-
RTCA SCRTCA SC--216216Aeronautical Systems Aeronautical
Systems
SecuritySecurity
FAA SW&AEHFAA SW&AEHAug 20Aug 20--21, 200821, 2008
Denver, CODenver, CO
Presented by: Dr. Daniel P. Johnson, CoPresented by: Dr. Daniel
P. Johnson, Co--Chair RTCA SCChair RTCA SC--216216Contact: Contact:
[email protected]@honeywell.com
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 22
TopicsTopicsRTCA SCRTCA SC--216, "Aeronautical Systems
Security"216, "Aeronautical Systems Security"EUROCAE WGEUROCAE
WG--72, "Aeronautical Systems Security"72, "Aeronautical Systems
Security"Tasks and ScheduleTasks and Schedule
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 33
SCSC--216 Tasks216 TasksDocument guidance for a network security
assurance process and Document guidance for a network security
assurance process and acceptable means of compliance for safe,
secure and efficient aiacceptable means of compliance for safe,
secure and efficient aircraft rcraft network design and
operationsnetwork design and operationsDevelop guidelines for good
practices and compliance with the guDevelop guidelines for good
practices and compliance with the guidanceidanceServe as a resource
and coordinator for securityServe as a resource and coordinator for
security--related issues and related issues and solutions with all
RTCA Special Committeessolutions with all RTCA Special
CommitteesCoordinate with other groups and organizationsCoordinate
with other groups and organizations
Nature of coordination may vary for different groupsNature of
coordination may vary for different groupsActively pursue formation
of a joint activity with EUROCAE WG 72Actively pursue formation of
a joint activity with EUROCAE WG 72..
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 44
WGWG--72: Objectives72: ObjectivesO1 O1 -- Define data security
context & issuesDefine data security context & issues
related to Air related to Air Transportation System
(ATS)Transportation System (ATS)
O2 O2 -- Provide Provide methodology / guidelinesmethodology /
guidelines to support ATS stakeholders to support ATS stakeholders
in managing (assessing and treating) security issuesin managing
(assessing and treating) security issues
O3 O3 -- Provide Provide means of compliancemeans of compliance
with:with:O3O3––1 1 Airworthiness regulations Airworthiness
regulations (airworthiness and continuing (airworthiness and
continuing airworthiness)airworthiness)O3O3––2 Non airworthiness
related national or international regulation2 Non airworthiness
related national or international regulations & s &
lawslaws
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 55
Is there an aircraft Is there an aircraft
infosecurityinfosecurity problem?problem?
Not if we do our Not if we do our job properly!job properly!
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 66
Safety / Security OverlapSafety / Security Overlap
Effects from:• Environment• Failures• Human error• External
dependencies• Malicious Activity
Safety AssessmentScope
Security AssessmentScope
Product Development
• Product Assurance• Technical controls• Operational
dependencies• Operational controls
• Policies• Procedures• Training• Monitoring
IT System Development
Part
25A
CO
/ M
anuf
actu
rer
Part
121
PI /
Airl
ine
/ AEG
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 77
European airworthiness regulationsEuropean airworthiness
regulations
Continuing AirworthinessGetting Airworthiness
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 88
Air Transportation SystemAir Transportation System
Wide AreaNetwork
Service ProviderNetworks
Internet
