WHITEPAPER

Cybersecurity in the Air:

Addressing Modern
Threats with DO-326A
 Introduction

Not long ago, getting on an airplane meant being largely out of touch with
everyone on the ground for the duration of one’s flight. Of course, there
were in-flight telephones for those who could afford them, and pilots could
connect with personnel on the ground in case of emergency, but the rank-
and-file passenger had limited options for connecting with the world
outside the aircraft.

The 21st century has changed flying from a largely isolated endeavor that exists in a closed loop
to one that integrates with ground systems through the miracle of the Internet. For travelers who
want to enjoy their own personal entertainment options, conduct business, or take advantage of
downtime to do online shopping, accessing the Internet during a flight is a tremendous boon. For air
freight carriers and their customers, Internet connectivity improves visibility and streamlines supply
chains with better real-time information.

jamasoftware.com Cybersecurity in the Air: Addressing Modern Threats with DO-326A | 2

 Introduction
INTRO DUCT I ON

Of course, the advantages of connectivity come with

disadvantages as well. The more airborne systems are
interconnected with the broader Internet, the more
vulnerable systems are to hacking. In 2015, a researcher
was kicked off a United Airlines flight after tweeting
about security vulnerabilities; the researcher claimed
to have accessed in-flight networks multiple times
between 2011 and 2014, including one time when he
allegedly commandeered the plane. In 2016, the US
Department of Homeland Security hacked the system of
a Boeing 757 using “typical stuff that could get through
security.” And in 2022, Boeing announced a software
update to repair a vulnerability that could allow hackers
to modify data and cause pilots to miscalculate landing In order to create the
and take-off speeds.
safest, highest quality
Aviation cybersecurity has become a critical issue vehicle, REGENT
across the globe. Not only do millions of passengers knew that they must
depend on airlines to get them safely from point A to
implement a world-class
point B every day, but manufacturers, shipping services,
and militaries rely on aircraft systems to support supply
development process.
chains and execute missions. Cyberattacks have See how Jama Connect®
skyrocketed since the onset of the COVID-19 pandemic; plays a key role in that
a 2022 report found a 140% increase in cyberattacks process.
against industrial operations — including four attacks
that caused flight delays for tens of thousands of
passengers.
Read more »

Clearly, aviation systems can be vulnerable to malicious

actors. For developers and manufacturers in the aviation
industry, DO-326A provides compliance guidelines to
address the vulnerabilities of avionics systems.

jamasoftware.com Cybersecurity in the Air: Addressing Modern Threats with DO-326A | 3

 What is DO-326A?

Known as the “Airworthiness Security Process Specification,” DO-326A

(and its European counterpart, ED-202) is the aviation cybersecurity
standard developed jointly by the Radio Technical Commission for
Aeronautics (RTCA) and the European Organisation for Civil Aviation
Equipment.
The original edition, DO-326, was issued in 2010; its revised version, DO-326A, was issued in 2014.
The standard became mandatory in 2019.

The DO-326A/ED-202A set focuses primarily on how to prevent malware that can infect avionics
systems during both development and flight operations. A cyberattack on these critical systems can
impact how the aircraft works and potentially endanger operators and passengers. DO-326A/ED-
202A describes the Airworthiness Security Process that one should follow.

jamasoftware.com Cybersecurity in the Air: Addressing Modern Threats with DO-326A | 4

 What is Airworthiness/Airworthiness Security Process?

“Airworthiness security” involves protecting an aircraft from intentional

unauthorized electronic interaction, including malware, ransomware, and
other cyber threats.
The Airworthiness Security Process (AWSP) is intended to establish that aircraft will remain safely
operable if it is subjected to unauthorized interaction.

DO-326A outlines the Airworthiness Security Process in seven steps:

1. Plan for Security Aspects of Certification (Aircraft Level Planning/System Level Planning)
2. Security Scope Definition (Threat Assessment Process)
3. Security Risk Assessment (Threat Assessment Process)
4. Decision Gate (Threat Assessment Process)
5. Security Development (Definition of Security Measures and Requirements)
6. Security Effectiveness Assurance (Verification and Validation of Security Measures and
Requirements)
7. Communication of Evidence (PSecAC Summary Reporting)

Check out our webinar

“Verifying Security in a Safety Context:
Airworthiness and DO-326A/DO-356A”
for a more detailed review of the
Airworthiness Security Process.

jamasoftware.com Cybersecurity in the Air: Addressing Modern Threats with DO-326A | 5

 Why Did the Aviation Industry Need Another Safety Standard?

In the past, avionics existed in essentially a “closed loop” technologically.

Previous safety specifications focused on safety standards that did not
include intentional unauthorized electronic interaction.
The advent of airborne internet availability and the proliferation of consumer devices such as smart
phones, tablets, and laptops that can access the Internet in the air mean that developers and
manufacturers need to consider potential malicious attacks — either from passengers onboard the
aircraft or from actors on the ground. With cyberattacks on the rise and malicious actors infecting
critical infrastructure with ransomware, protecting avionic equipment from these intentional
unauthorized interactions has become a critical safety issue.

DO-326A was developed to address both consumer technology, such as in-flight WiFi or in-flight
entertainment, and emerging avionics systems and technologies, such as navigation systems or
engine controls that could be accessed electronically. While other safety specifications do cover
hardware and software systems, DO-326A specifically addresses cybersecurity issues, such as
malware, ransomware, and other intentional attempts to interfere with avionics.

