EASA has issued a Notice of Proposed Amendment (NPA) that aims to mitigate the potential effects of cybersecurity threats on aviation safety. The requirements would replace the use of special conditions to meet these threats with dedicated requirements under the specific certification specifications (CS) applicable to aircraft, as well as avionics.
“Such threats could be the consequences of intentional unauthorized acts of interference with aircraft onboard electronic networks and systems,” EASA said. These threats have the potential to disrupt or destroy electronic information. All recently designed large airplanes are known to be potentially sensitive to those security threats due to the interconnectivity of their avionics systems.
Currently, cybersecurity is addressed as part of the certification activities of new large airplane type designs and STCs in the form of special conditions to EASA CS-25. But the proposed rules would introduce cybersecurity provisions into the relevant certification specifications of small and large aircraft. In addition to updating the certification specifications to protect products and equipment against cybersecurity threats, the amendment is also expected to improve harmonization with FAA regulations.
Comments on the NPA are due by May 22. EASA expects to make a decision on implementing the new rules in the third quarter.