With cyber-attack continuing to present a significant threat to the safe operation of modern military air systems, new regulation has been introduced to assess and mitigate potential impacts on air safety.
The MAA has now equipped the regulated community with Cyber Security for Airworthiness (CSA) regulation to ensure our safety-related systems are appropriately protected from this non-traditional, emerging threat to air safety.
Modern military air systems, like their civil counterparts, are reliant on the correct functioning of avionic systems for safe operation. It is vital that cyber security assessments are conducted for connected systems to identify and mitigate, if necessary, airworthiness and air safety risks.
Physical access security can only go so far, with, cyber security vulnerabilities able to be introduced to airborne electronic hardware (AEH) or safety-related airborne software through insecure supply chains. While increasing reliance on computerised ground support systems and other systems, such as connected-electronic flight bags (EFB) or mission equipment, could also present opportunities for malware. Essentially, any external connectivity for the air system could introduce new threats.
EASA has introduced requirements to the certification specifications (CS) for large aeroplanes, small and large rotorcraft, engines, and propellers for equipment, systems, and network information security protection.
The UK Civil Aviation Authority (CAA) has replicated the EASA requirements in the published certification specifications for large aeroplanes, small and large rotorcraft, engines, propellers, and the guidance material for normal-category aeroplanes and ETSO articles; these also refer to AMC 20-42 as the published acceptable means of compliance.
The CAA currently has a rulemaking task for the introduction of Cyber Security Regulation based on EASA Part-IS. There will be further consultations prior to publication of the new regulation.
The latest issues of Defence Standard 00-970 for fixed wing combat air systems, small and medium type air systems, large type air systems and rotorcraft include requirements for CSA; this applies to both new air systems and type design changes to existing air systems.
The new CSA regulations have been introduced to ensure that all air systems on, or destined for, the UK Military Aircraft Register (MAR) are assessed for cyber security threats, and that suitable mitigations are put into place to address any potential negative impacts on airworthiness and air safety. The regulations also address a need to inform owners of air safety risks of any potential CSA risks, so that these could be understood, owned, and integrated into core air safety management activities.
The new regulations will ensure that military air systems are assessed for and appropriately protected from cyber threats to airworthiness and air safety. The MAA will continue to engage and support the regulated community as required.
If you would like to join our community and read more articles like this then please click here
Cyber cyber attack cyber security MAA regulations supply chain
Post written by: Vicky Maggiani
Vicky has worked in media for over 20 years and has a wealth of experience in editing and creating copy for a variety of sectors.
RELATED ARTICLES
November 19, 2024
OSINT Technology advances are just what the UKs hard-pressed defence sector needs
Open-source intelligence (OSINT) is now critical to defence and national security, but the sheer volume of available online multi-media data
October 21, 2024
International opportunities abound
How defence contractors benefit from increased defence spend and strategic cross-border initiatives, article submitted by Richard Tall, Hans Mehrens,
