Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
RTCA SCRTCA SC--216216Aeronautical Systems Aeronautical Systems
SecuritySecurity
FAA SW&AEHFAA SW&AEHAug 20Aug 20--21, 200821, 2008
Denver, CODenver, CO
Presented by: Dr. Daniel P. Johnson, CoPresented by: Dr. Daniel P. Johnson, Co--Chair RTCA SCChair RTCA SC--216216Contact: Contact: [email protected]@honeywell.com
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 22
TopicsTopicsRTCA SCRTCA SC--216, "Aeronautical Systems Security"216, "Aeronautical Systems Security"EUROCAE WGEUROCAE WG--72, "Aeronautical Systems Security"72, "Aeronautical Systems Security"Tasks and ScheduleTasks and Schedule
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 33
SCSC--216 Tasks216 TasksDocument guidance for a network security assurance process and Document guidance for a network security assurance process and acceptable means of compliance for safe, secure and efficient aiacceptable means of compliance for safe, secure and efficient aircraft rcraft network design and operationsnetwork design and operationsDevelop guidelines for good practices and compliance with the guDevelop guidelines for good practices and compliance with the guidanceidanceServe as a resource and coordinator for securityServe as a resource and coordinator for security--related issues and related issues and solutions with all RTCA Special Committeessolutions with all RTCA Special CommitteesCoordinate with other groups and organizationsCoordinate with other groups and organizations
Nature of coordination may vary for different groupsNature of coordination may vary for different groupsActively pursue formation of a joint activity with EUROCAE WG 72Actively pursue formation of a joint activity with EUROCAE WG 72..
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 44
WGWG--72: Objectives72: ObjectivesO1 O1 -- Define data security context & issuesDefine data security context & issues related to Air related to Air Transportation System (ATS)Transportation System (ATS)
O2 O2 -- Provide Provide methodology / guidelinesmethodology / guidelines to support ATS stakeholders to support ATS stakeholders in managing (assessing and treating) security issuesin managing (assessing and treating) security issues
O3 O3 -- Provide Provide means of compliancemeans of compliance with:with:O3O3––1 1 Airworthiness regulations Airworthiness regulations (airworthiness and continuing (airworthiness and continuing airworthiness)airworthiness)O3O3––2 Non airworthiness related national or international regulation2 Non airworthiness related national or international regulations & s & lawslaws
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 55
Is there an aircraft Is there an aircraft infosecurityinfosecurity problem?problem?
Not if we do our Not if we do our job properly!job properly!
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 66
Safety / Security OverlapSafety / Security Overlap
Effects from:• Environment• Failures• Human error• External dependencies• Malicious Activity
Safety AssessmentScope
Security AssessmentScope
Product Development
• Product Assurance• Technical controls• Operational dependencies• Operational controls
• Policies• Procedures• Training• Monitoring
IT System Development
Part
25A
CO
/ M
anuf
actu
rer
Part
121
PI /
Airl
ine
/ AEG
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 77
European airworthiness regulationsEuropean airworthiness regulations
Continuing AirworthinessGetting Airworthiness
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 88
Air Transportation SystemAir Transportation System
Wide AreaNetwork
Service ProviderNetworks
Internet
Local AreaNetwork
Wide AreaNetwork
Service ProviderNetworks
Internet
Local AreaNetwork
AirportOperations Maintenance
Operations
Airline FlightOperations
PassengerServices
Manufacturers
ATSOperations
Airline GroundOperations
Airline ITInfrastructure
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 99
US Regulatory ScopeUS Regulatory Scope
Wide AreaNetwork
Service ProviderNetworks
Internet
Local AreaNetwork
Wide AreaNetwork
Service ProviderNetworks
Internet
Local AreaNetwork
AirportOperations Maintenance
Operations
Airline FlightOperations
PassengerServices
Manufacturers
ATSOperations
Airline GroundOperations
Airline ITInfrastructure
Operational
Type Design
FAA Controlled
Unregulated
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 1010
A Functional Look at the Externalities A Functional Look at the Externalities (courtesy of ARINC 664 part 5)(courtesy of ARINC 664 part 5)
OtherOtherFunctionsFunctions Airline OperationsAirline Operations RolesRoles SecuritySecurityResponsibilityResponsibility
Passenger-ownedDevices
Passenger-ownedDevices
ComputingDevices
Wireless Devices(Cellular, PDAs)
::
GamingDevices
PassengerInformation andEntertainment
Services Domain
PassengerInformation andEntertainment
Services Domain
Air-GroundNetwork Interface
In-FlightEntertainment
PassengerInternet
On-boardWeb Access
Passenger DeviceInterface
Broadband /Cellular
Airline InformationServices Domain
Airline InformationServices Domain
Air-GroundNetwork Interface
AdministrativeFunctions
FlightSupport
CabinSupport
MaintenanceSupport
Wireless LAN
Aircraft ControlDomain
Aircraft ControlDomain
Flight andEmbedded
Control Systems
Cabin CoreSystems
Air-GroundNetwork Interface
VHF / HF /SATCOM
Control the AircraftControl the Aircraft Operate the AircraftOperate the Aircraft Inform and Entertain the PassengersInform and Entertain the Passengers
