Enabling airworthiness security by a holistic security engineering process at various aircraft design levels

Citation
34th Congress of the International Council of the Aeronautical Sciences, ICAS 2024
Contribution to Conference
34th Congress of the International Council of the Aeronautical Sciences, ICAS 2024  
Scopus ID
2-s2.0-85208813622
Publisher
International Council of the Aeronautical Sciences
Since the publication of the EASA certification specification CS-25.1319 in 2020, cyber security of aircraft and aircraft systems (airworthiness security) became mandatory for aircraft certification and must be considered in the aircraft and aircraft systems development even before the detailed design and implementation. For protection of aircraft from cyberattacks by Intentional Unauthorized Electronic Interaction (IUEI), security risk analyses are now embedded in the early phases of aircraft and aircraft systems development and security information has to be provided to subsequent phases. But this also requires, that processes and methods employed at the detailed design and implementation level are compatible to the processes and methods from the level above. For this reason, regulations and corresponding standards are analyzed in this paper to define requirements for a comprehensive and holistic security engineering approach that ensures traceability and consistency along the various development levels in the context of model-based systems, software, and security engineering.
Subjects
Airworthiness Security
CS-25.1319
Model Based System Security Engineering
Security Engineering Process
DDC Class
629.13: Aviation Engineering
005: Computer Programming, Programs, Data and Security