Unified and Certifiable Cybersecurity Management Framework for IVHM

Commercial and military aircraft increasingly rely on Integrated Vehicle Health Management (IVHM) as a critical enabler for predictive maintenance, operational efficiency, and mission availability. The evolution of IVHM data communication architecture- from legacy wire-based networks to more wireless based architecture involving onboard wireless sensor networks (WSN) and IP-based air to ground communication networks introduces multidomain cyber-physical attack surfaces that challenge both functional safety and continued airworthiness. DO-326A/ED-202A and DO-356A/ED-203A standards define aviation cybersecurity requirements within a safety-driven assurance context, and IEC 62443 standard offers a defense-in-depth, lifecycle-based control framework for industrial systems. A unified approach by mapping and harmonizing the complimentary aspects of these two standards has the potential to simplify and expedite the security assurance and certification process for the IVHM and other digital avionic systems. The proposed work is a unified, standard-aligned cybersecurity assurance framework for aircraft IVHM systems covering both airborne ground segments as a single integrated entity. The novel methodology evaluates risks by performing Fundamental Requirements (FR) analysis, mapping IEC 62443 to DO-326A/ED-202A requirements through qualitative risk assessment, protocol vulnerability analysis, and attack tree modelling on zone-conduits as per the Security Level (SL) requirements. The resulting risk treatment plan demonstrates a verifiable and auditable method to achieve security assurance and certification of aircraft IVHM system which is extendable to other digital avionic systems.