[SystemSafety] Cyber-Security and Safety for Aircraft and Aircraft Systems: DO-326A guidance

Laurent Fabre laurent.fabre at cslabs.com
Thu Sep 18 18:48:02 CEST 2014


DO-326A "Airworthiness Security Process Specification" was released last 
month on the RTCA web site.

The guidance of this document is intended to augment current guidance 
for aircraft certification to handle the information security threat 
(i.e., cyber-security) to aircraft safety. It describes a security 
engineering process that includes generic activities with corresponding 
compliance objectives.
The scope of this document covers both initial Aircraft Type 
Certification and Aircraft (systems) changes.

Why is this standard likely to be important for the aerospace community? 
It highly expected that this guidance document will receive recognition 
from civil aviation certification authorities such as FAA and EASA. 
Note: this standard has also been published by EUROCAE under the 
reference ED-202A.
This standard is one of the very few published documents that tackle the 
topic of integration of Security Engineering with Safety Engineering. At 
a time where security is almost in the news daily, it is noteworthy to 
see that there is a guidance document that addresses the interactions 
between security and safety. In particular, this standard discusses the 
links between the security process and the safety assessment process 
(SAE ARP 4761), and the system engineering process (SAE ARP 4754A).
This standard is not an 'isolated' publication, it is one of a set of 
three documents dedicated to security engineering. The other two 
standards are:
-    DO-355 "Information Security Guidance for Continuing Airworthiness" 
covers operations and maintenance (published last June)
-    DO-YY3 (id not released yet) "Airworthiness Security Methods and 
Considerations" (to be published in the fall of 2014)

The Aerospace standards have often paved the way or at least influences 
other industries. Could this standard be another example of this paradigm?

Laurent Fabre

-- 
---------------------------
Critical Systems Labs, Inc.  <www.cslabs.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20140918/910ac3d9/attachment-0001.html>


More information about the systemsafety mailing list