RTCA DO-326A, titled “Airworthiness Security Process Specification,” provides guidance for handling the threat of intentional, malicious interference with aircraft systems. It outlines compliance objectives and data requirements for aircraft and airborne equipment manufacturers, and examines the interactions between security and safety.
DO-326A covers such things as navigation and terrain awareness warning databases, though it doesn’t provide specific direction on how to implement required safeguards. Instead, it mandates a process under which all threat scenarios and use cases are identified and adequate measures are put in place to mitigate them. Under DO-326A, a system integrator deploying any new avionics, such as a navigation system, onto an aircraft must demonstrate that they have protection measures in place and that they’ve identified the necessary aircraft and security perimeters to mitigate against a malicious actor.
DO-326A complements other advisory material, such as the hardware and software safety certification guidance documents RTCA DO-254 and DO-178C. Similarly to how the DO-254 standard requires a Plan for Hardware Aspects of Certification (PHAC) and DO-178C requires a Plan for Software Aspects of Certification (PSAC), the DO-326A standard calls for a Plan for Security Aspects of Certification (PSecAC). Today, any new aircraft system that is connected to the outside world will have to address the DO-326A requirements that are flowing down from the regulators.
Read about the solutions and standards, such as DO-326A, developed to enhance avionics systems’ cybersecurity and data protection in our white paper, Optimizing Cybersecurity on Today’s Connected Military and Commercial Aircraft.