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 1111
Regulatory ProcessesRegulatory ProcessesRegulatory Handoff for Aeronautical Systems Security
Reg
ulat
orA
ccre
dita
tion
Non
certi
fied/
Non
accr
edite
dS
elf-
Acc
redi
tatio
nG
roun
dwor
thin
ess
Cer
tific
atio
nA
irwor
thin
ess
Cer
tific
atio
n
Airborne Components Airborne Systems
Ground Components Ground Systems
Airspace Traffic Management and Control
Airport operations
Noncertified SystemsAircraft Business Operation
and Administration
Aircraft Dispatch and Maintenance
Noncertified Components
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 1212
WGWG--72 : Document Structure72 : Document Structure
Sys. Dev. Life-cycleSafety
Spec
ific
Module 1
Scope :
• Airborne part of the Aeronautical system
• Human deliberate/accidental aggressions
• Interactions between safety and security
Airworthiness
- Gen
eric -
Usefu
l for a
ny se
curity
relat
ed st
akes
(Safe
ty
and b
usine
ss)
Module ?
• Security assurance requirement
• Security evaluation
Item Assurance
GNDA/C
“Ground-worthiness”
Scope : Ground part of the aeronautical
system
Module 2Methodologies
Initial Scope : Safety and regularity of flight
Final Scope : Any security risk
Air transportation system security reference model Module 5
Not
Populated
yet
Security control
operation and management
• Information gathering/ storage/download/processing /…
• Security incidents response
• Crisis Management
Module 4
Scope : All security controls with a special consideration for cryptography
• Levels of control & management related to the “criticality” of the security control to be addressed…
Scope : Aircraft and Ground
Detection
/Reaction
/Recovery
Module 0: Coordination/links with other WGs/SCs and with A.A.
Assumptions
Objectives
Not in
First
Release
Not in
First
Release
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 1313
Process of ProcessesProcess of ProcessesProcess of Processes for Aeronautical Systems Security
Module 5 Module 1 & 2 Module 4R
egul
ator
sO
pera
tors
Sup
plie
rsO
vers
ight
Initiation and System Study
Certification Accreditation Accreditation
Risk Management
Operation and Support
Assessment
Develoment and Implementation
Operation and Support
Risk Management
Agreements
Conditions
Requirements
Evidence
Evidence
RequirementsApproval
Evidence
Validation
Approval
Evidence
Product Handoff
Certificate
Agreements
Conditions
Requirements
Evidence
UpdateApproval
Evidence
Approval
Evidence
Update
Evidence
Product Support
ProductHandoff
Reports
Update
Product Support
Approval
CoordinatedIncident
Response
Reports
Summaries andRecommendations
CoordinatedIncident
Response
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 1414
ARP 4761(System Safety Assessment process)
ED-79/ ARP 4754(System development life-cycle: Inception/
Development/ Implementation)
ED 12/ DO-178
(Software development life-cycle)
DO-254(HW development life-cycle)
ARP 5150(System development life-cycle:
Operation/ Support/ Maintenance/ Admin./ Disposal)
WG72 Module 1: Airworthiness SecurityWG72 Module 1: Airworthiness Security
AIRWORTHINESS
(System Security Assessment process)
INCLUDING DATA SECURITY
Scope of Module 1
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 1515
Airworthiness Process FrameworkAirworthiness Process Framework
Concepts + Externalities
Requirements + Externalities + Development Environment
Architecture + Objectives + Preliminary Assessment
Requirements + Externalities + Development Environment
Architecture + Objectives + Preliminary Assessment
Requirements + Externalities + Development Environment
Implementation + Guidance + External Agreements
Integration + Verification + Final Assessment
Implementation + Guidance + External Agreements
Integration + Verification + Final Assessment
Implementation + Guidance + External Agreements
Type-certified Aircraft + Guidance + External
Agreements
Aircraft
System
Item
Design, Build, Procure, Assure
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 1616
Process Compliance (sample)Process Compliance (sample)
System Guidance and External AgreementsSystem Guidance and External AgreementsSystem Guidance correct and complete.System Guidance correct and complete.System Guidance consistent and sufficient for System ExternalitiSystem Guidance consistent and sufficient for System Externalities.es.System Guidance consistent and sufficient for System ImplementatSystem Guidance consistent and sufficient for System Implementation.ion.System Guidance consistent and sufficient consideration of Item System Guidance consistent and sufficient consideration of Item Guidance.Guidance.System Guidance consistent and sufficient consideration of Item System Guidance consistent and sufficient consideration of Item External External Agreements.Agreements.System External Agreements correct and complete.System External Agreements correct and complete.System External Agreements consistent and sufficient for System System External Agreements consistent and sufficient for System Externalities.Externalities.System External Agreements consistent and sufficient for System System External Agreements consistent and sufficient for System Implementation.Implementation.System External Agreements consistent and sufficient consideratiSystem External Agreements consistent and sufficient consideration of Item on of Item Guidance.Guidance.System External Agreements consistent and sufficient consideratiSystem External Agreements consistent and sufficient consideration of Item on of Item External Agreements.External Agreements.
