From IT concept to airworthiness reality modern aircraft are no longer isolated machines; they are highly networked systems. Interconnected architectures—avionics networks, SATCOM, maintenance interfaces, and flight-deck communications—support efficiency and operational capability but also introduce an additional hazard vector – Intentional Unauthorized Electronic Interaction (IUEI).
Regulators now increasingly treat cybersecurity not as a “privacy” or corporate IT issue, but as a design and airworthiness assurance concern.
Where digital interference could affect a safety-relevant function, it must be addressed within the certification and continued airworthiness framework.
Historically, safety engineering under frameworks such as CS-25 / 14 CFR § 25.1309 focused on random failures, environmental effects, and latent faults, using probabilistic models (e.g., 10⁻⁹ per flight hour for catastrophic conditions).
Cybersecurity does not fit cleanly into probabilistic safety modelling because threats are intentional rather than random, attack methods are adaptive and evolve faster than mechanical degradation and likelihood is difficult to quantify meaningfully in a traditional risk matrix.
EASA and the FAA now explicitly acknowledge that unauthorised electronic interaction can constitute an unsafe condition if it can affect safety-relevant systems.
The practical engineering objective can be expressed as:
Protect the integrity of Control,
Communication,
Configuration
such that no credible electronic path can lead to a hazardous or catastrophic aircraft-level effect.
The EASA Framework – AMC 20-42 and EASA ED Decision 2020/006/R amended certification specifications and associated AMC/GM to explicitly introduce cybersecurity considerations into the product certification framework.
For new type certificates and significant design changes, cybersecurity assessment is no longer just “good practice”; it is now part of the expected compliance evidence.
The primary technical instrument is AMC 20-42 (Airworthiness Information Security Risk Assessment), which establishes the expectation for a Product Information Security Risk Assessment (PISRA).
Engineers will increasingly encounter the following industry standards referenced in certification material:
ED-202A / DO-326A – Airworthiness security process (threat identification and risk assessment)
ED-203A / DO-356A – Methods and considerations for security architecture and verification
ED-204 / DO-355 – Guidance for managing security in continued airworthiness.
The practical implication – Applicants for TC, major change or STC approvals are now expected to provide documented evidence that cyber-related hazards have been identified and mitigated with traceability comparable to traditional system safety.
This is not “cyber paperwork”, but structured design assurance.
The FAA Landscape – from Special Conditions to Baseline Rules – the FAA has historically addressed cybersecurity primarily through Special Conditions applied to aircraft with novel or highly connected architectures (e.g., 787, A350), because the existing rules were written before such connectivity existed.
Two developments are now shaping the landscape
AC 119-1A provides an acceptable means for operators to implement an Aircraft Network Security Program (ANSP) for aircraft certified with security-related Special Conditions.Rulemaking direction.
In August 2024, the FAA issued a Notice of Proposed Rulemaking to establish baseline cybersecurity protection requirements for transport-category aircraft, engines, and propellers.
The intent is to reduce reliance on bespoke Special Conditions and move toward a more consistent regulatory baseline.
This represents an evolution in regulatory structure, not a sudden technical revolution.
Engineering Reality vs. IT Buzzwords – for engineers, aircraft cybersecurity is simply system safety thinking applied to intentional threats.
In practice, it translates into:
- Domain separation
- Logical or physical isolation between passenger domains (IFEC)
- Airline services
- Maintenance interfaces
- Safety-critical avionics
Controlled interfaces – Data flows (such as engine health monitoring) are permitted only through defined and verified interfaces with appropriate integrity and access control.
Lifecycle configuration management and ensuring that software updates, STCs, or operational changes introduced years later do not invalidate the original security assumptions made during certification.
This is not alien to engineers; it is a familiar discipline applied to a different threat vector.
Flight Operations Perspective (Cockpit and Line Reality) – cybersecurity certification provides pilots and maintenance personnel with assurance that architectural segregation exists.
A compromise of cabin Wi-Fi or passenger devices should not provide a credible path to safety-critical systems such as FMS or flight controls.
Data integrity is preserved and navigation database loading, software uploads and configuration changes rely on authenticated and controlled sources.
The human factor remains relevant:
- Flight crews and line maintenance are not “cyber defenders”, but they support the integrity of the certified system by adhering to approved procedures (e.g., using authorised data sources, respecting loading procedures, avoiding uncontrolled media).
- Impact on Legacy Fleets – They are not suddenly non-compliant, however, cybersecurity considerations increasingly become visible when:
- Connectivity is added (SATCOM, broadband, wireless routers)
- New external interfaces are introduced
- Major avionics modifications are approved via STC
In these cases, it is typically the modification itself that drives the need for cybersecurity assessment during the change approval process, either under AMC 20-42 (EASA) or through Special Conditions or equivalent FAA mechanisms.
Cybersecurity in aviation represents the integration of ED/DO security standards into the certification ecosystem, not a departure from established engineering principles.
For engineers, the implication is practical and concrete:Understanding how cybersecurity assumptions appear in certification data, STCs, ICA, and architecture decisions is now part of competent airworthiness practice.
The underlying engineering principles remain familiar, but the threat vector has expanded.
follow us on LinkedIn and check out our courses www.oat.aero or email in**@*at.aero for enquiries, hosting lms options and customised courses such as safety training.