The FAA has issued a draft Advisory Circular outlining a method for developing an Aircraft Network Security Program (ANSP) to meet requirements for security of data systems on new and modified aircraft and those considered “e-enabled.” This refers, the FAA notes, “to an aircraft with wireless communication technology that exchanges information with various critical and non-critical aircraft systems as well as outside systems.”
The AC highlights a specific concern with aircraft using Transmission Control Protocol (TCP)/Internet Protocol (IP) connectivity instead of other means such as Arinc 429 busses for connecting flight-critical avionics systems. The ANSP is necessary, according to the FAA, because, “As with other TCP/IP applications, a real threat exists that may be intentional or unintentional with a detrimental effect on system performance. These effects may range from reduced performance, denial of service or criminal activity.”
Developing an ANSP will require preventing unauthorized external access to aircraft networks, identification and assessment of security threats, prevention of inadvertent or malicious changes to aircraft networks and prevention of unauthorized access by onboard sources.