RTCA Paper No. 138-12/PMC-1008 June 13, 2012 TERMS OF ...

More documents

Recommendations

Info

DELIVERABLES: Product Description Due Date Change Security Assurance and Assessment Methods for Safety-related Aircraft Systems (new document DO-XXX) The document should propose methods for systems affected by security considerations to be developed and assessed. June 2013 June 2012 Security Assurance and Assessment Processes for Safety-related Aircraft Systems (DO-326) Security Guidance for Continuing Airworthiness (new document DO-YYY) The document provides guidance for systems affected by security considerations to be developed and assessed. The document should propose guidance for continuing airworthiness for systems affected by security considerations. Dec 2010 (completed) June 2013 June 2012 Update to Security Assurance and Assessment Processes for Safety-related Aircraft Systems (revised DO-326) The document should update guidance for systems affected by security considerations to be developed and assessed to include all category aircraft. June 2013 June 2012 Additional deliverables will be defined by the Special Committee during development of the above document, no later than December 2012. SCOPE: The scope of this committee is the type certification for airworthiness, instructions for continued airworthiness (ICA), and operational implementation of the ICA, (hereinafter referred to as continuing airworthiness) of installed aircraft systems connected to an aircraft electronic network. The committee will address conditions where the security of the system interfaces or information crossing those interfaces may cause or contribute to a failure condition that impacts aircraft safety of flight - excluding communication, navigation, and surveillance services managed by US Federal agencies or their international equivalents. The material developed by this SC will encompass the following: a. Security threats can be identified as those that impact aircraft safety and those that have business or privacy implications, but no impact on safety of flight. This SC will only develop guidance material that addresses installed aircraft systems when the airworthiness and safety of flight of those systems has been impacted by information security threats from non-installed systems. 2
. Aircraft systems and equipment: i. All aircraft systems electronic equipment. ii. Electronic networks used for on-board data exchange and for information exchange with systems external to the airplane, and data exchange with portable devices (passenger). c. Assumptions about and considerations for the impact of security on aircraft systems and equipment from aircraft external systems, including, as necessary, means for the evaluation and assessment of such systems in terms useful to airborne security processes. The following systems will be considered, but only the portions that have an effect on aircraft safety: i. Airline-owned systems ii. Airport-owned systems iii. Private network service providers The SC will not address: a. Other aspects of safety already addressed in existing guidance material, such as AC/AMJ 25.1309, ARP 4754, DO-178B, DO-278, and DO-254, except to the extent where there is a reliance on those other means of compliance. b. Physical security or physical attacks on the aircraft (or ground element) c. Airport, Airline or Air Traffic Service Provider security (e.g., access to airplanes, ground control facilities, data centers, etc.) d. Communication, navigation, and surveillance services managed by US Federal agencies or their international equivalents (for example; GPS, SBAS, GBAS, ATC data communications, ADS-B, etc.). ENVISIONED USE OF DELIVERABLE(S) The Security Assurance and Assessment Processes and Methods for Safety-related Aircraft Systems and the Security Guidance for Continuing Airworthiness documents are intended to be used by the FAA and other civil aviation authorities (CAAs) as an acceptable means of addressing the security-related safety aspects of aircraft systems. It is envisioned that the documents would be invoked by an Advisory Circular for applicable aircraft types for certification. The continuing airworthiness document would be invoked by an Advisory Circular for operators responsible for operating and maintaining a secure aircraft system. SPECIFIC GUIDANCE: The special committee should develop guidance material that, at a minimum: a. Provides processes and methods for assessing system networks for security threats and to identify specific Aeronautical Networked System Security Issues. b. Identifies network and data security issues that may impact aircraft safety and those where the impact is more business or privacy related, yet still important. c. Establishes assurance levels for security that relate to existing safety assurance (e.g., AC/AMJ 25.1309) criteria and levels and provides objectives for evaluating network security implementations d. Contains acceptable methods of demonstrating system safety when security issues impact aircraft systems. e. Addresses recording and responding to security “events” and guidelines for operations, continued operational safety and maintenance of security features. f. Addresses the requirements and guidance for post-response recovery, including identification of affected systems, restoration of system configurations, notification requirements, and other related activities. 3
Page 1: RTCA Paper No. 138-12/PMC-1008 June
Page 5: TERMINATION: Activities of Special

RTCA Paper No. 138-12/PMC-1008 June 13, 2012 TERMS OF ...

Create successful ePaper yourself

Delete template?

Save as template?