This content is not included in your SAE MOBILUS subscription, or you are not logged in

Unsettled Topics Concerning Airworthiness Cyber-Security Regulation

  • Research Report
  • EPR2020013
To be published on June 23, 2020 by SAE International in United States
  • English

The certification process of the Boeing 787, starting in 2005, was a watershed for airworthiness regulation. The "Dreamliner," the first true "flying data center," could no longer be certified for airworthiness ignoring "sabotage," like the classic safety regulation for commercial passenger aircraft – as its extensive application of data networks, including enhanced external digital communication, forced the Federal Aviation Administration (FAA), for the first time, to set "Special Conditions" for cyber-security.
In the 15 years that followed, airworthiness regulation followed suit, and all key rule-making, regulation-making, and standard-making organizations weighed in to establish a new airworthiness cyber-security superset of legislation, regulation, and standardization. The resulting International Civil Aviation Organization (ICAO) resolutions, U.S. and European Union (EU) legislation, FAA and European Aviation Safety Agency (EASA) regulation and the DO-326/ED-202 set of standards are about to become the new standards for legislation, regulation, and best practices as soon as 2020, and in fact – some of them are already in effect. This emerging superset of documents is now carefully studied by all relevant actors – including industry, regulators, and academia – as the aviation ecosystem moves forward with DO-326/ED-202-set training, gap-analysis, and even with certification itself.
This report suggests a deeper analysis of these sets of regulatory documents and their effects on the aviation sector as they gradually become the law-of-the-land, starting with their expected effects on the aviation ecosystem, the issues they pose to supply chains, and the challenges they present to the airworthiness certification process itself. Then, this report examines the major DO-326/ED-202-set gaps, inherent dilemmas and methodological uncertainties. For each such unsettled domain, six aspects are reviewed. Finally, practical solution-seeking processes are proposed, and some specific potential frameworks and solutions are pointed out whenever applicable. It is the intention of this report that these insights and observations would assist regulators, applicants, and standard-makers throughout the early 2020s with accommodating this new regulation and start adjusting it to emerging realities.
NOTE: SAE EDGE™ Research Reports are intended to identify and illuminate key issues in emerging, but still unsettled, technologies of interest to the mobility industry. The goal of SAE EDGE™ Research Reports is to stimulate discussion and work in the hope of promoting and speeding resolution of identified issues. SAE EDGE™ Research Reports are not intended to resolve the issues they identify or close any topic to further scrutiny.