New Developments in Aviation Cybersecurity and Next-Generation Crash Recorders

May 17, 2019

New Developments in Aviation Cybersecurity and Next-Generation Crash Recorders

Published by SAE Mobilus

Last March, I had the pleasure of introducing Dietmar Freese, a software and electronic hardware certification expert working for the European Union Aviation Safety Agency (EASA) at the Avionics Electronics Europe conference in Munich, Germany. At the conference, Mr. Freese gave an update on the latest EASA regulations for cybersecurity. In addition to discussing the DO-326A Airworthiness Security Process Specification, Mr. Freese also shared an update on future EASA regulations for flight recorders.

On the cybersecurity front, EASA has issued a new notice of proposed amendment (NPA) related to an earlier RTCA document, DO-326A, which came out in 2014. Because DO-326A wasn’t tied to any regulation, it hasn’t been widely implemented since its introduction. Recent incidents have increased a focus on DO-326A, including an incident last year, during which an airline passenger on board a major international carrier, unwisely thought it would be funny to rename his iPhone’s personal wi-fi hot-spot account, “Bomb Onboard.” During the flight, when the other passengers sought the aircraft’s available wi-fi address, they were understandably frightened to find the prankster’s message. In this case, the crew had to divert the aircraft to address the confusion. When the media got wind of the story, pressure was put on aviation regulators to respond.

That unfortunate incident helped to revive interest and awareness of DO-326A, and EASA has now decided to make it mandatory for avionics vendors to implement the specification. EASA is using a route to fast-track the mandate through legislation and it’s now expected that, within the next three or four months, all new avionics developments will be required to perform a DO-326A cybersecurity assessment.

The DO-326A cybersecurity assessment entails seven steps, which branch into 39 security objectives, and comprise a total of 62 activities -- all of which will have to be carried out by the avionics vendor. For the most part, EASA is focused on avionics that connect with the outside world. On today’s aircraft, there are typically three wi-fi systems: the cabin wi-fi, the cockpit wi-fi, and the maintenance wi-fi. Of these three, EASA’s main concern resides with the maintenance wi-fi, which has become more important as the trend toward “zero-touch” aircraft maintenance increases.

Cockpit Voice and Flight Data Recorders

Our award-winning line of compact, lightweight cockpit voice and flight data recorders has been designed to meet all current and anticipated regulations (including 25 hour voice / datalink recording) and are deployed globally. These flight recorders can be customized quickly and can help reduce LRU count by integrating additional functionality into the recorder. Added functionality includes image recording, encryption, and additional data for structural and monitoring programs.


The History of Flight Data Recorders

Flight recorders have come a long way in the last sixty years. This video looks at the transformation of this technology throughout history.