EUROCAE WG-72 Aeronautical Systems Security - Three Calls for participation

EUROCAE

EUROCAE Call for participation

 

EUROCAE Working Group 72

Aeronautical Systems Security

In a dynamic context of aeronautical systems security developments, EUROCAE is launching three Calls for Participation to inform interested parties about new standardisation activities and to provide the possibility to nominate project participants. These new projects, addressed by EUROCAE Working Group 72, are investigating various aspects of aeronautical systems security. WG-72 will work on the following deliverables:

  • Guidance / ED-xxx, Guidance on Security Event Management
  • Guidance / ED-201A, Aeronautical Information System Security Framework Guidance Document
  • Guidance / ED-204A, Information Security Guidance for Continuing Airworthiness

If your company is interested in a contribution to these activities and has the necessary expertise in the covered fields, please complete the Registration form by Tuesday, 31 July 2018.

The kick-off meetings of these new activities within WG-72 will take place on the 18, 19 and 20 September at EUROCAE in Saint-Denis, France. A detailed agenda will be communicated to registered participants closer to the date. 

 

Call for Participation 1

Guidance on Security Event Management

Deliverable 1

  • Guidance / ED-xxx, Guidance on Security Event Management

Background

Aeronautical Information System Security is characterised by security responsibility shared amongst various actors such as OEMs, suppliers and operators. They need to develop processes and procedures for identifying and reporting security events, and to initiate response with respect to continuing airworthiness. WG-72 will develop a new Guidance Document to address these issues.

This guidance will support the activities of EASA’s European Strategic Coordination Platform (ESCP). This includes regulation on organisations and the requirement for a Security Management System with (Security) Occurrence Reporting similar to Safety Management System with (Safety) Occurrence Reporting. The security event management will be required for any safety-related event which endangers or which could endanger an aircraft, its occupants or any other person, if not corrected or addressed. This includes in particular accidents or serious incidents and comprise the reporting to the European Centre for Cybersecurity in Aviation (ECCSA) and to any applicable regulatory bodies.

WG-72 will work to develop this new document to provide guidance on security event management for various actors of the aviation environment, to develop processes and procedures for identifying and reporting security events, and to initiate response with respect to continuing airworthiness.

 

Call for Participation 2

AISS Framework Guidance Document

Deliverable 2

  • Guidance / ED-201A revision, Aeronautical Information System Security (AISS) Framework Guidance Document

Background

ED-201 "Aeronautical Information System Security (AISS) Framework Guidance" focuses on the overarching context of shared responsibility for AISS, providing the framework to link together the various portions of security in aviation. Here security means ensuring safety of flight, as well as maintaining the operation of the civil aviation infrastructure without significant disruption. The document covers all relevant areas of Civil Aviation ranging from aircraft design, production and operation (passenger and cargo), air traffic management, airports, maintenance repair and overhaul operations (MRO), aviation service providers, components (such as avionics and databases) and information (such as NOTAMS, weather and manuals & charts) and the supply chains.

However, ED-201 was published in 2015. As the relevant standards are being updated and new ones generated, ED-201 needs to be updated to reflect these changes. This is particularly the case following the outcome of the European Strategic Coordination Platform (ESCP) discussions to become an AMC. In addition, EASA is also in the process of generating a set of regulations (“horizontal rule”) across all aviation domains to introduce an Information Security Management System and shared risk across organisations.

WG-72 will work to revise ED-201 to reflect the update in standards of the portions linked by ED-201. Furthermore, it will take into account the “horizontal rule” generated by EASA.

 

Call for Participation 3

Information Security Guidance for Continuing Airworthiness

Deliverable 3

  • Guidance / ED-204A revision, Information Security Guidance for Continuing Airworthiness

Background

ED-204 / DO-355 "Information Security Guidance for Continuing Airworthiness" was prepared jointly by EUROCAE Working Group 72 “Aeronautical System Security” and RTCA Special Committee 216 “Aeronautical System Security” and published in 2014. ED-204 provides guidance for different stages of the product life cycle. The document details topics in the scope of Type Certification activities related to operation and maintenance of the aircraft, such as Instructions for Continued Airworthiness (ICA) as well as security guidance documents. Beyond the classical Instructions for Continued Airworthiness directly related to aircraft parts and systems, this document also provides guidance on Ground Support Equipment and Ground Support Information Systems related to the security of aircraft information systems and data networks.

However, aeronautical system security is a fast-paced environment and the guidance needs to reflect the changes. Following the outcomes of documents from the Aircraft Systems Information Security/Protection (ASISP) working group by Aviation Rulemaking Advisory Committee (ARAC) and of ED-203A update, ED-204 needs to be reviewed.

The ARAC identified guidance needed for supporting continuing airworthiness. However, the committee working on DO-356A/ED-203A did not consider appropriate to include this guidance.

WG-72 will work to revise ED-204 to provide both the opportunity to ensure consistency with updated guidance of ED-203A and to introduce guidance for continuing airworthiness identified by ASISSP ARAC.

If your company is interested in a contribution to these activities and has the necessary expertise in the covered fields, please complete the Registration form by Tuesday, 31 July 2018.

The kick-off meetings of these new activities within WG-72 will take place on the 18, 19 and 20 September at EUROCAE in Saint-Denis, France. A detailed agenda will be communicated to registered participants closer to the date. 

*** Please note that the target date for registration is 31 July 2018 ***