Local AreaNetwork
Wide AreaNetwork
Service ProviderNetworks
Internet
Local AreaNetwork
AirportOperations Maintenance
Operations
Airline FlightOperations
PassengerServices
Manufacturers
ATSOperations
Airline GroundOperations
Airline ITInfrastructure
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 99
US Regulatory ScopeUS Regulatory Scope
Wide AreaNetwork
Service ProviderNetworks
Internet
Local AreaNetwork
Wide AreaNetwork
Service ProviderNetworks
Internet
Local AreaNetwork
AirportOperations Maintenance
Operations
Airline FlightOperations
PassengerServices
Manufacturers
ATSOperations
Airline GroundOperations
Airline ITInfrastructure
Operational
Type Design
FAA Controlled
Unregulated
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 1010
A Functional Look at the Externalities A Functional Look at the
Externalities (courtesy of ARINC 664 part 5)(courtesy of ARINC 664
part 5)
OtherOtherFunctionsFunctions Airline OperationsAirline
Operations RolesRoles
SecuritySecurityResponsibilityResponsibility
Passenger-ownedDevices
Passenger-ownedDevices
ComputingDevices
Wireless Devices(Cellular, PDAs)
::
GamingDevices
PassengerInformation andEntertainment
Services Domain
PassengerInformation andEntertainment
Services Domain
Air-GroundNetwork Interface
In-FlightEntertainment
PassengerInternet
On-boardWeb Access
Passenger DeviceInterface
Broadband /Cellular
Airline InformationServices Domain
Airline InformationServices Domain
Air-GroundNetwork Interface
AdministrativeFunctions
FlightSupport
CabinSupport
MaintenanceSupport
Wireless LAN
Aircraft ControlDomain
Aircraft ControlDomain
Flight andEmbedded
Control Systems
Cabin CoreSystems
Air-GroundNetwork Interface
VHF / HF /SATCOM
Control the AircraftControl the Aircraft Operate the
AircraftOperate the Aircraft Inform and Entertain the
PassengersInform and Entertain the Passengers
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 1111
Regulatory ProcessesRegulatory ProcessesRegulatory Handoff for
Aeronautical Systems Security
Reg
ulat
orA
ccre
dita
tion
Non
certi
fied/
Non
accr
edite
dS
elf-
Acc
redi
tatio
nG
roun
dwor
thin
ess
Cer
tific
atio
nA
irwor
thin
ess
Cer
tific
atio
n
Airborne Components Airborne Systems
Ground Components Ground Systems
Airspace Traffic Management and Control
Airport operations
Noncertified SystemsAircraft Business Operation
and Administration
Aircraft Dispatch and Maintenance
Noncertified Components
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 1212
WGWG--72 : Document Structure72 : Document Structure
Sys. Dev. Life-cycleSafety
Spec
ific
Module 1
Scope :
• Airborne part of the Aeronautical system
• Human deliberate/accidental aggressions
• Interactions between safety and security
Airworthiness
- Gen
eric -
Usefu
l for a
ny se
curity
relat
ed st
akes
(Safe
ty
and b
usine
ss)
Module ?
• Security assurance requirement
• Security evaluation
Item Assurance
GNDA/C
“Ground-worthiness”
Scope : Ground part of the aeronautical
system
Module 2Methodologies
Initial Scope : Safety and regularity of flight
Final Scope : Any security risk
Air transportation system security reference model Module 5
Not
Populated
yet
Security control
operation and management
• Information gathering/ storage/download/processing /…
• Security incidents response
• Crisis Management
Module 4
Scope : All security controls with a special consideration for
cryptography
• Levels of control & management related to the
“criticality” of the security control to be addressed…
Scope : Aircraft and Ground
Detection
/Reaction
/Recovery
Module 0: Coordination/links with other WGs/SCs and with
A.A.
