TERMS OF REFERENCE Special Committee (SC) 216 Aeronautical Systems Security (Revision 8)

Similar documents
TERMS OF REFERENCE (Revision 9) Special Committee (SC) 213 Enhanced Flight Vision Systems/Synthetic Vision Systems

TERMS OF REFERENCE Special Committee (SC) 186 Automatic Dependent Surveillance Broadcast (ADS-B) Revision 18

TERMS OF REFERENCE Special Committee (SC) 209 Minimum Operational Performance Standards for ATCRBS/Mode S Transponder (Rev 6)

9/16/ CHG 213 VOLUME 3 GENERAL TECHNICAL ADMINISTRATION CHAPTER 61 AIRCRAFT NETWORK SECURITY PROGRAM

TERMS OF REFERENCE Special Committee (SC) 186 Automatic Dependent Surveillance Broadcast (ADS-B) Revision 22

RTCA SC-216 Aeronautical Systems Security

Applicability / Compatibility of STPA with FAA Regulations & Guidance. First STAMP/STPA Workshop. Federal Aviation Administration

Federal Aviation Administration. Summary

RNP AR APCH Approvals: An Operator s Perspective

U.S. DEPARTMENT OF TRANSPORTATION FEDERAL AVIATION ADMINISTRATION. National Policy

Certification Memorandum. Guidance to Certify an Aircraft as PED tolerant

Aviation Rulemaking Advisory Committee; Transport Airplane and Engine Issues; New Task

Advisory Circular. 1.1 Purpose Applicability Description of Changes... 2

Excerpts from ICAO PBCS Manual

WORKSHOP 1 ICAO RPAS Panel Working Group 1 Airworthiness

a. Regulations. Refer to the following regulations in 14 CFR generally applicable to satisfying or making a finding of compliance.

FAA/Industry Parts Forum. Ric Peri Vice President of Government & Industry Affairs Aircraft Electronics Association

TANZANIA CIVIL AVIATION AUTHORITY AIR NAVIGATION SERVICES INSPECTORATE. Title: CONSTRUCTION OF VISUAL AND INSTRUMENT FLIGHT PROCEDURES

Technical Standard Order

Policy Letter (PL) Global Positioning System (GPS) Equipment and Installation Approval

Civil Aircraft System Safety and Electromagnetic Compatibility

Special Conditions: Garmin International, Beechcraft Corporation Model 400A

GENERAL ADVISORY CIRCULAR

Subject: Automatic Dependent Surveillance-Broadcast (ADS-B) Operations and Operational Authorization

COVER SHEET. Reduced Vertical Separation Minimum (RVSM) Information Sheet Part 91 RVSM Letter of Authorization

Department of Defense DIRECTIVE

ICAO Provisions: Obligations for Certification Annex 6 Document 8335

Policy Letter (PL) Establishing the Certification Basis of Changed Aeronautical Products Interpretation and Policy

Memorandum of Understanding

Aero Design Battery Shop

1. SUMMARY 2. ADDITIONAL PARTICIPATION

Foreign Civil Aviation Authority Certifying Statements. AGENCY: Federal Aviation Administration (FAA), DOT.

2. CANCELLATION. AC 39-7B, Airworthiness Directives, dated April 8, 1987, is canceled.

The Aviation Rulemaking Committee is changing. how airworthiness directives are developed and implemented.

Explanatory Note to Decision 2015/019/R. CS-25 Amendment 17

Advisory Circular. Canada and United States Bilateral Aviation Safety Agreement Maintenance Implementation Procedures

INTERNATIONAL CIVIL AVIATION ORGANIZATION FIRST MEETING OF DIRECTORS OF CIVIL AVIATION OF THE CARIBBEAN REGION (CAR/DCA/1)

Technical Standard Order

Terms of Reference for a rulemaking task

Advisory Circular. En Route Area Navigation Operations RNAV 5 (Formerly B-RNAV) Aviation Safety Regulatory Framework Document No.