Anyone involved in developing or deploying new avionics must show a thorough exploration of all
cybersecurity threats and demonstrate that the technology includes safety measures to address
these threats. Thorough requirements management and traceability from initiation to implementation
of any avionic system is key to demonstrating compliance with DO-326A.

jamasoftware.com Cybersecurity in the Air: Addressing Modern Threats with DO-326A | 6

 How does DO-326A differ from other guidance,
such as DO-178, ARP4754, and DO-254?

While previous avionics safety specifications such as DO-178, ARP4754,

and DO-254 addressed other hardware and software issues, including
some issues of information security, they did not address intentionally
unauthorized electronic interactions.
In fact, DO-178 and ARP4754 deliberately defined “events” as those originating apart from the
aircraft, such as atmospheric conditions, bird strikes, and even cabin fires. The guidance in these two
standards did not cover hacking, tampering, or sabotage from malicious actors.

DO-326A does not replace other standards, but rather works alongside other safety specifications
that concern hardware and software to provide comprehensive guidance across all avionics systems.

DO-326A defines “intentional unauthorized electronic

DO-326A defines “intentional unauthorized
interactions” as:
electronic interactions” as:
… human-initiated actions with the potential to affect the
…human-initiated
> actions with the potential to affect the aircraft
aircraft due to unauthorized access, use, discloser,
due to unauthorized access, use, discloser, denial, disruption,
denial, disruption, modification, or destruction of
modification, or destruction of electronic information or
electronic information or electronic aircraft system
electronic aircraft system interfaces. This definition includes the
interfaces. This definition includes the effects of
effects of malware on infected devices and the logical effects of
malware on infected devices and the logical effects of
external systems on aircraft systems, but does not include
external systems on aircraft systems, but does not
physical attacks or electromagnetic jamming.
include physical attacks or electromagnetic jamming.

jamasoftware.com Cybersecurity in the Air: Addressing Modern Threats with DO-326A | 7

 Who and what does DO-326A apply to?

Before 2019, DO-326A was considered an acceptable means of compliance

(AMC) for aircraft, engines, rotorcraft, and propellers. By Q3 2019, DO-326
and its European counterpart ED-202 became the standard for all aircraft
and aircraft components from planning to decommissioning. DO-326A
covers general aviation, fixed-wing aircraft, rotorcraft, engines, and
propellers.
DO-326A impacts anyone involved in aviation system development and production, including aerospace
equipment manufacturers, developers and producers of aerospace platforms, design engineers,
quality assurance specialists, and certification personnel, among others. Given the potential for loss of
reputation, property, and even human life, all aviation stakeholders should remain updated on DO-326A
and any future cybersecurity regulations or guidance.

One important note: As of April 2022, DO-326A did not apply to

military aircraft. However, any stakeholders involved in developing
military aircraft systems should be familiar with DO-326A as it
may eventually extend to military avionics.

jamasoftware.com Cybersecurity in the Air: Addressing Modern Threats with DO-326A | 8

 How can Jama Connect help meet
compliance standards for DO-326A?

In the aerospace industry, failure is not an option. When everything from the fabric of the airline seat
to the electronics that govern the airplane engines must meet regulatory safety standards, the sheer
volume of record-keeping can be overwhelming. If requirements aren’t managed properly, product
teams, engineers, software developers, and anyone developing systems for the aviation industry runs
the risk of failing to meet compliance standards.

Jama Connect® for Airborne Systems powers the future of aerospace with solutions designed specifically
for the unique needs of the industry. Through Live Traceability™, the Jama Connect solution gives anyone
on the product team insight into the most up-to-date, complete information for any requirement — no
matter the stage of development or how many siloed tools and teams it spans.

Jama Connect for Airborne Systems provides the means to manage security and safety analyses,
security requirements, and managing the bi-directional traceability to verification and validation activities
in a fully auditable and reportable manner across the entire development lifecycle. Our Airborne Systems
Solution has a traceability data model ready to use that aligns with DO-326A. Jama Connect is trusted by
five of the top ten aerospace companies worldwide and eight of the top ten space launch companies.

In this increasingly interconnected world, cybersecurity has become a critical concern for almost every
industry. For the aviation industry, the stakes are especially high. One malicious attack could cause
anything from a schedule delay that impacts company reputation to physical harm to people and
property, disruption of supply chains, or even damage to international relationships. With guidance from
DO-326A and tools from Jama Software®, designers, developers, and manufacturers can rest assured
that their systems and products will meet compliance standards and keep passengers and cargo
protected from malicious attacks.

To learn more about Jama Connect

for Airborne Systems and the Airborne
Systems Template, contact us at
jamasoftware.com/trial

jamasoftware.com Cybersecurity in the Air: Addressing Modern Threats with DO-326A | 9

Jama Software® is focused on maximizing innovation success in multidisciplinary engineering organizations.
Numerous firsts for humanity in fields such as fuel cells, electrification, space, software-defined vehicles,
surgical robotics, and more all rely on Jama Connect® requirements management software to minimize the
risk of defects, rework, cost overruns, and recalls. Using Jama Connect, engineering organizations can now
intelligently manage the development process by leveraging Live Traceability™ across best-of-breed tools to
measurably improve outcomes. Our rapidly growing customer base spans the automotive, medical device,
life sciences, semiconductor, aerospace & defense, industrial manufacturing, consumer electronics, financial
services, and insurance industries. To learn more, please visit us at jamasoftware.com.