Assumptions
Objectives
Not in
First
Release
Not in
First
Release
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 1313
Process of ProcessesProcess of ProcessesProcess of Processes for
Aeronautical Systems Security
Module 5 Module 1 & 2 Module 4R
egul
ator
sO
pera
tors
Sup
plie
rsO
vers
ight
Initiation and System Study
Certification Accreditation Accreditation
Risk Management
Operation and Support
Assessment
Develoment and Implementation
Operation and Support
Risk Management
Agreements
Conditions
Requirements
Evidence
Evidence
RequirementsApproval
Evidence
Validation
Approval
Evidence
Product Handoff
Certificate
Agreements
Conditions
Requirements
Evidence
UpdateApproval
Evidence
Approval
Evidence
Update
Evidence
Product Support
ProductHandoff
Reports
Update
Product Support
Approval
CoordinatedIncident
Response
Reports
Summaries andRecommendations
CoordinatedIncident
Response
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 1414
ARP 4761(System Safety Assessment process)
ED-79/ ARP 4754(System development life-cycle: Inception/
Development/ Implementation)
ED 12/ DO-178
(Software development life-cycle)
DO-254(HW development life-cycle)
ARP 5150(System development life-cycle:
Operation/ Support/ Maintenance/ Admin./ Disposal)
WG72 Module 1: Airworthiness SecurityWG72 Module 1:
Airworthiness Security
AIRWORTHINESS
(System Security Assessment process)
INCLUDING DATA SECURITY
Scope of Module 1
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 1515
Airworthiness Process FrameworkAirworthiness Process
Framework
Concepts + Externalities
Requirements + Externalities + Development Environment
Architecture + Objectives + Preliminary Assessment
Requirements + Externalities + Development Environment
Architecture + Objectives + Preliminary Assessment
Requirements + Externalities + Development Environment
Implementation + Guidance + External Agreements
Integration + Verification + Final Assessment
Implementation + Guidance + External Agreements
Integration + Verification + Final Assessment
Implementation + Guidance + External Agreements
Type-certified Aircraft + Guidance + External
Agreements
Aircraft
System
Item
Design, Build, Procure, Assure
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 1616
Process Compliance (sample)Process Compliance (sample)
System Guidance and External AgreementsSystem Guidance and
External AgreementsSystem Guidance correct and complete.System
Guidance correct and complete.System Guidance consistent and
sufficient for System ExternalitiSystem Guidance consistent and
sufficient for System Externalities.es.System Guidance consistent
and sufficient for System ImplementatSystem Guidance consistent and
sufficient for System Implementation.ion.System Guidance consistent
and sufficient consideration of Item System Guidance consistent and
sufficient consideration of Item Guidance.Guidance.System Guidance
consistent and sufficient consideration of Item System Guidance
consistent and sufficient consideration of Item External External
Agreements.Agreements.System External Agreements correct and
complete.System External Agreements correct and complete.System
External Agreements consistent and sufficient for System System
External Agreements consistent and sufficient for System
Externalities.Externalities.System External Agreements consistent
and sufficient for System System External Agreements consistent and
sufficient for System Implementation.Implementation.System External
Agreements consistent and sufficient consideratiSystem External
Agreements consistent and sufficient consideration of Item on of
Item Guidance.Guidance.System External Agreements consistent and
sufficient consideratiSystem External Agreements consistent and
sufficient consideration of Item on of Item External
Agreements.External Agreements.
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 1717
Evidence Compliance (sample)Evidence Compliance (sample)
External AgreementsExternal Agreements Assumptions and
requirements for the purpose Assumptions and requirements for the
purpose of coordinating roles and responsibilities between
dependent sysof coordinating roles and responsibilities between
dependent systems and external tems and external actors.
Includesactors. Includes
interface control documents,interface control documents,data
flows,data flows,assumptions on operations, countermeasures,
policies and proceduassumptions on operations, countermeasures,
policies and procedures that are res that are not included in user
guidance.not included in user guidance.See also User Guidance.See
also User Guidance.
