RTCA Paper No. 138-12/PMC-1008 June 13, 2012 TERMS OF ...
RTCA Paper No. 138-12/PMC-1008 June 13, 2012 TERMS OF ...
RTCA Paper No. 138-12/PMC-1008 June 13, 2012 TERMS OF ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
. Aircraft systems and equipment:<br />
i. All aircraft systems electronic equipment.<br />
ii. Electronic networks used for on-board data exchange and for information exchange<br />
with systems external to the airplane, and data exchange with portable devices<br />
(passenger).<br />
c. Assumptions about and considerations for the impact of security on aircraft systems and<br />
equipment from aircraft external systems, including, as necessary, means for the evaluation and<br />
assessment of such systems in terms useful to airborne security processes. The following systems<br />
will be considered, but only the portions that have an effect on aircraft safety:<br />
i. Airline-owned systems<br />
ii. Airport-owned systems<br />
iii. Private network service providers<br />
The SC will not address:<br />
a. Other aspects of safety already addressed in existing guidance material, such as AC/AMJ<br />
25.<strong>13</strong>09, ARP 4754, DO-178B, DO-278, and DO-254, except to the extent where there is a<br />
reliance on those other means of compliance.<br />
b. Physical security or physical attacks on the aircraft (or ground element)<br />
c. Airport, Airline or Air Traffic Service Provider security (e.g., access to airplanes, ground<br />
control facilities, data centers, etc.)<br />
d. Communication, navigation, and surveillance services managed by US Federal agencies or<br />
their international equivalents (for example; GPS, SBAS, GBAS, ATC data communications,<br />
ADS-B, etc.).<br />
ENVISIONED USE <strong>OF</strong> DELIVERABLE(S)<br />
The Security Assurance and Assessment Processes and Methods for Safety-related Aircraft Systems<br />
and the Security Guidance for Continuing Airworthiness documents are intended to be used by the FAA<br />
and other civil aviation authorities (CAAs) as an acceptable means of addressing the security-related<br />
safety aspects of aircraft systems. It is envisioned that the documents would be invoked by an Advisory<br />
Circular for applicable aircraft types for certification. The continuing airworthiness document would be<br />
invoked by an Advisory Circular for operators responsible for operating and maintaining a secure aircraft<br />
system.<br />
SPECIFIC GUIDANCE:<br />
The special committee should develop guidance material that, at a minimum:<br />
a. Provides processes and methods for assessing system networks for security threats and to identify<br />
specific Aeronautical Networked System Security Issues.<br />
b. Identifies network and data security issues that may impact aircraft safety and those where the<br />
impact is more business or privacy related, yet still important.<br />
c. Establishes assurance levels for security that relate to existing safety assurance (e.g., AC/AMJ<br />
25.<strong>13</strong>09) criteria and levels and provides objectives for evaluating network security<br />
implementations<br />
d. Contains acceptable methods of demonstrating system safety when security issues impact aircraft<br />
systems.<br />
e. Addresses recording and responding to security “events” and guidelines for operations, continued<br />
operational safety and maintenance of security features.<br />
f. Addresses the requirements and guidance for post-response recovery, including identification of<br />
affected systems, restoration of system configurations, notification requirements, and other<br />
related activities.<br />
3