NPA 2019-01

Aircraft cybersecurity

The objective of this Notice of Proposed Amendment (NPA) is to mitigate the potential effects of cybersecurity threats on safety. Such threats could be the consequences of intentional unauthorised acts of interference with aircraft on-board electronic networks and systems.

This NPA proposes amendments to CS-23, CS-25, CS-27, CS-29, CS-E, CS-ETSO, CS-P, and, as applicable to their related acceptable means of compliance (AMC)/guidance material (GM), together with AMC-20. The amendments would introduce cybersecurity provisions into the relevant certification specifications (CSs), taking into account the existing special conditions (SCs) and the recommendations of the Aviation Rulemaking Advisory Committee (ARAC) regarding aircraft systems information security/protection (ASISP).

The proposed amendments are expected to contribute to updating the EASA CSs to reflect the state of the art of protection of products and equipment against cybersecurity threats. They are also expected to improve harmonisation with the Federal Aviation Administration (FAA) regulations. Overall, they would improve safety, would have neither social nor environmental impact, and would have a neutral-to-positive economic impact.