EUROCAE ED-203 PDF

Airworthiness security is the protection of the airworthiness of an aircraft from intentional unauthorized electronic interaction.

Intentional unauthorized electronic interaction (also known as "unauthorized interaction" within the scope of this document) is defined as human-initiated actions with the potential to affect the aircraft due to unauthorized access, use, disclosure, denial, disruption, modification, or destruction of electronic information or electronic aircraft system interfaces. This definition includes the effects of malware on infected devices and the logical effects of external systems on aircraft systems, but does not include physical attacks or electromagnetic jamming.

This guidance provides methods and considerations for securing airworthiness during the aircraft life cycle. It was developed as a companion document to ED-202A / DO-326A "Airworthiness Security Process Specification" which addresses security aspects of aircraft certification and ED-204 / DO-355, "Information Security Guidance for Continuing Airworthiness" [15] which addresses airworthiness security for continued airworthiness.

This document assumes knowledge of other applicable guidance material, including e.g. ED-79A / ARP 4754A [11], ED-135 / ARP 4761 [13], ED-12C / DO-178C [10], and ED-80 / DO-254 [12] and with the advisory material associated with FAA AMJ25.1309 [1] and EASA AMC 25.1309 [9], in the context of Part 25, CS-25, and JAA JAR-25. Tailoring of this guidance may allow it to be applicable in other contexts such as CS- 23, CS-27, CS-29, CS-E, CS-P, Part 23, Part 27, Part 29, Part 33, and Part 35.

The methods and considerations of this document provide guidance for accomplishing the airworthiness security process activities identified in ED-202A / DO-326A.

More specifically, this version of the document addresses the activities in the areas of security risk management and security assurance.

A future version of this document is planned to address further activities in the areas of security development, aircraft modifications, continuing airworthiness and security aspects of certification.

Appendix B lists the ED-202A / DO-326A activities and references that are addressed in this version of the document.

Those aspects of information security that have no safety effect are not in the scope of this document.