EUROPEAN COMMISSION DIRECTORATE-GENERAL FOR MOBILITY AND TRANSPORT

Advisory Circular AC19-1. Test Pilot Approvals 03 July Revision 0

TERMS OF REFERENCE RTCA Special Committee 228 Minimum Performance Standards for Unmanned Aircraft Systems (Rev 4) REQUESTORS:

Terms of Reference for a rulemaking task. Portable Electronic Devices (PEDs)

Policies for Certification, operation and maintenance of UAS Andres Eduardo Parra Catama Air Safety Inspector Civil Aviation Authority of Colombia

FAA/HSAC PART 135 SYSTEM SAFETY RISK MANAGEMENT SAFETY ELEMENT TRAINING OF FLIGHT CREWMEMBERS JOB AID Revision 1

TABLE OF CONTENTS 1.0 INTRODUCTION...

RECOMMENDED FIELD APPROVAL APPLICATION Portland Flight Standards District Office

COVER SHEET. Reduced Vertical Separation Minimum (RVSM) Information Sheet Part 91 RVSM Letter of Authorization

AIRWORTHINESS ADVISORY CIRCULAR

Advisory Circular. 1.1 Purpose Applicability Description of Changes... 2

Weather Technology in the Cockpit (WTIC) Planning and Status Update

Removal of Category IIIa, IIIb, and IIIc Definitions; Confirmation of Effective Date and Response to Public Comments

Amendment Docket No. FAA ; Directorate Identifier 2010-NM-122-AD

Notice of Policy Change for the Use of FAA Approved Training Devices

Advisory Circular. Automatic Dependent Surveillance - Broadcast

UNMANNED AIRCRAFT PROVISIONS IN FAA REAUTHORIZATION BILL

7/27/ CHG 605 VOLUME 4 AIRCRAFT EQUIPMENT AND OPERATIONAL AUTHORIZATIONS

SUMMARY REPORT ON THE SAFETY OVERSIGHT AUDIT FOLLOW-UP OF THE DIRECTORATE GENERAL OF CIVIL AVIATION OF KUWAIT

Terms of Reference for a rulemaking task

Portable electronic devices

Glossary and Acronym List

AIRPORT PLANNING. Joseph K CHEONG. Lima, September 2018

Advisory Circular. Application Guidelines for Helicopter FAA to TCCA Licence Conversion Agreement. Z U Issue No.: 01

FINAL REPORT OF THE USOAP CMA AUDIT OF THE CIVIL AVIATION SYSTEM OF THE KINGDOM OF NORWAY

Certification of Rotorcraft and FHA Process

E-Enabled Vision & Strategy

April 3, Subject: Instructions for Continued Airworthiness. To Whom It May Concern:

Unmanned Aircraft Operations in the National Airspace System. AGENCY: Federal Aviation Administration (FAA), DOT.

An advisory circular may also include technical information that is relevant to the standards or requirements.

A CONOPS for DFMC GNSS Dual Frequency Multi Constellation Global Navigation Satellite System

CIVIL AVIATION AUTHORITY, PAKISTAN OPERATIONAL CONTROL SYSTEMS CONTENTS

EFB Wireless Connectivity & Security Considerations

[Docket No. FAA ; Directorate Identifier 2012-NM-006-AD; Amendment ; AD ]

Asia Pacific Regional Aviation Safety Team

Federal Aviation Regulations. Ric Peri VP Government & Industry Affairs Aircraft Electronics Association

DP-7 The need for QMS controlled processes in AIS/AIM. Presentation to QMS for AIS/MAP Service Implementation Workshop Dakar, Senegal, May 2011

International Civil Aviation Organization SECRETARIAT ADMINISTRATIVE INSTRUCTIONS ON THE IMPLEMENTATION OF THE ICAO CIVIL AVIATION TRAINING POLICY

[Docket No. FAA ; Product Identifier 2017-NE-21-AD; Amendment ; AD ]