User GuidanceUser Guidance Specifications and requirements for
the secure Specifications and requirements for the secure
preparation, use, and administration of a system or item by an
opreparation, use, and administration of a system or item by an
operator. These are perator. These are the restrictions or
requirements on the policies and procedures the restrictions or
requirements on the policies and procedures needed to satisfy the
needed to satisfy the security objectives. Includes all relevant
requirements for polisecurity objectives. Includes all relevant
requirements for polices and procedures ces and procedures
involvinginvolving
preparation,preparation,use, use, administration,
administration, maintenance, maintenance, disposaldisposal
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 1818
Classification Compliance (ongoing)Classification Compliance
(ongoing)
Definitions and Matrices for Classifying and
AssigningDefinitions and Matrices for Classifying and
AssigningImpact (Catastrophic, Hazardous, Major, Minor, NoImpact
(Catastrophic, Hazardous, Major, Minor, No--Effect)Effect)Threat
Likelihood (Extremely Improbable, Extremely Remote, Threat
Likelihood (Extremely Improbable, Extremely Remote, Remote,
Probable, Frequent)Remote, Probable, Frequent)Security Level (A, B,
C, D, E)Security Level (A, B, C, D, E)Risk Level (High, Medium,
Low)Risk Level (High, Medium, Low)Attack Potential (under
discussion) Attack Potential (under discussion)
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 1919
WGWG--72: Module 472: Module 4–– Operational
ComplianceOperational Compliance
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 2020
WGWG--72 Module 5: ATS Domain Model72 Module 5: ATS Domain
Model
Aircraft
Airport
ANSPs
Government
Agencies
Service
Providers
Aircraft
Manufacturer
Airline
The Air TransportationSystem InformationReference model
Information Asset IdentificationInformation Asset
Identification
Step 1Step 1
Information Asset Model
Information Asset Model Inventory of Information
Assets
Inventory of Information
Assets
IA Security Value &
Safety Impact Assessment
IA Security Value &
Safety Impact Assessment
Input to Module 1&2 Risk Analysis
Input to Module 1 Risk Analysis
Step 2Step 2 Step 3Step 3 Step 4Step 4
IA Implementation Options and Threat
Identification
IA Implementation Options and Threat
Identification
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 2121
TimelineTimeline
1/1/2006 12/31/2006
2/1/2006 3/1/2006 4/1/2006 5/1/2006 6/1/2006 7/1/2006 8/1/2006
9/1/2006 10/1/2006 11/1/2006 12/1/2006
1/1/2007 12/31/2007
2/1/2007 3/1/2007 4/1/2007 5/1/2007 6/1/2007 7/1/2007 8/1/2007
9/1/2007 10/1/2007 11/1/2007 12/1/2007
1/1/2008 12/31/2008
2/1/2008 3/1/2008 4/1/2008 5/1/2008 6/1/2008 7/1/2008 8/1/2008
9/1/2008 10/1/2008 11/1/2008 12/1/2008
1/1/2009 12/31/2009
2/1/2009 3/1/2009 4/1/2009 5/1/2009 6/1/2009 7/1/2009 8/1/2009
9/1/2009 10/1/2009 11/1/2009 12/1/2009
WG-72
SC-216
WG-72
WG-72
WG-72
WG-72
WG-72
WG-72 WG-72 WG-72
WG-72
WG-72SC-216
SC-216 SC-216
WG-72
12/15/2009Documents Prepared
2006
2007
2008
2009
SC-216 SC-216
SC-216
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 2222
EUROCAE Document Release ProcessEUROCAE Document Release
Process
ED Draft V1 (Working Group approval by consensus)ED Draft V1
(Working Group approval by consensus)Open Consultation preparation
(Open Consultation preparation (EurocaeEurocae Secretariat prepares
this): 1Secretariat prepares this): 1--4 4 weeksweeksOpen