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 1717
Evidence Compliance (sample)Evidence Compliance (sample)
External AgreementsExternal Agreements Assumptions and requirements for the purpose Assumptions and requirements for the purpose of coordinating roles and responsibilities between dependent sysof coordinating roles and responsibilities between dependent systems and external tems and external actors. Includesactors. Includes
interface control documents,interface control documents,data flows,data flows,assumptions on operations, countermeasures, policies and proceduassumptions on operations, countermeasures, policies and procedures that are res that are not included in user guidance.not included in user guidance.See also User Guidance.See also User Guidance.
User GuidanceUser Guidance Specifications and requirements for the secure Specifications and requirements for the secure preparation, use, and administration of a system or item by an opreparation, use, and administration of a system or item by an operator. These are perator. These are the restrictions or requirements on the policies and procedures the restrictions or requirements on the policies and procedures needed to satisfy the needed to satisfy the security objectives. Includes all relevant requirements for polisecurity objectives. Includes all relevant requirements for polices and procedures ces and procedures involvinginvolving
preparation,preparation,use, use, administration, administration, maintenance, maintenance, disposaldisposal
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 1818
Classification Compliance (ongoing)Classification Compliance (ongoing)
Definitions and Matrices for Classifying and AssigningDefinitions and Matrices for Classifying and AssigningImpact (Catastrophic, Hazardous, Major, Minor, NoImpact (Catastrophic, Hazardous, Major, Minor, No--Effect)Effect)Threat Likelihood (Extremely Improbable, Extremely Remote, Threat Likelihood (Extremely Improbable, Extremely Remote, Remote, Probable, Frequent)Remote, Probable, Frequent)Security Level (A, B, C, D, E)Security Level (A, B, C, D, E)Risk Level (High, Medium, Low)Risk Level (High, Medium, Low)Attack Potential (under discussion) Attack Potential (under discussion)
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 1919
WGWG--72: Module 472: Module 4–– Operational ComplianceOperational Compliance
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 2020
WGWG--72 Module 5: ATS Domain Model72 Module 5: ATS Domain Model
Aircraft
Airport
ANSPs
Government
Agencies
Service
Providers
Aircraft
Manufacturer
Airline
The Air TransportationSystem InformationReference model
Information Asset IdentificationInformation Asset Identification
Step 1Step 1
Information Asset Model
Information Asset Model Inventory of Information
Assets
Inventory of Information
Assets
IA Security Value &
Safety Impact Assessment
IA Security Value &
Safety Impact Assessment
Input to Module 1&2 Risk Analysis
Input to Module 1 Risk Analysis
Step 2Step 2 Step 3Step 3 Step 4Step 4
IA Implementation Options and Threat
Identification
IA Implementation Options and Threat
Identification
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 2121
TimelineTimeline
1/1/2006 12/31/2006
2/1/2006 3/1/2006 4/1/2006 5/1/2006 6/1/2006 7/1/2006 8/1/2006 9/1/2006 10/1/2006 11/1/2006 12/1/2006
1/1/2007 12/31/2007
2/1/2007 3/1/2007 4/1/2007 5/1/2007 6/1/2007 7/1/2007 8/1/2007 9/1/2007 10/1/2007 11/1/2007 12/1/2007
1/1/2008 12/31/2008
2/1/2008 3/1/2008 4/1/2008 5/1/2008 6/1/2008 7/1/2008 8/1/2008 9/1/2008 10/1/2008 11/1/2008 12/1/2008
1/1/2009 12/31/2009
2/1/2009 3/1/2009 4/1/2009 5/1/2009 6/1/2009 7/1/2009 8/1/2009 9/1/2009 10/1/2009 11/1/2009 12/1/2009
WG-72
SC-216
WG-72
WG-72
WG-72
WG-72
WG-72
WG-72 WG-72 WG-72
WG-72
WG-72SC-216
SC-216 SC-216
WG-72
12/15/2009Documents Prepared
2006
2007
2008
2009
