Blog
 

Cyber-Security and Safety for Aircraft and Aircraft Systems: DO-326A guidance

CSL has been an active member of the international committee, RTCA SC 216, charged with the responsibility of developing guidance material that will help ensure safe, secure and efficient operations amid the growing use of highly integrated electronic systems and network technologies used on-board aircraft, for CNS/ATM systems and air carrier operations and maintenance. Recent efforts of the committee have resulted in a revision of RTCA DO 326 “Airworthiness Security Process Specification” that was released on the RTCA web site in August 2014.

The guidance of DO-326A is intended to augment current guidance for aircraft certification to handle the information security (i.e., cybersecurity) threat to aircraft safety. In a nutshell, this new document describes a security engineering process that includes generic activities with corresponding compliance objectives.

The scope of DO-326A not only covers the initial Aircraft Type Certification but also Aircraft (systems) changes. As a result, it is likely to become a very influential guidance document.

Why is this standard likely to be important for the aerospace community?

Aviation certification authorities have seen the need for more official guidance in this area and have been actively supporting the effort of this special committee. In this context, it is highly expected that this guidance document will receive formal recognition from civil aviation certification authorities such as the FAA and EASA as acceptable means of compliance with the security rules. Note: this standard has also been published by EUROCAE under the reference ED-202A.

This standard carries even more weight as it is not an ‘isolated’ publication; it is one of a set of three documents dedicated to security engineering. The other two standards are:

  • DO-355 “Information Security Guidance for Continuing Airworthiness” covers operations and maintenance, published in June, 2014
  • DO-356 “Airworthiness Security Methods and Considerations”, published in September 2014

DO-326A is one of the very few standards that tackle the topic of integration of Security Engineering with Safety Engineering. At a time when cybersecurity is in the news almost on a daily basis, it is noteworthy to see that there is a guidance document that addresses the interactions between security and safety. In particular, this standard discusses the links between the security process, the safety assessment process (SAE ARP 4761), and the system engineering process (SAE ARP 4754A). Aerospace standards have often paved the way for, or at least influenced, other industries. This standard might be another example of this paradigm.

By being an active member of RTCA SC-216, CSL gained essential knowledge to help organisations such as Aircraft OEM and Aircraft System suppliers become proficient with this guidance material.

Cyber-Security and Safety for Aircraft and Aircraft Systems: DO-326A guidance CSL has been an active member of the international committee, RTCA SC 216, charged with the responsibility of developing guidance material that will help ensure safe, secure and efficient operations amid the growing use of highly integrated electronic systems and network technologies used on-board aircraft, for CNS/ATM systems and air carrier operations and maintenance. Recent efforts of the committee have resulted in a revision of RTCA DO 326 “Airworthiness Security Process Specification” that was released on the RTCA web site in August 2014. The guidance of DO-326A is intended to augment current guidance for aircraft certification to handle the information security (i.e., cybersecurity) threat to aircraft safety. In a nutshell, this new document describes a security engineering process that includes generic activities with corresponding compliance objectives. The scope of DO-326A not only covers the...
EN ISO 14971 or not EN ISO 14971?
Friday, 06 September 2013
EN ISO 14971 or not EN ISO 14971?The European community recognised EN ISO 14971:2012 in July 2012. EN ISO 14971:2012 supersedes EN ISO 14971:2009 which was based on ISO 14971:2007 ‘Medical devices - Application of risk management to medical devices’.In general, the EC committee felt that the application of ISO14971:2007 did not meet the Essential Requirements described in the European Medical Device Directive 93/42/EEC. Therefore the EC group reviewed ISO14971 to identify these areas in the standard that are not compliant with the MDD and formally document these deviations.EN ISO 14971:2012 applies only to manufacturers with devices intended for the European market; for the rest of the world, ISO 14971:2007 remains the standard recommended for risk management purposes.Standard outlineThis standard published* in 2012 is somewhat unusual in its layout: it includes three annexes located at the beginning of the document and then includes a copy of the 2007 corrected version of ISO...
FAA Recognizes RTCA DO 178C
Friday, 26 July 2013
FAA recognizes RTCA DO-178C and associated technical supplements (July 2013)The FAA published AC20-115C on July 19, 2013. In this AC, the FAA recognizes RTCA DO-178C, three associated technical supplements and the 'Software Tool Qualification Considerations' document.The actual documents that are the subject of this AC are the following RTCA documents:- DO-178C, Software Considerations in Airborne Systems and Equipment Certification- DO-330, Software Tool Qualification Considerations, dated December 13, 2011.- DO-331, Model-Based Development and Verification Supplement to DO178C and DO-278A,- DO-332, Object-Oriented Technology and Related Techniques Supplement to DO-178C and DO-278A- DO-333, Formal Methods Supplement to DO-178C and DO-278AIt has been a long awaited recognition since the release of RTCA DO-178C in December 2011. (In terms of comparison, RTCA DO-178B was endorsed by the FAA only one month after its publication).Similarly to the previous AC that it replaces, this new AC...
Correctness vs Safety
Tuesday, 16 July 2013
Correctness vs. SafetyOne of the examples that we regularly use in our training material is the catastrophic loss of Lufthansa Flight 2904 on September 14, 1993 when it ran off the end of the runway in Warsaw Poland.  It is an interesting and very useful teaching example because it illustrates some of the main themes of the training that we regularly provide to clients on system/software safety. This accident is particularly effective as an introduction to the training material because students quickly realize that we are not simply talking about defect prevention or quality assurance.When an Airbus 320 lands, the crew relies on the combination of brakes, ground spoilers and reverse thrusters to slow the aircraft.  However in the case of Flight 2904 the activation of all three of these critical systems was delayed such that the aircraft reached the end of the runway at a speed of 72 knots and hit an embankment resulting in 2 fatalities.The official investigation concluded that the...
Alarm Management
Wednesday, 22 May 2013
Alarm Management  Our clients appreciate the fact that we are involved in projects across a wide spectrum of industries becausewe bring insights from common challenges experienced by other industries that lead to innovative solutionsto their problems.  A good example is alarm management which is a consideration in the design of almostevery kind of critical system.  Although the details of alarm management may vary considerably betweentechnical domains, our approach to helping clients with alarm management is based on the same fundamentalconcepts and principles.Thanks to Hollywood and movies such as The China Syndrome (1979), most of us have a sense of theadrenaline fueled drama of a control room during an emergency with alarm bells ringing and lights flashing.  But helping a client develop a sound approach to alarm management goes well beyond thinking about therare moments of high drama.For example, an operator could eventually become desensitized to a spurious alarm that is repeatedly...