[SystemSafety] Cyber-Security and Safety for Aircraft and Aircraft Systems: DO-326A guidance
Laurent Fabre
laurent.fabre at cslabs.com
Thu Sep 18 18:48:02 CEST 2014
DO-326A "Airworthiness Security Process Specification" was released last
month on the RTCA web site.
The guidance of this document is intended to augment current guidance
for aircraft certification to handle the information security threat
(i.e., cyber-security) to aircraft safety. It describes a security
engineering process that includes generic activities with corresponding
compliance objectives.
The scope of this document covers both initial Aircraft Type
Certification and Aircraft (systems) changes.
Why is this standard likely to be important for the aerospace community?
It highly expected that this guidance document will receive recognition
from civil aviation certification authorities such as FAA and EASA.
Note: this standard has also been published by EUROCAE under the
reference ED-202A.
This standard is one of the very few published documents that tackle the
topic of integration of Security Engineering with Safety Engineering. At
a time where security is almost in the news daily, it is noteworthy to
see that there is a guidance document that addresses the interactions
between security and safety. In particular, this standard discusses the
links between the security process and the safety assessment process
(SAE ARP 4761), and the system engineering process (SAE ARP 4754A).
This standard is not an 'isolated' publication, it is one of a set of
three documents dedicated to security engineering. The other two
standards are:
- DO-355 "Information Security Guidance for Continuing Airworthiness"
covers operations and maintenance (published last June)
- DO-YY3 (id not released yet) "Airworthiness Security Methods and
Considerations" (to be published in the fall of 2014)
The Aerospace standards have often paved the way or at least influences
other industries. Could this standard be another example of this paradigm?
Laurent Fabre
--
---------------------------
Critical Systems Labs, Inc. <www.cslabs.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20140918/910ac3d9/attachment-0001.html>
More information about the systemsafety
mailing list