Advisory Circular. Exemption from subsection (2) and paragraph (1)(e) of the Canadian Aviation Regulations

U.S. DEPARTMENT OF TRANSPORTATION FEDERAL AVIATION ADMINISTRATION National Policy

NZQA unit standard version 3 Page 1 of 5. Apply knowledge of air law to the certification of aeronautical maintenance

NZQA unit standard version 3 Page 1 of 5. Apply knowledge of avionics to the certification of aeronautical maintenance

Airports and UAS: Integrating UAS into Airport Infrastructure and Planning

TERMS OF REFERENCE. Drone Advisory Committee (DAC) Role Name or Title Organization. Director, UAS Integration Office. Director, UAS Integration Office

AGUSTA S.P.A.

Special Conditions: CFM International, LEAP-1A and -1C Engine Models; Incorporation

Terms of Reference for a rulemaking task. Implementation of Evidence-Based Training within the European regulatory framework RMT.0696 ISSUE

Advisory Circular. Aircraft Certification Authority Based on Foreign Qualifications

AND. Change is in the Wind For the past couple of years, the

[Docket No. FAA ; Product Identifier 2018-NM-179-AD; Amendment ; AD ]

MONTEREY REGIONAL AIRPORT MASTER PLAN TOPICAL QUESTIONS FROM THE PLANNING ADVISORY COMMITTEE AND TOPICAL RESPONSES

ROLLS-ROYCE DEUTSCHLAND LTD AND CO KG (RRD)

MULTIDISCIPLINARYMEETING REGARDING GLOBAL TRACKING

Federal Aviation. Administration Unmanned Aircraft Human Factors Research Program. Federal Aviation Administration

BELL HELICOPTER TEXTRON (BELL)

GENERAL REGULATORY CRITERIA Regulatory Experience and Expertise

DEPARTMENT OF CIVIL AVIATION Airworthiness Notices EXTENDED DIVERSION TIME OPERATIONS (EDTO)

Amendment Docket No. FAA ; Directorate Identifier 2011-NM-234-AD

RPAS/UAS Challenges in ATM. Peter Tannhäuser. Head of Legal Service 15 July 2015

Transcription:

RTCA Paper No. 090-18/PMC-1733 March 22, 2018 TERMS OF REFERENCE Special Committee (SC) 216 Aeronautical Systems Security (Revision 8) REQUESTORS: Boeing Commercial Airplanes Organization Person Munir Orgun, Electronic Systems Chief Engineer SC LEADERSHIP: Position Name Affiliation Telephone email Change Chair David Pierce General Electric Aviation (616) 241-7507 dave.pierce3@ge.com Co-Chair Dan Johnson, Honeywell DFO Secretary Varun Khanna Siobvan Nyikos FAA/670 (425) 227-1298 Varun.khanna@faa.gov Transport Airplane Directorate Boeing Commercial Aircraft (425) 965-8774 siobvan.m.nyikos@ boeing.com BACKGROUND: Prior to 2007, existing aircraft system safety guidance did not specifically address airborne network and data security issues, which results in non-standardized and potentially inequitable agreements between the various applicants and the various regulatory agencies on an acceptable process and means of compliance for ensuring safe, secure and efficient aircraft network design and operations. This Special Committee is needed to bring together aircraft manufacturers and systems designers, CNS/ATM systems designers and operators, airlines maintenance and operations personnel and government (primarily civil aviation authorities) to form a consensus and document guidance for security of aircraft systems. The PMC established Special Committee 216 (SC-216) on June 26, 2007, in response to a request by Boeing to provide guidance for compliance with new Special Conditions for airplane systems information security. SC-216 has produced three documents, DO-326A, DO-355, and DO-356 to address development, certification, and continuing airworthiness processes and methods guidance. 1

