Header Background Image
Home
Services
By Discipline:
Systems Engineering
System Safety & Reliability
Software Development
Product Security
Information Security
Space Mission Assurance
Simulation
Certification
By Application:
UAS
Rotorcraft
Large Aeroplanes
Space
VTOL
General Aviation
(H)EPS
Organisations
Team
FAQ
Contact
Home
Services
Team
FAQ
Contact
Product Security

The Cyber Security regulations, e.g., as laid down in AMC 20-42 from EASA, concern themselves with showing that the security is sustained even under cyber-attacks on products and is good enough as not to have an unacceptable effect on safety. In contrast, the information security regulations address the organizational aspects of security.

Accepted industry standards (EUROCAE/RTCA ED-202B/DO-326B, ED-203A/DO-356A and ED-204A/DO-355) are the guideline for implementing product cyber security.

IDA can support you with the successfully adaptation of these standards in your organization or project.

Process Support, Plan Creation, and Training
Process Definition Support
IDA can support you for setting up the necessary processes in your organization and/or project that are tailored to your setup and situation. These processes will be compliant with the requirements from ED-202B, using methods following the suggestions in ED-203A. Also, the Continued Airworthiness of your products will be incorporated in the processes (ED-204A). As the concrete definition of processes always depends on the environment, the role of your organization, we can support with our experience to define processes that are tailored to your needs, efficient for your organizations and useable in practice. Templates for the artefacts needed, e.g., PSecAC or SSD document, can be provided as well.
PSecAC Creation Support
The Plan for Security Aspects of Certification (PSecAC) is the central document for the cyber security aspects for a product, defining or referencing the activities to be performed, interfaces, with stakeholders, how compliance is to be shown, etc. IDA can support you in creating this document and also the accompanying PSecAC Summary document in the course of the product development.
Training Support
Security, very much like Safety as well, depends on well trained and aware personnel to work. IDA can support you by providing training, covering the Cyber Security topic in general, the applicable standards in more depth and the process defined by us for your organization in detail.
Consulting and Checking
Consulting for Cyber Security

Often, another pair of eyes to “have an unbiased look” is valuable, either to get knowledge into the organization or to have a second opinion to benchmark an existing process or implementation. We can support you at any stage of your cyber security voyage:

  • Before the start of a concrete project to help you decide what and how to implement cyber security for your organization
  • During the early phases of a project to perform gap analyses of your existing processes and methods, advice on what to emphasize for the concrete project
  • When problems arise later in the project to help you find the most efficient solution to get the project completed
Reviewing Support
IDA can also help you in reviews of processes and artefacts for the cyber security aspects of your project or organization. By having an external entity performing the reviews you can avoid having to provide independent internal resources for these activities.
Audit Support
IDA experts have been acting as Compliance Verification Engineers (CVEs) in previous roles, implementing the independent checking function of Part 21 for Design Organizations. We can support your organization in this capacity as well, not only with the final check of artefacts before they go to EASA, but also with advice and discussion towards this during development.
CVE Activity
IDA can also provide for your Design Organization a Compliance Verification Engineer (CVE), who can fulfil the independent checking requirement from Part 21 for your DO. This enables you to compensate short-term or long-term competence bottle necks in your DO for this specific topic.
Engineering, Implementation Support

IDA can also support you in the development activities related to cyber security.

Security Scope Definition (SSD)
IDA can perform or contribute to the SSD at both A/C and system level, tailored to the tools used in your environment.
Security Risk Assessment (SRA)
IDA can perform or participate in the SRA at both A/C and system level, using the specific tools used in your organization to record the assessment results. This includes the determination of safety impacts of threats and the assignment of a Security Assurance Level.
Security Development

IDA can perform or participate in all of the Security Development activities:

  • Security Architecture
  • Security Measures
  • Security Guidance (resulting in Integrator or Operator Guides)
  • Security Verification: including function tests of technical measures and vulnerability tests (e.g., penetration tests)
Security Assurance
Unlike classical development, the security development has not only to assure that the implementation (e.g., of defined security measures) does what it should, but also assess if all the measures, architecture, etc. result in an adequate level of security. IDA can support you with both aspects of the Cyber Security development.