DO-326A / ED-202A Training: Aviation Cyber Security

In this Basic 2-Day onsite / 3-4-Day online training course on aviation cyber-security via the DO-326/ED-202-set, attendees receive a basic course on the new “DO-326/ED-202 security ecosystem” of emerging aviation cyber security regulations.

The DO-326/ED-202-set of documents is all about the mitigation of the aviation/aircraft safety effects of “Intentional Unauthorized Electronic Interaction (IUEI)”, a.k.a. “Cyber Threats”, which were explicitly excluded from the classic DO-178C/ED-12C/ARP4754A set.

DO326A/ED202A & DO-356A/ED-203A focus on type certification during the first three phases of an aircraft (including avionics) type: 1) Initiation, 2) Development or Acquisition, and 3) Implementation. Their companions DO-355/ED-204 focus on security for continued airworthiness.

DO-326A/ED-202A currently has 5 (three) companion documents: ED-203A/DO-356A, ED-201A/DO-391, ED-204A/DO-355A, ED-206/DO-392 and ED-205A/DO-393. The DO-326/ED-202-set provides requirements and objectives in a similar fashion to DO-178C, DO-254, and ARP4754A; as certification authorities already assess DO-326A compliance as added requirements for aviation suppliers.  The DO-326/ED-202-set is already officially required by EASA for currently applies to fixed-wing aircraft CS25), general aviation (CS23), rotorcraft (CS27 and CS29), engines (CS-E/part-33) and propellers (CS-P/part-35), and the FAA is poised to follow suit in 2022 – in the meanwhile making large parts of it mandatory in a gradual multi-year process. There are already DO-326/ED-202-set applications for the Defense/Aerospace sector, including UAS.

AFuzion’s training has been provided to over 25,000 aviation engineers from 1,000 companies in 35 countries; more than all other trainers in the world combined. Brief summary below; contact us at info@afuzion.com for more free information.

KEY FEATURES of AFuzion’s DO-326/ED-202-set Basic Training Classes:

• Top-level acquaintance with Information-Security/Cyber-Security in general
• Cybersecurity aspects of Operational Technology (OT) / Cyber Physical Systems (CPS)
• The uniqueness of “Aviation Cybersecurity”, Aircraft Systems Information Security Protection (ASISP)
• Origins of Cybersecurity standards & regulation
• The road to ED-202/DO-326: “Security as a Safety Aspect”
• The development process of the entire “ED-202/DO-326 set”, rationale behind the documents & relations with DO-178C/ED-12C, “feeding” Security into Safety through SAE ARP 4754B / 4761A
• Initial acquaintance with the documents:

– ED-201A/DO-391: Aeronautical Information System Security (AISS) Framework Guidance
– ED-202A/DO-326A: Airworthiness Security Process Specification
– ED-203A/DO-356A: Airworthiness Security Methods and Consideration
– ED-204A/DO-355A: Information Security Guidance for Continuing Airworthiness
– ED-206/DO-392: Guidance on Security Event Management
– ED-205A/DO-393: Process Standard for Security Certification/Declaration of Air Traffic Management/Air Navigation Services (ATM/ANS) Ground Systems

• The Airworthiness Security Process explained: Certification considerations, Risk Assessment, Security Architecture & Measures and Security Assurance
• Applications for Field Loadable Software (FLS), COTS equipment, In-Flight Entertainment (IFE) systems, Electronic Flight Bags (EFBs), Aircraft Information Security Program (AISP), Security Incident Management and more
• Where does current regulation stand: Mandatory regulation, EASA AMC 20-42 Acceptable Means of Compliance, Policy-Statements, Aircraft/Avionics Certification, Special Conditions and more
• Where do we go from here – the expected regulatory landscape for the next years, mainly at FAA/RTCA & EASA/EUROCAE

WHO:

Attendees may include managers, engineers, quality assurance, certification personnel – as well as aircraft manufacturers, operators, maintainers, service providers and other aviation stakeholders, who need to prepare for Cyber-Security regulatory compliance of their aircraft/systems/organizations.

To Request Training Info plus free samples, please submit the following (* = Required; request rejected if * not completed):