DO-326A / ED-202A Training: Aviation Cyber Security

In this Basic 2-Day onsite / 3-4-Day online training course on aviation cyber-security via the DO-326/ED-202-set, attendees receive a basic course on the new “DO-326/ED-202 security ecosystem” of emerging aviation cyber security regulations.

The DO-326/ED-202-set of documents is all about the mitigation of the aviation/aircraft safety effects of “Intentional Unauthorized Electronic Interaction (IUEI)”, a.k.a. “Cyber Threats”, which were explicitly excluded from the classic DO-178C/ED-12C/ARP4754A set.

DO326A/ED202A & DO-356A/ED-203A focus on type certification during the first three phases of an aircraft (including avionics) type: 1) Initiation, 2) Development or Acquisition, and 3) Implementation. Their companions DO-355/ED-204 focus on security for continued airworthiness.

DO-326A/ED-202A currently has 5 (three) companion documents: ED-203A/DO-356A, ED-201A/DO-391, ED-204A/DO-355A, ED-206/DO-392 and ED-205A/DO-393. The DO-326/ED-202-set provides requirements and objectives in a similar fashion to DO-178C, DO-254, and ARP4754A; as certification authorities already assess DO-326A compliance as added requirements for aviation suppliers.  The DO-326/ED-202-set is already officially required by EASA for currently applies to fixed-wing aircraft CS25), general aviation (CS23), rotorcraft (CS27 and CS29), engines (CS-E/part-33) and propellers (CS-P/part-35), and the FAA is poised to follow suit in 2022 – in the meanwhile making large parts of it mandatory in a gradual multi-year process. There are already DO-326/ED-202-set applications for the Defense/Aerospace sector, including UAS.

AFuzion’s training has been provided to over 25,000 aviation engineers from 1,000 companies in 35 countries; more than all other trainers in the world combined. Brief summary below; contact us at info@afuzion.com for more free information.

KEY FEATURES of AFuzion’s DO-326/ED-202-set Basic Training Classes:

• Top-level acquaintance with Information-Security/Cyber-Security in general
• Cybersecurity aspects of Operational Technology (OT) / Cyber Physical Systems (CPS)
• The uniqueness of “Aviation Cybersecurity”, Aircraft Systems Information Security Protection (ASISP)
• Origins of Cybersecurity standards & regulation
• The road to ED-202/DO-326: “Security as a Safety Aspect”
• The development process of the entire “ED-202/DO-326 set”, rationale behind the documents & relations with DO-178C/ED-12C, “feeding” Security into Safety through SAE ARP 4754B / 4761A
• Initial acquaintance with the documents:

– ED-201A/DO-391: Aeronautical Information System Security (AISS) Framework Guidance
– ED-202A/DO-326A: Airworthiness Security Process Specification
– ED-203A/DO-356A: Airworthiness Security Methods and Consideration
– ED-204A/DO-355A: Information Security Guidance for Continuing Airworthiness
– ED-206/DO-392: Guidance on Security Event Management
– ED-205A/DO-393: Process Standard for Security Certification/Declaration of Air Traffic Management/Air Navigation Services (ATM/ANS) Ground Systems

• The Airworthiness Security Process explained: Certification considerations, Risk Assessment, Security Architecture & Measures and Security Assurance
• Applications for Field Loadable Software (FLS), COTS equipment, In-Flight Entertainment (IFE) systems, Electronic Flight Bags (EFBs), Aircraft Information Security Program (AISP), Security Incident Management and more
• Where does current regulation stand: Mandatory regulation, EASA AMC 20-42 Acceptable Means of Compliance, Policy-Statements, Aircraft/Avionics Certification, Special Conditions and more
• Where do we go from here – the expected regulatory landscape for the next years, mainly at FAA/RTCA & EASA/EUROCAE

WHO:

Attendees may include managers, engineers, quality assurance, certification personnel – as well as aircraft manufacturers, operators, maintainers, service providers and other aviation stakeholders, who need to prepare for Cyber-Security regulatory compliance of their aircraft/systems/organizations.

Why Training All Team Members Is Recommended:

1. Holistic Responsibility: Cybersecurity is not confined to specific roles or departments; it affects systems engineering, software development, hardware design, maintenance, and operations. Training ensures all team members understand their specific responsibilities and the overarching cybersecurity objectives.
2. Compliance and Integration: DO-326A emphasizes risk management and the need for a coordinated effort across disciplines. Proper training ensures that all participants understand their roles in maintaining compliance and integrating cybersecurity considerations into their work.
3. Threat Awareness: Cybersecurity threats can arise at any stage of development or operation. Training equips team members with the knowledge to identify and mitigate risks early in the process.
4. Communication and Collaboration: Certification processes often require detailed documentation, cross-team collaboration, and adherence to rigorous standards. Training fosters a shared understanding and language across teams, reducing misunderstandings and streamlining efforts.
5. Lifecycle Focus: DO-326A covers the entire lifecycle, including development, production, maintenance, and decommissioning. Training ensures that cybersecurity principles are upheld consistently across these phases.

To Request Training Info plus free samples, please submit the following (* = Required; request rejected if * not completed):