Consultation (comments sheet filled by the Civil Aviation COpen
Consultation (comments sheet filled by the Civil Aviation
Community): ommunity): 44--6 weeks6 weeksED Draft V2 (Comments
resolution by the WG): 4ED Draft V2 (Comments resolution by the
WG): 4--6 weeks6 weeksFinal approval Preparation (Final approval
Preparation (EurocaeEurocae Secretariat formats Final ED):
3Secretariat formats Final ED): 3--4 4 weeksweeksEurocaeEurocae
Council Approval (Council Approval ED Draft V2 + Comment Council
Approval (Council Approval ED Draft V2 + Comment resolution
summary)resolution summary)EDED--XX PublicationXX Publication
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 2323
EUROCAE Document TypesEUROCAE Document Types
Minimum Aviation System Performance Specification (MASPS)Minimum
Aviation System Performance Specification (MASPS)Operational
Services and Environment Definition (OSED)Operational Services and
Environment Definition (OSED)Safety and Performance Requirements
(SPR) specificationSafety and Performance Requirements (SPR)
specificationInteroperability (INTEROP) requirements
specificationInteroperability (INTEROP) requirements
specificationProcess SpecificationProcess SpecificationMinimum
Operational Performance Specification (MOPS)Minimum Operational
Performance Specification (MOPS)Technical SpecificationTechnical
SpecificationGuidance DocumentGuidance DocumentReportReport
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 2424
Committee LeadershipCommittee LeadershipCoCo--chairmanchairman
CoCo--chairmanchairman RTCA Program RTCA Program
DirectorDirectorDesignated Federal Designated Federal
OfficialOfficial
PersonPerson Chuck RoyaltyChuck Royalty Daniel JohnsonDaniel
Johnson Harold MosesHarold Moses
RTCARTCA
202202--833833--93399339
[email protected]@rtca.org
Raymond Raymond DecerchioDecerchio
OrganizationOrganization Boeing Boeing Commercial Commercial
AirplanesAirplanes
Honeywell Honeywell Aerospace Aerospace Electronic
SystemsElectronic Systems
Technical Programs Technical Programs and Continued and
Continued Airworthiness Branch, Airworthiness Branch,
AIRAIR--120120
PhonePhone 425425--294294--16911691 612612--951951--74277427
202202--267267--30953095
FaxFax 425425--717717--50525052 612612--951951--74387438
202202--267267--53405340
EmailEmail chuck.royaltychuck.royalty@@boeing.comboeing.com
[email protected]@honeywell.comhoneywell.com
Raymond Raymond [email protected]@faa.gov
See www.rtca.org for Meeting Calls and Terms of Reference
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 2525
ChairmanChairman: X. Depin (AIRBUS SAS): X. Depin (AIRBUS
SAS)SecretarySecretary: A. Tarter (Ultra Electronics): A. Tarter
(Ultra Electronics)
MembersMembers::AIRBUS/ BOEINGAIRBUS/ BOEINGTHALES avionics/
THALES information systems/ RINICOM/ HONEYWELLTHALES avionics/
THALES information systems/ RINICOM/ HONEYWELLROCKWELL
COLLINSROCKWELL COLLINS--F/ SAFRANF/ SAFRANFAA/ CAAFAA/
CAA--Netherlands/ DGAC/ EUROCONTROL/ NLRNetherlands/ DGAC/
EUROCONTROL/ NLRSAFEE/ ERNST&YOUNG/University Of LeedsSAFEE/
ERNST&YOUNG/University Of LeedsBAE Systems/ Green Hills
Software/ Ultra ElectronicsBAE Systems/ Green Hills Software/ Ultra
ElectronicsHELIOS TECHNOLOGY/ CARILLON IS/ QINETIQHELIOS
TECHNOLOGY/ CARILLON IS/ QINETIQUS Department Of Transportation
(DOT)US Department Of Transportation (DOT)-- Volpe CenterVolpe
CenterCESGCESG……
WGWG--72: Participants72: Participants
See www.eurocae.eu for further information.
