Cyber Security

Introduction

Within the aviation safety domain, cyber security is commonly understood as the protection of information systems against intentional unauthorised electronic interactions (IUEI). Aircraft systems are increasingly interconnected, and those interconnections are vulnerable to cyber security threats. These threats have the potential to impact aviation safety due to unauthorised access, use, disclosure, denial, disruption, modification or destruction of electronic information or electronic aircraft system interfaces.

DASA has concluded that Cyber Hazards to aviation safety are not adequately treated by extant safety policy or regulation under the Defence Aviation Safety Program (DASP). Cyber Hazards to Aviation Safety - A DASA Blueprint has been developed to both justify to stakeholders the preferred DASA strategy for the introduction of protections against cyber hazards, and explain how the strategy will be implemented. Importantly, the blueprint does not discuss the process for transitioning to any new regulations nor the timeline for the transition. A formal Notice of Proposed Amendment (NPA) process will be initiated for the introduction of Cyber regulation when the level of maturity in understanding and implementation of Cyber Security frameworks within the broader Defence community is such that any proposed requirements will be readily understood and able to be adopted by the regulated community.

What We Do

To confirm that DASA’s approach remains aligned with the broader Defence approach to Cyber related hazards, DASA is engaging with the Defence Cyber community and monitoring the Service implementations of Cyber policy. Changes to the DASA strategy and any published guidance material will be made as required to reflect the Service implementations of Cyber policy and global good practice for protections from Cyber hazards to aviation safety.

In advance of the formal implementation of Cyber regulation, the DASA approach proposed in the DASA blueprint may be adopted on a ‘voluntary’ basis to facilitate the implementation of Cyber Security for Defence aircraft in organisations having the necessary understanding and capacity to implement controls for known cyber related hazards. To support early adopters of the DASA approach, DASA has published the following guidance material:

1. Defence Aviation Safety Design Requirements Manual (DASDRM) Cyber Chapter. DASA prescribes recommended airworthiness design requirements for cyber security in Section 2 Chapter 12 of the DASDRM. The recommended design requirements focus on the application of the RTCA/EUROCAE suite of Cyber related standards in the Defence context;
   
   - ED-202A/DO-326A – Airworthiness Security Process Specification
   - ED-203A/DO-356A – Airworthiness Security Methods and Consideration
   - ED-204/DO-355 – Information Security Guidance for Continuing Airworthiness
    
2. Draft DASR.Cyber. DASA has drafted a pre-NPA version of Defence Aviation Safety Regulations specific to protecting against cyber hazards to aviation safety, DASR.Cyber. The proposed regulation at this stage is intended to be implemented as a “horizontal” regulation with applicability across many DASR regulated organisations. However, the draft regulations are pre-NPA and as such may be subject to significant changes prior to implementation.
    
3. DASA Factsheet – Assessing and Treating In-service aircraft cyber security risks. Guidance to early adopters in the assessment and treatment of Cyber risks to in-service aircraft is provided covering the process for implementation of the recommended requirements in the ADRM.

I Want To Learn More…

If you want to learn more about Cyber Security under the DASP, please consult the following resources:

Note: The DASA Cyber Blueprint is currently only available on the Defence Intranet. Defence Industry representatives should approach their respective sponsor to request access if required. For all other interested parties, please contact DASA DTS Enquiries for access outside of the Defence intranet.

Support

If you have questions about this topic please contact DASA DTS Enquiries.

For DASR queries please submit a DASR Query Form (DQF) Form 110