Europe’s civil aviation safety regulator is putting forward proposals for amend certification standards to introduce specific cybersecurity provisions for aircraft design.
The European Aviation Safety Agency says the proposals are intended to “mitigate” the potential effects of cybersecurity threats on safety.
“Aircraft systems are increasingly connected, and those interconnections are susceptible to new threats, which may potentially have catastrophic effects on the safety of air transport,” it says.
“All recently-designed large [aircraft] are known to be potentially sensitive to those airworthiness-related security threats due to the interconnectivity features of some of their avionic systems.”
Unauthorised access, denial or disruption of electronic information has the potential to affect the airworthiness of an aircraft, says EASA.
In the absence of dedicated provisions within Europe’s CS-25 certification standards framework, cybersecurity is addressed through special conditions requiring systems and networks to be assessed against potential threats posed by an information security breach.
EASA says it needs to consider the “state-of-the-art means of protection” against such threats when certifying new products or parts.
It is transposing the special conditions into specific parts of the certification framework.
These provisions would require applicants to show that possible security risks have been identified, assessed, and mitigated as necessary. EASA is inviting comments on the proposals before 22 May.