IT Security Management of Aircraft in Operation: A Manufacturer's View 2011-01-2717

Over the last few years, IT systems have quickly found their way onboard aircrafts, driven by the continuous pursuit of improved safety and efficiency in aircraft operation, but also in an attempt to provide the ultimate in-flight experience for passengers. Along with IT systems and communication links came IT security as a new factor in the equation when evaluating and monitoring the operational risk that needs to be managed during the operation of the aircraft. This is mainly due to the fact that security deficiencies can cause services to be unavailable, or even worse, to be exploited by intentional attacks or inadvertent actions.

Aircraft manufacturers needed to develop new processes and had to get organized accordingly in order to efficiently and effectively address these new risks. To achieve this, the operational constraints of the aircraft needed to be taken into consideration since classical incident response and patching principles do not apply to the administration of aircraft systems. The next step was then to identify the factors (i.e. security events) that could impact the accepted security risk level when the aircraft systems are in-service.

Three processes were defined in order to perform a holistic security management: implementation vulnerability management, security audit management and security incident management. These three processes grouped under the term “operational security management” have the sole objective to continuously and timely inform the risk owner of the security level of the aircraft system and hence enable him to formally accept the risk or launch actions to reduce the risk in order to minimize the impact on aircraft in operation. For this purpose, a tool was developed to collect and manage the information related to the three processes in a timely manner while adhering to existing standards. The tool also provides traceability of the decisions taken to address identified risks.