The Military Aviation Authority (MAA) and MOD have announced enhanced requirements for cyber-security, to evaluate and counter the threat to air safety. In addition, the European Aviation Safety Agency (EASA) has published two notices of proposed amendment (NPA) related to cyber-security.
The following is extracted from the official statement:
NPA 2019-01 ‘Aircraft cyber-security’ was added in February 2019 and NPA 2019-07 ‘Management of information security risks’ added in May 2019. NPA 2019-01 introduced the new acceptable means of compliance (AMC) 20-42 which detailed changes to various existing certification specifications (CS) that now include new cyber-security requirements. For example, CS 25 (large aircraft) will introduce a new clause, CS 25-1319, which requires applicants to protect against ‘intentional unauthorised electronic interactions that may result in adverse effects on the safety of the aeroplane’, whilst demanding that ‘security risks have been identified, assessed and mitigated as necessary’.
NPA 2019-07 has a wider scope, introducing new draft regulation to cover the direct (aircraft specific) and indirect effects on…
