Will Today’s Cybersecurity Guidelines and Standards Become Mandates for Connected Aircraft Systems?
Published in Avionics International
Written by Frank Wolfe
Aviation cybersecurity mandates by the European Union Aviation Safety Agency (EASA) and the Federal Aviation Administration (FAA) are coming in the next two years, according to participants in an Avionics International Apr. 7 webinar, Clearing the Skies of Cybersecurity Vulnerabilities from the Ground Up.
This year, EASA may adopt AMC 20-42 (NPA 2019-1) that will link information security guidelines to the high-level cyber standards of RTCA DO-326A or the EUROCAE ED-202 series.
Asked during the webinar how the avionics industry has thus far embraced airworthiness cybersecurity standards in RTCA DO-326A, 355, and 356, Alex Wilson, the director of aerospace and defense at Wind River, said that cybersecurity standards "have been adopted slowly, but I think we’ll see a more rapid adoption throughout this year and the coming year.”
"Currently, the standards are more voluntary or applied on a case by case basis on aircraft systems as they go into certification," he said. "These standards have been around in embryonic form since the [Boeing] 787 [Dreamliner] first went through its airworthiness process [a decade ago]."
Wilson predicted that "once we see those standards being mandated through rules and regulations, we’ll start to see a massive adoption and a requirement of all new avionics systems to go through [these] standards."
Such mandates may spark or re-ignite, the operational red teaming of aircraft cyber systems.
It has been unclear what the path forward is for cyber vulnerability testing of airliners in the United States after last month's decision by the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) to end the testing of a Boeing 757-200 at the Federal Aviation Administration (FAA) William J. Hughes Technical Center in Atlantic City.
Cyber vulnerabilities are not the exclusive domain of commercial airliners but also are faced by military and business aircraft and future urban air mobility platforms and by diverse systems, such as onboard radar altimeters, Global Positioning System receivers, and military Identification Friend or Foe (IFF) systems.
Paul Hart, the chief technology officer at Curtiss-Wright Defense Solutions, said that combat search and rescue helicopters can have up to 60 computers onboard to run flight control processes, such as take-off and landing, and complex synthetic vision systems, while UAVs normally have less than 10 processors for flight control and detect and avoid systems, and airliners "typically have more than 100 computing platforms."
COTS-Based Trusted Computing: Getting Started in Next-Generation Mission-Critical Electronics
Trusted computing involves technologies protect mission-critical embedded electronics from physical and remote attacks and from hardware and software failures.
Establishing a Root of Trust: Trusted Computing and Intel-based Systems
Steve Edwards looks at trusted computing solutions that carry effective protections against cyberattacks.
Trusted Computing for Defense & Aerospace Article eBook
This collection of articles, originally published by Military & Aerospace Electronics, covers a variety of Trusted Computing topics such as trusted boot, cyber security, quantum computing, cryptography and more, with a specific focus on the defense and aerospace industries.
Trusted Computing for Defense & Aerospace
Curtiss-Wright goes well beyond standard approaches to Trusted Computing to provide truly secure solutions for air, ground, and sea platforms. We keep cybersecurity and physical protection in mind, from design and testing to supply chain and manufacturing. This comprehensive, end-to-end approach creates an effective mesh of protection layers that integrate to ensure reliability of Curtiss-Wright products in the face of attempted compromise.
Related White Papers
Cybersecurity Trends in Aerospace and Defense Applications
A recent online cybersecurity expert discussion explored emerging cybersecurity vulnerabilities and the challenges faced by the defense and aerospace industries in identifying and mitigating attacks. This white paper from Wind River summarizes the ideas and key points that were covered during this discussion.
Trends in Network Cybersecurity
We explore the ever-evolving domain of network security, a key segment of embedded systems that’s been under the microscope as cyber threats become more common.
Optimizing Cybersecurity on Today's Connected Military and Commercial Aircraft
System developers must safeguard tactical information exchange and the integrity of command and control links between ground stations and airborne platforms.