Aircraft Network Security Program (ANSP)
E-enabled Aircraft offer extended connectivity providing extra services to passengers and improved productivity to airlines. The added benefits come with a price: connectivity to external systems and internal networks, wired and wireless, introduces new vulnerabilities that may open access to onboard aircraft systems, which may be used to attack the safety of the aircraft.
Aircraft Manufacturers and STC holders offering such connectivity develop secure design complemeted with instructions for secure operations. However, aircraft safety will only be achieved if the instructions for secure operations are properly implemented into operations procedures and rigorously applied.
Improving aircraft passenger experience includes offering online connectivity such as WIFI or 4G, using the aircraft SATCOM, extended IFE contents, with media servers and frequent updates, or accommodating passengers’ own devices.
Improving productivity of operations includes electronic distribution of software, extended use of EFB, cabin crew tablets, digital flight operation using wireless airport connections, or Flight Data Monitoring.
The functions and systems needed to offer these e-enabling services come with a price: network connections, in particular wireless, introduce vulnerabilities that can be exploited and could put aircraft safety at risk. In order to address these risks, Certification Authorities have established special conditions for aircraft developments and STC applications.
Following industry standards, such as DO-326A and DO-356A, security risk analyses were conducted leading to aircraft and system security architectures able to counter the induced security threats. However, even the most secure aircraft, if not operated properly, will be vulnerable. This is the reason for which, the aircraft design is complemented with instructions for secure operations.
Applicable regulations mandate that the operators apply the Design Approval Holder Instructions for operating an aircraft, including the instruction for secure operations. To be more explicit, the FAA requires the application of an “Aircraft Network Security Program” through AC 119-1. Industry standard DO-355, provide guidance for information security aspects of continued airworthiness.
The main aspects to be addressed include:
- Airborne Software and Data Loading
- Network Access Points
- Ground Support Equipment and Information Systems
- Digital Certificates and Public Key Infrastructure
- Risk Assessment
- Organization / Personnel / Training
- Suppliers / Parts
- Incident Management
The road to secure operations
E-enabled aircraft are aircraft, which were certified with special conditions related to data security. Examples of such aircraft are the most recent aircraft types, but also older aircraft types modified with additional network infrastructure aimed at improving flight operations and maintenance.
For airlines, which decide to operate e-enabled aircraft, the road to secure operations may be challenging:
- Gaps in the existing processes and procedures regarding the satisfaction of security requirements specified in the e-enabled aircraft operation security instructions and related guidance must be identified. The scope of this gap analysis cannot be limited to the direct interactions with the aircraft. It needs to address also the related airline information systems and, possibly, that of suppliers. This effort can benefit from a systematic security risk analysis based e.g. on the ISO/IEC 27005 standard.
- Filling the gaps may involve the elaboration of procedures to meet the applicable guidance objectives. The procedure may be built upon existing information systems infrastructure. These procedures must be properly documented in the context of the Aircraft Network Security Program (ANSP).
- In some cases, the existing information system infrastructure may be lacking key feature which will need to be implemented: Public Key Infrastructure (PKI), Virtual Private Network (VPN) Access Control, Integrity Protection …
- Putting in practice the ANSP procedure involves training the teams and auditing their application on a regular basis.
- When activities in relation with security are subcontracted, suppliers will need to be audited to assess their ability to meet the required objectives.
- Airworthiness Security Process Specification, EUROCAE ED-202A, RTCA DO-326A (June 2014),
- Airworthiness Security Methods and Considerations, EUROCAE ED-203A, RTCA DO-356A (June 2018),
- Information Security Guidance for Continuing Airworthiness, EUROCAE ED-204, RTCA DO-355 (June 2014),
- Airworthiness and Operational Authorization of Aircraft Network Security Program (ANSP), FAA AC 119-1 (Sept. 2015),
- Information technology - Security techniques - Information security risk management, ISO/IEC 27005 (July 2018).
Author: Philippe Robert, System design Assurance & Certification Engineer, PMV Consulting & Services