SC-216 SC-216
SC-216
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 2222
EUROCAE Document Release ProcessEUROCAE Document Release Process
ED Draft V1 (Working Group approval by consensus)ED Draft V1 (Working Group approval by consensus)Open Consultation preparation (Open Consultation preparation (EurocaeEurocae Secretariat prepares this): 1Secretariat prepares this): 1--4 4 weeksweeksOpen Consultation (comments sheet filled by the Civil Aviation COpen Consultation (comments sheet filled by the Civil Aviation Community): ommunity): 44--6 weeks6 weeksED Draft V2 (Comments resolution by the WG): 4ED Draft V2 (Comments resolution by the WG): 4--6 weeks6 weeksFinal approval Preparation (Final approval Preparation (EurocaeEurocae Secretariat formats Final ED): 3Secretariat formats Final ED): 3--4 4 weeksweeksEurocaeEurocae Council Approval (Council Approval ED Draft V2 + Comment Council Approval (Council Approval ED Draft V2 + Comment resolution summary)resolution summary)EDED--XX PublicationXX Publication
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 2323
EUROCAE Document TypesEUROCAE Document Types
Minimum Aviation System Performance Specification (MASPS)Minimum Aviation System Performance Specification (MASPS)Operational Services and Environment Definition (OSED)Operational Services and Environment Definition (OSED)Safety and Performance Requirements (SPR) specificationSafety and Performance Requirements (SPR) specificationInteroperability (INTEROP) requirements specificationInteroperability (INTEROP) requirements specificationProcess SpecificationProcess SpecificationMinimum Operational Performance Specification (MOPS)Minimum Operational Performance Specification (MOPS)Technical SpecificationTechnical SpecificationGuidance DocumentGuidance DocumentReportReport
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 2424
Committee LeadershipCommittee LeadershipCoCo--chairmanchairman CoCo--chairmanchairman RTCA Program RTCA Program
DirectorDirectorDesignated Federal Designated Federal OfficialOfficial
PersonPerson Chuck RoyaltyChuck Royalty Daniel JohnsonDaniel Johnson Harold MosesHarold Moses
RTCARTCA
202202--833833--93399339
[email protected]@rtca.org
Raymond Raymond DecerchioDecerchio
OrganizationOrganization Boeing Boeing Commercial Commercial AirplanesAirplanes
Honeywell Honeywell Aerospace Aerospace Electronic SystemsElectronic Systems
Technical Programs Technical Programs and Continued and Continued Airworthiness Branch, Airworthiness Branch, AIRAIR--120120
PhonePhone 425425--294294--16911691 612612--951951--74277427 202202--267267--30953095
FaxFax 425425--717717--50525052 612612--951951--74387438 202202--267267--53405340
EmailEmail chuck.royaltychuck.royalty@@boeing.comboeing.com
[email protected]@honeywell.comhoneywell.com
Raymond Raymond [email protected]@faa.gov
See www.rtca.org for Meeting Calls and Terms of Reference
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 2525
ChairmanChairman: X. Depin (AIRBUS SAS): X. Depin (AIRBUS SAS)SecretarySecretary: A. Tarter (Ultra Electronics): A. Tarter (Ultra Electronics)
MembersMembers::AIRBUS/ BOEINGAIRBUS/ BOEINGTHALES avionics/ THALES information systems/ RINICOM/ HONEYWELLTHALES avionics/ THALES information systems/ RINICOM/ HONEYWELLROCKWELL COLLINSROCKWELL COLLINS--F/ SAFRANF/ SAFRANFAA/ CAAFAA/ CAA--Netherlands/ DGAC/ EUROCONTROL/ NLRNetherlands/ DGAC/ EUROCONTROL/ NLRSAFEE/ ERNST&YOUNG/University Of LeedsSAFEE/ ERNST&YOUNG/University Of LeedsBAE Systems/ Green Hills Software/ Ultra ElectronicsBAE Systems/ Green Hills Software/ Ultra ElectronicsHELIOS TECHNOLOGY/ CARILLON IS/ QINETIQHELIOS TECHNOLOGY/ CARILLON IS/ QINETIQUS Department Of Transportation (DOT)US Department Of Transportation (DOT)-- Volpe CenterVolpe CenterCESGCESG……
WGWG--72: Participants72: Participants
See www.eurocae.eu for further information.
