[SystemSafety] Cyber-Security and Safety for Aircraft and Aircraft Systems: DO-326A guidance

From: Laurent Fabre < >
Date: Thu, 18 Sep 2014 09:48:02 -0700


DO-326A "Airworthiness Security Process Specification" was released last month on the RTCA web site.

The guidance of this document is intended to augment current guidance for aircraft certification to handle the information security threat
(i.e., cyber-security) to aircraft safety. It describes a security
engineering process that includes generic activities with corresponding compliance objectives.
The scope of this document covers both initial Aircraft Type Certification and Aircraft (systems) changes.

Why is this standard likely to be important for the aerospace community? It highly expected that this guidance document will receive recognition from civil aviation certification authorities such as FAA and EASA. Note: this standard has also been published by EUROCAE under the reference ED-202A.
This standard is one of the very few published documents that tackle the topic of integration of Security Engineering with Safety Engineering. At a time where security is almost in the news daily, it is noteworthy to see that there is a guidance document that addresses the interactions between security and safety. In particular, this standard discusses the links between the security process and the safety assessment process
(SAE ARP 4761), and the system engineering process (SAE ARP 4754A).
This standard is not an 'isolated' publication, it is one of a set of three documents dedicated to security engineering. The other two standards are:
- DO-355 "Information Security Guidance for Continuing Airworthiness" covers operations and maintenance (published last June) - DO-YY3 (id not released yet) "Airworthiness Security Methods and Considerations" (to be published in the fall of 2014)

The Aerospace standards have often paved the way or at least influences other industries. Could this standard be another example of this paradigm?

Laurent Fabre

-- 
---------------------------
Critical Systems Labs, Inc.  <www.cslabs.com>




_______________________________________________ The System Safety Mailing List systemsafety_at_xxxxxx
Received on Thu Sep 18 2014 - 18:47:57 CEST

This archive was generated by hypermail 2.3.0 : Mon Feb 18 2019 - 10:17:07 CET