The certification process of the Boeing 787, starting in 2005, marked a watershed
for airworthiness regulation. The “Dreamliner,” the first true “flying data
center,” could no longer be certified for airworthiness ignoring “sabotage,”
like the classic safety regulation for commercial passenger aircraft. Its
extensive application of data networks, including enhanced external digital
communication, forced the Federal Aviation Administration (FAA), for the first
time, to set “Special Conditions” for cybersecurity.
In the 15 years that ensued, airworthiness regulation followed suit, and all key
rule-, regulation-, and standard-making organizations weighed in to establish a
new airworthiness cybersecurity superset of legislation, regulation, and
standardization. The resulting International Civil Aviation Organization (ICAO)
resolutions, US and European Union (EU) legislations, FAA and European Aviation
Safety Agency (EASA) regulations, and the DO-326/ED-202 set of standards are
already the de-facto, and soon becoming the official, standards for legislation,
regulation, and best practices, with the FAA already mandating it to a
constantly growing extent for a few years now—and EASA adopting the set in its
entirety in July 2020. This emerging superset of documents is now carefully
studied by all relevant actors—including industry, regulators, and academia—as
the aviation ecosystem moves forward with DO-326/ED-202 set training, gap
analysis, and even with certification itself.
This report suggests a deeper analysis of these sets of regulatory documents and
their effects on the aviation sector as they gradually become the law of the
land, starting with their expected effects on the aviation ecosystem, the issues
they pose to supply chains, and the challenges they present to the airworthiness
certification process itself. Then, this report examines the major DO-326/ED-202
set gaps, inherent dilemmas, and methodological uncertainties. For each such
unsettled domain, six aspects are reviewed. Finally, practical solution-seeking
processes are proposed, and some specific potential frameworks and solutions are
pointed out whenever applicable. It is the intention of this report that these
insights and observations would assist regulators, applicants, and standard
makers through, at least, the 2020s with accommodating this new regulation and
start adjusting it to emerging realities.
NOTE: SAE EDGE™ Research Reports are intended to identify and illuminate key
issues in emerging, but still unsettled, technologies of interest to the
mobility industry. The goal of SAE EDGE™ Research Reports is to stimulate
discussion and work in the hope of promoting and speeding resolution of
identified issues. SAE EDGE™ Research Reports are not intended to resolve the
challenges they identify or close any topic to further scrutiny.