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 2626
Upcoming Meeting DatesUpcoming Meeting DatesWGWG--7272
1414--16 Oct16 Oct, Paris, FR, Paris, FR
SCSC--21621699--11 Sept11 Sept , Washington DC, Washington
DC44--6 Nov 6 Nov , Washington DC, Washington DC1313--15 January
2009 15 January 2009 , Washington DC, Washington DC
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 2727
LiaisoningLiaisoning and Coordinationand CoordinationSCSC--216
and 216 and EurocaeEurocae WGWG--72, Aeronautical Systems
Security72, Aeronautical Systems Security
Joint members, including chairsJoint members, including
chairsLeadership discussions pursuing joint activitiesLeadership
discussions pursuing joint activities
ATA JCG, Joint CoATA JCG, Joint Co--Ordination GroupOrdination
GroupJoint membersJoint membersCommon calendar between security
committees and eventsCommon calendar between security committees
and events
ATA DSWG, Digital Security Working GroupATA DSWG, Digital
Security Working GroupJoint membersJoint members
RTCA SCRTCA SC--205/Eurocae WG205/Eurocae WG--71, Software
Considerations71, Software ConsiderationsDesignated liaison
memberDesignated liaison member
RTCA SCRTCA SC--203, Unmanned Aircraft Systems203, Unmanned
Aircraft SystemsDesignated liaison memberDesignated liaison
member
AEEC NIS, Network Infrastructure and SecurityAEEC NIS, Network
Infrastructure and SecurityJoint members, including chairsJoint
members, including chairs
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 2828
Current ActivitiesCurrent ActivitiesSG2SG2 Airworthiness
Security Process (SAAPM)Airworthiness Security Process (SAAPM)
EUROCAE WG72 EUROCAE WG72 –– Module 1Module 1Guidance for
processes for aircraft certification Guidance for processes for
aircraft certification Methods for processes for aircraft
certificationMethods for processes for aircraft certificationMeans
of compliance with aeronautical regulations, including butMeans of
compliance with aeronautical regulations, including but not limited
to not limited to FAR25.1309FAR25.1309
SG3SG3 Aircraft Network External Interface Security
(MASPS)Aircraft Network External Interface Security (MASPS)EUROCAE
WG72 EUROCAE WG72 –– Module 4 &5Module 4 &5
Guidelines for selecting, operating, and managing security
contrGuidelines for selecting, operating, and managing security
controlsolsGuidelines for managing security concerns involving
external sysGuidelines for managing security concerns involving
external systems and/or tems and/or
organizationsorganizationsDesign & architecture guidelines for
compliance with the processDesign & architecture guidelines for
compliance with the processes & methodses & methods
e.g. layered protection, crew alerting, other aspects unique to
e.g. layered protection, crew alerting, other aspects unique to
aircraft design & aircraft design & operationoperation
-
Aug 20, 2008Aug 20, 2008 RTCA SCRTCA SC--216 Aeronautical
Systems Security216 Aeronautical Systems Security 2929
WGWG--72: Current status72: Current statusModule 1, 4 and 5
materials circulated for WGModule 1, 4 and 5 materials circulated
for WG--72 members internal 72 members internal
reviewreview::Module 1: Module 1: ““Air Worthiness Security
Assessment ProcessAir Worthiness Security Assessment Process””
version 3.1version 3.1Module 4: Module 4: ““Security Control &
OperationSecurity Control & Operation”” ref. 72ref.
72--44--0004 Draft V7.10004 Draft V7.1Module 5:Module 5:”” Air
Transportation System Reference Model for Aeronautical Air
Transportation System Reference Model for Aeronautical Information
SecurityInformation Security”” Draft KDraft K
RTCA SC-216�Aeronautical Systems SecurityTopicsSC-216
TasksWG-72: ObjectivesIs there an aircraft infosecurity
problem?Safety / Security OverlapEuropean airworthiness
regulationsAir Transportation SystemUS Regulatory ScopeA Functional
Look at the Externalities (courtesy of ARINC 664 part 5)Regulatory
ProcessesWG-72 : Document StructureProcess of ProcessesWG72 Module
1: Airworthiness SecurityAirworthiness Process FrameworkProcess
Compliance (sample)Evidence Compliance (sample)Classification
Compliance (ongoing)WG-72: Module 4– Operational ComplianceWG-72
Module 5: ATS Domain ModelTimelineEUROCAE Document Release
ProcessEUROCAE Document TypesCommittee LeadershipWG-72:
ParticipantsUpcoming Meeting DatesLiaisoning and
CoordinationCurrent ActivitiesWG-72: Current status
