The recent European Aviation Safety Agency (EASA) “proposal” of cybersecurity amendments to aircraft and systems electronic networks and systems certification — combined with lower profile, but very real proposals for amendments by the U.S. Federal Aviation Administration (FAA — finally set a long-overdue deadline for all aviation stakeholders to comply with the emerging aviation cybersecurity standards by the third quarter of 2019.
As this deadline is just a few months away, many questions arise now as aircraft makers, equipment providers and other stakeholders scramble to meet this deadline. Being presented with such questions by DO-326/ED-202 webinars attendees, DO-326/ED-202-set white-paper readers and DO-326/ED-202-set training students, I felt those most affected by the aviation regulatory community would be served best if at least the most common ones were addressed.
These cybersecurity amendment proposals from EASA and the FAA are an all-in-one proposition, making the DO-326 and ED-202-set an official European acceptable means of compliance (AMC) for all types of aircraft, rotorcraft, engines and propellers. The practical meaning of it, and with no other AMC in the foreseeable future, is that any certifications of aircraft, rotorcraft, engines and propellers — and any related equipment or service sought from EASA — would need to comply with this set of standards as early as this year.
While the EASA proposition is indeed inclusive and scheduled to become regulation by Q3 of 2019, the FAA process aims to first address the AMC by issuing an advisory circular (AC) making the DO326/ED-202 set a U.S. official acceptable means of compliance by the third quarter of 2019, then proceed to the stricter formalities of revising 14 CFR Parts 21/23/25/27/29/33/35 in the following months.
Under the new amendments proposed by EASA, manufacturers and operators seeking certification of new aircraft systems and networks, or modifications to existing ones, will be required to address threats that can lead to unauthorized access and disruption of electronic aircraft system interfaces or information. EASA is proposing the new amendments to address the growing presence of connectivity within modern aircraft network designs.
“Since aircraft systems are increasingly connected, and thus potentially vulnerable to security threats, EASA needs to consider the state-of-the-art means of protection against these threats when certifying new products or parts,” the agency said in the NPA.
EASA identified seven different certification specifications areas, including technical regulatory requirements for business jets, commercial airliners and rotorcraft. Amendments were developed based on recommendations provided by an Aviation Rulemaking Advisory Committee (ARAC) that was tasked by the FAA with standardizing the way aircraft systems are protected from emerging cyber threats. The amendments will also introduce more harmonization between EASA and FAA regulations.
The practical implications for certifications sought from the FAA are exactly the same as the ones from EASA, which will harmonize FAA and EASA in terms of aviation cyber security certification.
What is, at the end of the day, the DO-326/ED-202 set, that is to become mandatory this year?
The DO-326/ED-202 set of standards, jointly developed by RTCA (U.S.) and EUROCAE (Europe) since 2006 includes, at its core, the following standards:
Additionally, Eurocae issued two more documents, without RTCA U.S. equivalents at this stage:
All of the above means that every aspect related to aircraft or aircraft components, from pre-inception to post-decommissioning, will be mandated by the DO-326/ED-202-set before the end of this year.
In the first stage, beginning this year, all developers and producers of aerospace platforms as well as all equipment developers and producers will naturally be affected. Operators, MROs and many other peripheral aerospace stakeholders will too, either directly or indirectly, with senior to mid-level executives and technical managers of aircraft, avionics and in-flight entertainment, as well as anything even remotely related to communication equipment, most likely to be affected immediately. Once EASA’s proposed amendment becomes regulation, all of the design engineers within each of these companies would need to intimately get acquainted with the DO-326/ED-202-set. The operators would immediately need to comply with DO-355 and ED-304, which are associated with in-service cybersecurity and operation rather than design and protection from intrusion.
Next, when regulation expands to become more inclusive, the air traffic management and air navigation service providers can expect to be affected, also as soon as next year – at least in Europe, while their U.S. colleagues would directly get their directions from the FAA, without any regulation for the time being.
The coming decade will probably see more and more aspects of aerospace affected by these new cybersecurity regulations, such as airports, for instance, to name but one aspect that is on the regulators’ stated agenda.
DO-326/ED-202 is often nicknamed “Cyber DO-178,” implying an equivalence between the classic avionics software development standard DO-178 (Euro: ED-12) and DO-326/ED-202. However, as tempting as this analogy may seem, carefully examining the existing aircraft/avionics standards and regulation would yield a more complex picture.
Indeed, there are close relations between the new cyber set of standards and the existing safety regulation eco-system, mainly including SAE’s ARP-4754A, SAE ARP-4761, DO-178C, DO-254 and a few more standards, but these relations would probably make DO-326A/ED-202A a “Cyber add-on” to ARP-4754A and DO-356A/ED-203A; the equivalent of a “Cyber ARP-4761” AND partly a “Cyber DO-178C.” Life is more complex than slogans here…
However, what is already completely clear is, that the new DO-326 and ED-202 set is a perfect fit into the current avionics standards/regulations ecosystem as it adds a new layer of man-made-failures protection to the classic natural-cause-failures safety considerations.
Parts of the DO-326/ED-202-set have already become de-facto acceptable means of compliance, at least in the United States — not entirely, not consistently, not immediately, but enough to convince fence-sitters that the FAA plays the cybersecurity game for keeps.
The most prominent examples for such early adoption are the following:
All in all, EASA has already crossed the rubicon in February, while FAA has already been mandating as much as it possibly could for cybersecurity certification.
Look out for more updates on these concepts with concrete examples coming in a new cybersecurity column that I will be contributing to Avionics on a monthly basis.
Aharon David is the Chief WHO (White Hat Officer) of AFUZION Inc., a global leader of aviation development, certification, training and consulting. He received his BSc in Aerospace Engineering at the Technion, Israel’s Institute of Technology and his MBA at the Tel-Aviv University. His Avionics experience as a developer, manager, advisor, trainer and speaker spans almost four decades. Aharon delivers courses, webinars and presentations on the DO-326/ED-202 set of cybersecurity regulation.