Introduction to the Emerging & Required DO-326/ED-202-Set: Aviation-Cyber-Security Regulation for Safety

Aviation Security: understanding what is required for new avionics/aircraft development and operations via the new mandatory DO-326A/ED-202A documents. In this introduction, attendees will get a top-level review of the new “DO-326/ED-202 ecosystem” of emerging regulation.

The DO-326A/ED-202A set of documents is all about the mitigation of the aviation/aircraft safety effects of “Intentional Unauthorized Electronic Interaction (IUEI)”, a.k.a. “Cyber Threats”, and which were explicitly excluded from the classic DO-178/ED-12/ARP4754 set.

DO-326A/ED-202A & DO-356A/ED-203A focus upon type certification during the first three phases of an aircraft (including avionics) type: 1) Initiation, 2) Development or Acquisition, and 3) Implementation. Their companions DO-355/ED-204 focus upon security for continued airworthiness.

DO-326A/ED-202A currently has 3 (three) companion documents: ED-201, DO-355/ED-204 and DO-356A / ED-203A, and a few more planned. DO-326A / ED202A provide requirements and objectives in a similar fashion to DO-178C, DO-254, and ARP4754A; while the DO-326A guidance is just that, certification authorities increasingly assess DO-326A compliance as added requirements for aviation suppliers.

The DO-326A/ED-202A set currently applies to fixed-wing aircraft (Part 25), with clear FAA/EASA recommendations for the adaptation/tailoring of DO-326A/ED-202A for general aviation (Part 23),rotorcraft (Parts 27 and 29), engines (Part 33) and propellers (Part 35), and clear indications of it will increasingly being applied to these other aircraft including military beginning in 2022 or thereafter.

KEY FEATURES:

• Top-level acquaintance with Information/”Cyber” security in general
• Cybersecurity aspects of OT/ICAS
• Aviation as a unique Cybersecurity case
• Origins of Cybersecurity standards & regulation
• The road to ED-202/DO-326: “Security as a Safety Aspect”
• The top-level development process of the entire “ED-202/DO-326 set”, rationale behind the documents & relations with the “DO-178/ED-12 set”
• Initial acquaintance with the documents:
– ED-201: Aeronautical Information System Security (AISS) Framework Guidance
– DO-326A/ED-202A: Airworthiness Security Process Specification
– DO-356A/ED-203A: Airworthiness Security Methods and Considerations
– DO-355/ED-204: Information Security Guidance for Continuing Airworthiness
– ED-205: Process Standard for Security Certification/Declaration of Air Traffic Management/Air Navigation Services (ATM/ANS) Ground Systems
– Planned new/revised documents
Where does current regulation stand
• Where do we go from here – the expected regulatory landscape for the next years

WHO IS IT FOR:

Attendees may include all levels of aviation, aircraft, and avionics developers who must understand and comply with the new Security rules.

ABOUT THE INSTRUCTOR

Aharon David

Mr. Aharon David is AFUZION-InfoSec’s Chief WHO (White Hat Officer). Holding a BSc.AeE. from Israel’s Technion, and an MBA (IT + Tech Management) from Tel-Aviv U., Mr. David previously held some key positions such as the head of the Israeli-Air-Force Avionics & Control Software Development Centre (IAF-ACSDC) and the head of the Israeli-Missile-Defense-Organization (IMDO) System Engineering & Interoperability Department.

Mr. David is currently an advisor for organizations such as CAAI (the Civil Air Authority of Israel) and INCD (Israel’s National Cyber Directorate). Mr. David is the designated instructor and speaker on aviation cyber-security regulation for a variety of esteemed organizations such as the SAE-International (Society of Automotive/Aerospace Engineers), IEEE and AIAA, and is a member of all standard-making committees on the subject, worldwide, such as EUROCAE’s WG-72, RTCA’s SC-216, SAE’s G-32 and more.

REGISTRATION OPEN SOON