Home' RTCA Documents for Review : DO-356A Contents 89
© RTCA, 2018
SECURITY EVENT LOGGING
SECURITY LOGGING AND NOTIFICATIONS
Monitoring of the condition of the security measures is essential to ensuring that aircraft
will continue to be secure. Monitoring includes:
Maintenance messages (not alerts) to maintenance crew
Security Logging of Events
Security attacks can be complex and frequently attempt to mimic intended functions.
When there are positive indications of a possible attack, security logging is required to
provide necessary additional information to establish the nature and extent of the attack
and its effects.
In an office or similar IT environment, the failure of a security function would result in
audit logging of the event. At some future point in time, the audit log would be reviewed
and action taken to repair the failure. During that time, the failure response is usually to
disable the security function capability. In the IT environment, the security of the system
is paramount. However, in the aircraft environment, the response is not as simple.
Architectures that separate domains of the aircraft such as flight controls from
passengers can tolerate this response since they are designed so that passengers have
no required effect on flight controls. But failures that prevent necessary systems from
communicating with other systems, such as navigation and flight controls cannot be as
easily accepted. In addition, maintenance messages may help maintenance personnel
to determine what actions they should perform to fix abnormal system conditions.
The design of the system should account for possible failures in security measures and
the associated responses due to external attacks. In all cases, the safety of the aircraft
should be designed into the system, such that safety is never compromised by a
response to an attack. Failures of security measures should not be allowed to impede
the communication of important systems, such as navigation and flight controls.
Security events that cause a safety effect should alert flight crews in accordance with
guidance provided by AC 25.1322-1 and related documents. If a security event or
malfunction occur, the flight crew should be alerted to the safety effect, and should be
made aware of what remaining resources and/or assets to maintain safety of flight.
Maintenance messages may be issued to give a fail/safe status and/or when a
maintenance action may be necessary, in response to security events. The Minimum
Equipment List, Aircraft Maintenance Manual, Line Maintenance Manual or other
appropriate location should document the conditions (if any) under which the
maintenance actions may be deferred, and for how long.
Security logging is one component of the larger incident management activities which
may include other processes, procedures and information to manage security events
(See section 2.5 on Continuing Airworthiness). Further, incident management is a sub
component of a larger activity to ”Maintain Product Security” which may include activities
such as technical and procedural change management, vulnerability management and
Security log entries, information, and their interpretation are highly dependent on the
design particulars of the aircraft. The DAH should, in the Security Guidance, define the
different types of security log events and entries and their interpretation, to enable
operators to periodically audit and analyze the security logs for possible security events
and incidents (see section 6.2). The events should cover airworthiness-related event
investigations, with the possibility of extending their purpose to include support for
Links Archive Navigation Previous Page Next Page