Last Thursday, U.S. aviation authorities took their strongest stance yet against preparing for potential cyber threats on the ground and in the air.
The Federal Aviation Administration’s (FAA) top technical advisory group approved language seeking to ensure that cybersecurity defenses will be included into all future industry-wide standards.
This decision means that manufacturers, carriers, maintenance facilities, and even airports will eventually be obligated to include cybersecurity factors in routine activities. The RTCA even noted that manufacturers need to rely on ‘a layered approach to aircraft security mitigation’, covering both software and hardware. This includes consideration of how vulnerabilities ‘could propagate to existing downstream systems.’
These new guidelines apply to all aviation standards, and ultimately, end up as regulations, advisories, and guidance documentation adopted by the FAA.
George Liger, a veteran RTCA committee member, claims that this language far surpasses previous generic cyber-protection guidance. “At a high level, it makes sure appropriate considerations will be given to cyber vulnerabilities across the board.” Further noting that from here on out, “this will apply to everything we do.”
Within the aviation industry, cyber threats not only pose a serious threat to business and everyday operations, more importantly, these threats pose an extreme risk to flight goers and airport staff and employees. According to Luc Tygat, a senior official at the European Aviation Safety Agency, “contamination can come from any part of the system,” adding that the problem of cyber threats is “quite fluid, and evolving very quickly.”
By working with NNT, your organization will adopt a ‘layered and integrated approach’ to security, which incorporates the right process, methodology, and set of tools in order to protect your environment against the ever-changing threat landscape.
Learn how NNT addresses DISA STIG Compliance requirements