An Effective Approach to Meeting the Challenges of RTCA DO-326A

摘要

RTCA's DO-326A describes a Security Airworthiness Process that aligns the security process to the safety process with the intent of identifying the impact of malicious cyber security attacks on the safety of an airborne system. Dstl have developed an incremental process for the engagement with stakeholders such that available supporting evidence to the DO-326A objectives can be identified and reasoned with. Specifically, the process defines an approach to utilise pre-existing security evidence from alternative security engineering processes, and exploits the Goal Structuring Notation (GSN) to store and explain the argument as to whether an acceptable means of compliance can be determined based on the available evidence. Key to the value of this work is the ability to identify any fundamental shortfalls in meeting the intent of DO-326A, that is, in addressing the challenge of security-informed safety. By systematically assessing the potential for existing evidence to meet some or all of DO-326A, the dialogue with stakeholders can be focussed to the development of mitigations where it is required.