protecting aircraft systems from cyber vulnerabilities specifi cally. This team was named the Aircraft Systems Information Security and Protection (ASISP) working group, and its goal is to provide recommendations for potential policy/guidance, rulemaking, and best practices in this area. This applies to large airplanes, small airplanes, rotorcraft, and engines, including both certifi cation and continued airworthiness. ASISP was to consider and recommend upon the usability of other essential cybersecurity-related standards from such standards bodies as the Aeronautical Radio Incorporated (ARINC), Federal Information Processing Standards (FIPS), International Standards Organization (ISO), National Institute of Standards and Technology (NIST), Radio Technical Commission for


14 DOMmagazine.com | may 2019


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76