EUROCAE Working Group 72 & RTCA Special Committee 216 hosted at EASA
Those are the European and US working groups dedicated to the development of standards in aviation cybersecurity. As aviation is getting more and more exposed to cybersecurity threats, with an explosion of attacks on airports, airlines, ATM/ANS and other information service providers the aviation industry is working hard on enforcing the resilience of the aviation system.
This involves the role of EASA as a regulator but also of the industry standards as purveyors of guidance and best practices to implement and comply with the regulations. Since EASA started to work on protecting aviation organisations, the work program of WG-72 added elements that will help our stakeholders to fulfil the objectives introduced by the regulation on aviation organisations (Part-IS). It provides an international stage for this regulation and helps to reach out to organisations and authorities that are not in the scope of this European regulation, but through the discussion are aligning themselves with the spirit and principles contained within.

This week was dedicated to Information Security Management System, end to end data security, answer to Frequently Asked Questions about Product (aircraft, engine) Information Security which incorporates lessons learned from EASA cybersecurity experts during product certification and supports the level playing field of industry across Europe and America.
EASA was also able to present a clear position on future developments of ED-203A to further clarify the approach on key elements of the risk assessment process and considerations for secure aircraft architectures.
In summary, the group made significant progresses according to the milestones of the work program and is expected to deliver the awaited guidance, in time for the applicability deadline of Part-IS (October 2025).
Let us know about any comments or thoughts in the comment section below!
Please log in or sign up to comment.