DO-326A and ED-202A: An Introduction to the New and Mandatory Aviation Cyber-Security Essentials C1949

Topics: Quality, Safety & Maintenance

The international standards D-326A (U.S.) and ED-202A (Europe) titled "Airworthiness Security Process Specification" are the cornerstones of the "DO-326/ED-202 Set" and they are the only Acceptable Means of Compliance (AMC) by FAA & EASA for aviation cyber-security airworthiness certification, as of 2019. The "DO-326/ED-202 Set" also includes companion documents DO-356A/ED-203A: "Airworthiness Security Methods and Considerations" & DO-355/ED-204: "Information Security Guidance for Continuing Airworthiness" (U.S. & Europe) and ED-201: "Aeronautical Information System Security (AISS) Framework Guidance" & ED-205: "Process Standard for Security Certification / Declaration of Air Traffic Management / Air Navigation Services (ATM/ANS) Ground Systems“ (Europe only).

This two-day seminar will introduce attendees to industry best practices for real-world aviation cyber-security risk-assessment, development & assurance. This seminar presents the information necessary to help minimize DO-326/ED-202-set compliance risks and costs, while also optimizing cyber-security levels for the development, deployment & in-service phases. The instructor will guide attendees through topics such as aircraft security aspects of safety, systems-approach to security, security planning, the airworthiness security process, and security effectiveness assurance. The entire ecosystem of aviation avionics software development will be revisited to include the DO-326/ED-202-Set as a new, integral member of the "classic" safety-oriented development process including the SAE standards ARP-4761 for Safety & ARP-4754A for Systems Development, and software & hardware development standards DO-178C & DO-254, respectively.

Learning Objectives

By attending this seminar, you will be able to:

  • Combine IT & OT cyber-security definitions, methods & considerations and relate them to aviation
  • Identify the background, references & processes that conceived the DO-326/ED-202-set and keep updating it, & the components & inter-relations of which it comprises
  • Integrate the DO-326/ED-202-set into the avionics development & certification processes
  • Apply DO-326/ED-202-set components, processes, steps, activities & objectives
  • Devise practical cyber-security certification strategies for avionics initial Airworthiness, modifications, COTS/pre-certified items selection and continued airworthiness
  • Prepare for upcoming FAA/EASA Aviation cyber-security mandates & recommendations.

Who Should Attend

It is recommended that attendees have at least a college degree in a technical area along with a basic understanding of software or IT. To gain full benefit, it is recommended that attendees have at least some basic knowledge of safety-related airworthiness certification of avionics.

You must complete all course contact hours and successfully pass the learning assessment to obtain CEUs.

  • Course Overview & Introduction 
  • Cyber-Security Essentials: From a DO-326/ED-202-Set Point Of View
    • Cyber-Threats Definitions
    • Cyber-Threats Modus Operandi
    • Cyber-Security Fundamentals
    • Cyber-Physical-Systems' Security
  • Aviation Cyber-Security: The DO-326/ED-202-Set
    • The Status, Context, Background & References of the DO-326/ED-202-Set
    • The DO-326/ED-202-set Structure, Contents and Relations to the ARP-4754 "Regime"
    • ED-201: "Aeronautical Information System Security (AISS) Framework Guidance"
  • The DO-326/ED-202-Set "Core"
    • DO-326A/ED-202A & DO-356A/ED-203A: "Airworthiness Security Process Specification" & "Airworthiness Security Methods & Considerations"
    • The Airworthiness Security Process Steps
  • In-Service Cyber-Security
    • DO-355/ED-204: "Information Security Guidance for Continuing Airworthiness"
    • Aircraft, Ground Equipment, Generic InfoSec, Organizational & Personnel Aspects
    • Security Events/Incidents Management
  • ATM/ANS Cyber-Security Certification
    • ED-205: "Process Standard for Security Certification / Declaration of Air Traffic Management / Air Navigation Services (ATM/ANS) Ground Systems"

  • DAY ONE Review
  • The Airworthiness Security Process In-Depth: Steps, Activities & Objectives
    • Cyber-Security Plan for Certification
    • Security Risk Assessment Process
    • Security Development Process
    • Cyber-Physical-Systems' Security
  • Security Effectiveness Assurance
    • DO-356A/ED-203A: "Airworthiness Security Methods and Considerations"
  • Cyber-Security for Development-Supplements
    • Modifications
    • COTS & Previously-Certified Systems
  • Summary & Conclusion
Aharon David

Since 1981, Mr. Aharon David has worked in engineering of software and systems avionics, including junior-to-senior technical management positions. Among other duties, Mr. David served as the commander of the Israeli Air Force's Avionics & Control Software-development Center (ACSC) and head of System-Engineering & Interoperability of the Israeli Missile Defense Organization (IMDO) – and along the way developed, taught & commanded technical courses in the US and Israel, and was a speaker at international technical conferences . In recent years, Mr. David has been a senior advisor to the Civil Air Authority of Israel (CAAI), specifically on software certification and recently – aviation Cyber-Security. Mr. David is currently a member of both RTCA's SC-216 & EUROCAE's WG-72 "Aeronautical Systems Security“, and is the Chief WHO (White Hat Officer) of AFuzion-InfoSec, providing Aviation Cyber-Security Certification training & consulting services worldwide. Mr. David holds a BSc in Aerospace Engineering from the Technion –Israel's Institute of Technology, and an MBA from the Tel-Aviv University.

Duration: 13 Hours
CEUs: 1.3

Format: Virtual

Event ID: 7300

Location: Live Online

Session Info:

  • Session 1 - December 5 (11:00 a.m. - 3:00 p.m. ET)
  • Session 2 - December 6 (11:00 a.m. - 3:00 p.m. ET)
  • Session 3 - December 7 (11:00 a.m. - 3:00 p.m. ET)
  • Session 4 - December 8 (11:00 a.m. - 3:00 p.m. ET)
    4 Sessions

  • Fees: $1,299.00

    Members save up to 10% off list price.
    Log in to see discount.

    If paying by any other method or if you have general questions, please contact SAE Customer Service.