US FAA revising aircraft cybersecurity rules to simplify and harmonise requirements
US regulators are seeking to revise and simplify the framework for cybersecurity provision on aircraft, in order to harmonise with European certification standards and avoid continually having to issue special conditions. This revision follows several years of work to address the need to protect against unlawful electronic interference as aircraft systems have evolved – notably since the development of the Boeing 787 – to feature increasing levels of data-exchange and interconnectivity. Previously the US FAA has tackled the cybersecurity requirement by issuing special conditions – rules which apply to individual aircraft or engine designs to overcome safety concerns which are not covered by current airworthiness standards. But it states that, as interconnectivity proliferates, the repeated issuance of such conditions could result in certification criteria for cybersecurity which are “neither standardised between projects nor harmonised between the FAA and other civil aviation authorities”. “These disconnects increase the certification complexity, cost, and time for both the applicant and regulator,” it adds. A working group for aircraft system information security drew up recommendations in 2016, outlining a regulatory framework with a single set of airworthiness standards for transport aircraft. The FAA has used these recommendations as the basis for its proposed cybersecurity revision, which it published on 21 August. It states that the proposal will “generally reflect current practice” – maintaining the aims previously achieved through special conditions – and claims that, as a result, the impact on applicants and operators “would not be significant”.<br/>
https://portal.staralliance.com/cms/news/hot-topics/2024-08-23/general/us-faa-revising-aircraft-cybersecurity-rules-to-simplify-and-harmonise-requirements
https://portal.staralliance.com/cms/logo.png
US FAA revising aircraft cybersecurity rules to simplify and harmonise requirements
US regulators are seeking to revise and simplify the framework for cybersecurity provision on aircraft, in order to harmonise with European certification standards and avoid continually having to issue special conditions. This revision follows several years of work to address the need to protect against unlawful electronic interference as aircraft systems have evolved – notably since the development of the Boeing 787 – to feature increasing levels of data-exchange and interconnectivity. Previously the US FAA has tackled the cybersecurity requirement by issuing special conditions – rules which apply to individual aircraft or engine designs to overcome safety concerns which are not covered by current airworthiness standards. But it states that, as interconnectivity proliferates, the repeated issuance of such conditions could result in certification criteria for cybersecurity which are “neither standardised between projects nor harmonised between the FAA and other civil aviation authorities”. “These disconnects increase the certification complexity, cost, and time for both the applicant and regulator,” it adds. A working group for aircraft system information security drew up recommendations in 2016, outlining a regulatory framework with a single set of airworthiness standards for transport aircraft. The FAA has used these recommendations as the basis for its proposed cybersecurity revision, which it published on 21 August. It states that the proposal will “generally reflect current practice” – maintaining the aims previously achieved through special conditions – and claims that, as a result, the impact on applicants and operators “would not be significant”.<br/>