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 2626
Upcoming Meeting DatesUpcoming Meeting DatesWGWG--7272
1414--16 Oct16 Oct, Paris, FR, Paris, FR
SCSC--21621699--11 Sept11 Sept , Washington DC, Washington DC44--6 Nov 6 Nov , Washington DC, Washington DC1313--15 January 2009 15 January 2009 , Washington DC, Washington DC
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 2727
LiaisoningLiaisoning and Coordinationand CoordinationSCSC--216 and 216 and EurocaeEurocae WGWG--72, Aeronautical Systems Security72, Aeronautical Systems Security
Joint members, including chairsJoint members, including chairsLeadership discussions pursuing joint activitiesLeadership discussions pursuing joint activities
ATA JCG, Joint CoATA JCG, Joint Co--Ordination GroupOrdination GroupJoint membersJoint membersCommon calendar between security committees and eventsCommon calendar between security committees and events
ATA DSWG, Digital Security Working GroupATA DSWG, Digital Security Working GroupJoint membersJoint members
RTCA SCRTCA SC--205/Eurocae WG205/Eurocae WG--71, Software Considerations71, Software ConsiderationsDesignated liaison memberDesignated liaison member
RTCA SCRTCA SC--203, Unmanned Aircraft Systems203, Unmanned Aircraft SystemsDesignated liaison memberDesignated liaison member
AEEC NIS, Network Infrastructure and SecurityAEEC NIS, Network Infrastructure and SecurityJoint members, including chairsJoint members, including chairs
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 2828
Current ActivitiesCurrent ActivitiesSG2SG2 Airworthiness Security Process (SAAPM)Airworthiness Security Process (SAAPM)
EUROCAE WG72 EUROCAE WG72 –– Module 1Module 1Guidance for processes for aircraft certification Guidance for processes for aircraft certification Methods for processes for aircraft certificationMethods for processes for aircraft certificationMeans of compliance with aeronautical regulations, including butMeans of compliance with aeronautical regulations, including but not limited to not limited to FAR25.1309FAR25.1309
SG3SG3 Aircraft Network External Interface Security (MASPS)Aircraft Network External Interface Security (MASPS)EUROCAE WG72 EUROCAE WG72 –– Module 4 &5Module 4 &5
Guidelines for selecting, operating, and managing security contrGuidelines for selecting, operating, and managing security controlsolsGuidelines for managing security concerns involving external sysGuidelines for managing security concerns involving external systems and/or tems and/or organizationsorganizationsDesign & architecture guidelines for compliance with the processDesign & architecture guidelines for compliance with the processes & methodses & methods
e.g. layered protection, crew alerting, other aspects unique to e.g. layered protection, crew alerting, other aspects unique to aircraft design & aircraft design & operationoperation
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical Systems Security216 Aeronautical Systems Security 2929
WGWG--72: Current status72: Current statusModule 1, 4 and 5 materials circulated for WGModule 1, 4 and 5 materials circulated for WG--72 members internal 72 members internal
reviewreview::Module 1: Module 1: ““Air Worthiness Security Assessment ProcessAir Worthiness Security Assessment Process”” version 3.1version 3.1Module 4: Module 4: ““Security Control & OperationSecurity Control & Operation”” ref. 72ref. 72--44--0004 Draft V7.10004 Draft V7.1Module 5:Module 5:”” Air Transportation System Reference Model for Aeronautical Air Transportation System Reference Model for Aeronautical Information SecurityInformation Security”” Draft KDraft K
RTCA SC-216�Aeronautical Systems SecurityTopicsSC-216 TasksWG-72: ObjectivesIs there an aircraft infosecurity problem?Safety / Security OverlapEuropean airworthiness regulationsAir Transportation SystemUS Regulatory ScopeA Functional Look at the Externalities (courtesy of ARINC 664 part 5)Regulatory ProcessesWG-72 : Document StructureProcess of ProcessesWG72 Module 1: Airworthiness SecurityAirworthiness Process FrameworkProcess Compliance (sample)Evidence Compliance (sample)Classification Compliance (ongoing)WG-72: Module 4– Operational ComplianceWG-72 Module 5: ATS Domain ModelTimelineEUROCAE Document Release ProcessEUROCAE Document TypesCommittee LeadershipWG-72: ParticipantsUpcoming Meeting DatesLiaisoning and CoordinationCurrent ActivitiesWG-72: Current status