Securing the E-Enabled Aircraft
As Aviation Electronics Europe has just finished in Munich, it continues to grow and this year was no exception, with some interesting keynotes from EASA and Airline for Europe, A4E. The UK standing out in Europe was noticeable as there was a strong presence.
Guest blog by Alex Wilson.
A couple of papers for Wind River, on FACE and Cybersecurity were presented. Wind River VxWorks 653 has now achieved conformance certification to the FACE Technical Standard (see the Blog by Chip Downing), but what does that mean to customers in the rest of the world? More is later to come on this.
The presentation on Cybersecurity was part of the track ‘Data Comms & Cyber Security Perspectives’ hosted by Willie Cecil, Aircraft Data and Connectivity Systems Specialist, Uptake, USA.
This was led by a great presentation from Marc Mautref, Pilots and Aircraft Connectivity Manager, Air France. Marc covered operational aspects of Cybersecurity, including how they use a Risk Assessment framework to manage the ongoing security aspects of operating aircraft safely.
One example Marc presented is that of electronic flight bags which are now using portable electronic devices in the cockpit, adding a new attack vector to the risk analysis. The risk-management framework can cope with this dynamic environment and changing security perimeter, and in this case results in Air France expecting its suppliers to security certify their EFBs.
This fed well into the presentation, which dived a little deeper into aspects of RTCA DO-326A, DO-355, and DO-356. RTCA DO-356 does cover risk assessment in some detail, and summarised this as part of the presentation, the diagram which was pulled from DO-356 matched very well with Marc Mautref’s presentation for ongoing security:
A copy of the white paper is available on the website. One concern for OEMs having to meet these standards is the harmonisation between EUROCAE and RTCA documents, mainly in DO-356 and ED-203, which take alternative approaches.
Work is ongoing between RTCA and EUROCAE to resolve these differences, but until that completes we may need to look at different approaches depending on the end user.
Philippe Lievin, Rockwell Collins then closed the session with an update on ACARS over IP, and the complexity and challenges that involves. This is especially interesting as in order to benefit from data within the aircraft, we have to consider how to get that data out to the analytics services on the ground, which is the trend we see in the marketplace of moving towards an Industrial Internet of Things.
When considering the Industrial Internet of Things, more and more systems being connected to extract valuable data are seen, and this is no exception with aircraft. However, as pointed out in the presentation, these standards exist so that we can maintain the excellent safety record we have in the airline industry, and whilst some aspect of cybersecurity may be business-related, it is imperative that we do not overlook the fact that safety of the aircraft, crew and passengers is the most important factor.
Courtesy of Wind River.