"The objective of this Notice of Proposed Amendment (NPA) is to mitigate the potential effects of cybersecurity threats on safety. Such threats could be the consequences of intentional unauthorised acts of interference with aircraft on-board electronic networks and systems", EASA
Cyber Security is a critical issue that continues to grow in importance with every data breach that occurs. Digital defences are constantly being probed in virtually every industry including aviation, where systems are increasingly connected, and those interconnections are susceptible to new threats.
EASA’s mission is to provide the European citizens safe air travel in Europe and worldwide. Civil Aviation is an attractive target for cyber-attacks and the agency's role is to ensure that cyber risks are taken into account during aircraft design, development and operation and then controlled in order to avoid adverse effects on citizens’ safety. In this context, EASA needs to consider the state-of-the-art means of protection against these threats when certifying new products or parts.
This NPA issued on February 2019, proposes amendments to CS-23, CS-25, CS-27, CS-29, CS-E, CS-ETSO, CS-P, and related acceptable means of compliance (AMC)/guidance material (GM), together with AMC-20, where a new section "Airworthiness information security risk assessment" is appended. In this context, a Security Risk Assessment must be performed in means of complying with the Certification Standards.
The release and implementation of the modified CSs, AMCs and GMs is scheduled for the third quarter of this year 2019, and will apply to both aircraft, engines or propellers, and equipment:
- Type Certificate (TC)
- Supplemental Type Certificate (STC)
- Change of product
- Certification of systems and equipment providing Air Service Information or that are subject to potential information security threats
- Approval of a new item of equipment or change of equipment in an ETSO article
At DMD Solutions, we are always abreast of the latest amendments and ready to help designers, manufacturers and maintainers adapt their products to the changing regulatory frameworks.