EUROCAE committee WG-72 has produced 3 similar documents; ED-202A which is the same as DO- 326A, ED-204 which is the same as DO-355, and ED-203 which contains significant differences from DO-356. The differences in ED-203 and DO-356 are currently not aligned between the two groups and additional work is needed to harmonize the two documents. The Aviation Rulemaking Advisory Committee (ARAC) Aeronautical Systems Information Security Protection (ASISP) Working Group desires to utilize the work of SC-216 in its recommendations but that requires harmonization of the concepts in DO-356 and ED-203. DELIVERABLES: Product Description Due Date Change Revise DO-356, Airworthiness Security Methods and Considerations The document should update guidance for systems affected by security considerations. The changes should be limited to and informed by the ARAC ASISP Final Report and should be harmonized with ED-203. Dec 2017 The revision of DO-356 should be limited to and informed by the ARAC ASISP final report. SC-216 should work with EUROCAE WG-72 to harmonize the following topics within DO-356 and EUROCAE ED-203 as limited to the recommendations of the ARAC ASISP: 1. Provide a definition of what assets have to be protected based on Safety Effect, determined by security assessment. 2. Provide a definition of intentional unauthorized electronic interaction in the guidance. 3. Provide guidance on how to identify security risk, including guidance on what is trusted in the security environment. 4. Provide a harmonized risk acceptability matrix, taking credit from previously accepted matrices as appropriate. 5. Provide guidance on how to demonstrate that residual risk is acceptable. 6. Provide guidance on how type design changes should be considered (such as STCs), including those without access to OEM data. 7. Define what constitutes acceptable certification evidence. 8. Define the scope of security Instructions for Continuing Airworthiness, including additional Design Approval Holder (DAH) guidance as appropriate. 9. Provide guidance for event logging and compliance with 14 CFR 21.3. 10. Define the role of trust in the security environment, including which service providers may or may not be trusted. SCOPE: The scope of this committee is the type certification for airworthiness, instructions for continued airworthiness (ICA), and operational implementation of the ICA, (hereinafter referred to as continuing airworthiness) of installed aircraft systems connected to an aircraft electronic network. The committee will address conditions, including latent conditions, where the security of the system interfaces or information crossing those interfaces may cause or contribute to a failure condition that impacts aircraft safety of flight - excluding communication, navigation, and surveillance services managed by US Federal agencies or their international equivalents. The material developed by this SC will encompass the following: 2

a. Security threats can be identified as those that impact aircraft safety, operations, and maintenance, and those that have business or privacy implications, but no impact on safety of flight. Operations and maintenance issues may have different security considerations from the traditional safety related analyses. This SC will only develop guidance material that addresses installed aircraft systems when the airworthiness and safety of flight of those systems has been impacted by information security threats from non-installed systems. Business or privacy security concerns will be considered only when they have a safety effect on continuing airworthiness. b. Aircraft systems and equipment: i. All aircraft systems electronic equipment. ii. Electronic networks used for on-board data exchange and for information exchange with systems external to the airplane, and data exchange with portable devices. c. Assumptions about and considerations for the impact of security on aircraft systems and equipment from aircraft external systems, including, as necessary, means for the evaluation and assessment of such systems in terms useful to airborne security processes. The following systems will be considered, but only the portions that have an effect on aircraft safety, aircraft operations security, or maintenance security: i. Airline-owned systems ii. Airport-owned systems iii. Private network service providers The SC will not address: a. Other aspects of safety already addressed in existing guidance material, such as AC/AMJ 25.1309, ARP 4754, DO-178B, DO-278, and DO-254, except to the extent where there is a reliance on those other means of compliance. b. Physical security or physical attacks on the aircraft (or ground element) c. Airport, Airline or Air Traffic Service Provider security (e.g., access to airplanes, ground control facilities, data centers, etc.) d. Communication, navigation, and surveillance services managed by US Federal agencies or their international equivalents (for example; GPS, SBAS, GBAS, ATC data communications, ADS-B, etc.). e. Business or privacy concerns that have no safety effect on continuing airworthiness. ENVISIONED USE OF DELIVERABLE(S) The Airworthiness Security Process Specification, the Information Security Guidance for Continuing Airworthiness, and Airworthiness Security Methods and Considerations documents are intended to be used by the FAA and other civil aviation authorities (CAAs) as an acceptable means of addressing the security-related safety, operational, and maintenance security aspects of aircraft systems. It is envisioned that the documents would be invoked by an Advisory Circular for applicable aircraft types for certification. The continuing airworthiness document would be invoked by an Advisory Circular for operators responsible for operating and maintaining a secure aircraft system. The ARAC ASISP committee is currently working to determine the appropriate use of these documents. SPECIFIC GUIDANCE: The special committee should develop guidance material that, at a minimum: a. Provides processes and methods for assessing system networks for security threats and to identify specific Aeronautical Networked System Security Issues. b. Identifies network and data security issues that may impact aircraft safety and those where the impact is more business or privacy related, but has a safety effect on continuing airworthiness. 3

