Professional Documents
Culture Documents
SAE E 36 Committee Proposal For Engine and Propeller Controls and Cyber Security
SAE E 36 Committee Proposal For Engine and Propeller Controls and Cyber Security
Aviation
Engine and propeller Federal
Administration
Administration
electronic controls and
cyber-security concerns
Federal Aviation 2
Engine and Propeller controls and cyber security Administration
FAA AVS Strategic Plan Focus
Talking Points
We’re focusing in, for the most part, on electronic connectivity
to internal and external aircraft systems and networks
We believe that the greatest threat is the exploitation of
aircraft electronic access points via public networks such as
the internet or counterfeit computer integrated circuits
We have published policy statements, special conditions, and
issue papers to address and mitigate any potential aircraft
electronic connectivity vulnerabilities
We have published training materials (this effort is ongoing)
We have sponsored an Aviation Rulemaking Advisory
Committee (ARAC) working group (WG) comprised of industry
and government experts to provide additional information and
recommendations on ASISP
Federal Aviation 3
Engine and Propeller controls and cyber security Administration
FAA ASISP History (sheet 1 of 4)
The FAA Aircraft Certification Service initial development of
policy, guidance, industry standards and training for security
considerations started in 2005
Milestones
Aircraft Certification published Special Conditions and
Companion Issue papers on the Boeing 787 Transport
Category Airplane during 2005
Addresses threats from external connectivity to aircraft
systems from public networks such as the internet
Addresses threats across aircraft systems domains such as
potential hacking of entertainment systems and Wi-Fi
networks
Sponsored research projects with the John. A Volpe National
Transportation Systems Center during 2005 through 2009
Federal Aviation 4
Engine and Propeller controls and cyber security Administration
FAA ASISP History (sheet 2 of 4)
Milestones (continued)
Sponsored RTCA Special Committee (SC)-216 “Aeronautical
Systems Security” on June 26, 2007 to develop industry
standards for initial design and continued airworthiness for
aircraft systems and networks
Support the SAE-18 Committee, Development Assurance
processes for aircraft systems and safety including security
considerations starting May, 2010
Developed a strategic plan for ASISP during 2012
Sponsored research projects with the FAA Atlantic City
Technical Center starting 2012 and this effort is ongoing
Support the RTCA SC-228 Unmanned Aircraft Systems
cryptographic security controls for the command and control
(C2) data link starting May 20, 2013
Federal Aviation 5
Engine and Propeller controls and cyber security Administration
FAA ASISP History (sheet 3 of 4)
Milestones (continued)
Support the Interagency Core Cyber Team (ICCT) during 2014
(effort is ongoing)
Supported the General Aviation Manufacturing Association
(GAMA) steering group on ASISP during 2013 through 2014
Supported the ASTM Committee F44 on ASISP using the output
from the GAMA steering group during 2014 through 2018
Published and revised Policy Statements on Establishment of
Special Conditions for ASISP beginning March 6, 2014
On December 18, 2014 an Aviation Rulemaking Advisory
Committee (ARAC) working Group (WG) to provide information
on ASISP was established
On August 22, 2016 the ARAC WG published a final report on
ASISP with 30 recommendations
Federal Aviation 6
Engine and Propeller controls and cyber security Administration
FAA ASISP History (sheet 4 of 4)
Milestones (continued)
Work-in-progress, FAA has developed a strategic plan and is in
the process of reviewing and dispositioning of the ARAC WG
recommendations
Supported the development of an on-line training Wi-Fi security
training course during 2016
Support rulemaking for Transport Category Airplanes on
ASISP starting in 2017
Drafted the ASISP section of Electronic Flight Bag AC 20-173
“Installation of EFB Components” during 2017
Federal Aviation 7
Engine and Propeller controls and cyber security Administration
Specific ARAC recommendations relevant to engine and
propeller controls
• Recommendation 14: The ASISP working group recommends
that the FAA undertake rulemaking to update 14 CFR 33.28 to
establish information security protection for engines.
• Recommendation 15: The ASISP working group recommends
that the FAA undertake rulemaking to update 14 CFR 35.23 to
establish information security protection for propellers.
• Guidance Material – Engines and Propeller Systems
• Field-loadable software for engines or propeller systems that is directly
loadable using ground support equipment should contain authentication
mechanisms for off-aircraft handling that are separately demonstrated under
14 CFR Part 33 or 14 CFR Part 35.
Federal Aviation 8
Engine and Propeller controls and cyber security Administration
FAA proposal/request
• Are cyber security concerns with respect to the 14
CFR 33.28 and 35.23 controls rules and associated
guidance material an appropriate topic for the
SAE E-36 committee to consider?
• If “yes,” the FAA requests these deliverables from
SAE E-36:
• A recommendation from SAE E-36 regarding whether or not
§§ 33.28 or 35.23 are adequate as written to mandate an
acceptable level of safety with respect to engine and
propeller control cyber security.
• A recommendation from SAE E-36 regarding whether or not
associated guidance material should be updated to address
cyber security
• If “yes,” the FAA requests suggested additions or modifications to
the appropriate advisory circulars.
Federal Aviation 9
Engine and Propeller controls and cyber security Administration