c. Establishes assurance levels for security that relate to existing safety assurance (e.g., AC/AMJ 25.1309) criteria and levels and provides objectives for evaluating network security implementations d. Contains acceptable methods of demonstrating system safety when security issues impact aircraft systems. e. Addresses recording and responding to security events and guidelines for operations, continued operational safety and maintenance of security features. f. Addresses the requirements and guidance for post-response recovery, including identification of affected systems, restoration of system configurations, notification requirements, and other related activities. g. Will help aircraft manufacturers, system developers, and operators ensure their systems comply with the guidance material and maintain required levels of safety where security vulnerabilities have been identified. h. Identify attributes and characteristics of architectures and designs that constitute good practice, or which should be considered as basic to aeronautical security implementations. During preparation of its deliverables, the SC should: 1. Emphasize that security should be considered early in the aircraft and network design and from an aircraft systems perspective. 2. Recognize the international implications of Aeronautical Network System Security and that aircraft operate globally. 3. Consider emerging technologies and systems. 4. Consider establishing a Security Domain Reference Model as a means to classify the effect of Aeronautical Network Systems Security Issues. 5. Develop, to the extent possible, an approach (or approaches) that accommodate changes in technology and that recognizes that aeronautical network system security is an on-going process (continuing airworthiness) and more involved than a single point-in-time analysis (operations, maintenance of security features). The material should focus on security objectives rather than specific solutions that may become obsolete. 6. Consider the unique role that cryptographic technology plays in typical network security architectures. Determine what design and operational compliance methods are appropriate and adequate for the application of this technology to safety-related functions. 7. Recognize that today, the airworthiness of Aeronautical Networked Systems is largely maintained by Airline processes and procedures approved by regulatory agencies, and that Aeronautical Network System Security will likely be maintained in a similar manner by the same people. ICC Coordination Complete. EUROCAE Coordination - RTCA SC-216 will coordinate with EUROCAE WG72 to the extent practical. Specifically, the committee will work to harmonize EUROCAE ED203 with RTCA DO-356 as limited to the recommendations of the ARAC ASISP. 4

Initial Documentation Documents FIPS 140-2, Security Requirements for Cryptographic Modules FIPS 199, Standards for Security Categorization of Federal Information and Information Systems FIPS 200, Minimum Security Requirements for Federal Information and Information Systems NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems NIST SP 800-64, Security Considerations in the Information System Development Life Cycle NIST SP 800-30, Risk Management Guide for Information Technology Systems NIST SP 800-23, Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products NIST SP 800-53, Recommended Security Controls for Federal Information Systems ARAC ASISP Final Report, " Recommendations regarding ASISP rulemaking, policy, and guidance on best practices for airplanes and rotorcraft including both certification and continued airworthiness" expected to be complete by August 2016 Intended Use The Special Committee should examine the guidance provided by these documents when developing the committee products. TERMINATION: Activities of Special Committee 216 will terminate with approval by the PMC of the committee s final documents listed in the Terms of Reference. Any change/extension of a committee s work program requires prior PMC approval. 5

2024 © travelsdocbox.com Privacy Policy | Terms of Service | Feedback