The U.S. Federal Aviation Administration (FAA) has issued a draft Advisory Circular that outlines an Aircraft Network Security Program (ANSP) for security standards affecting data systems on new, modified and “re-enabled” aircraft.

The FAA says the program is intended for an aircraft with wireless communication technology that exchanges information with various “critical and non-critical aircraft systems” as well as outside systems.

The FAA says that previous aircraft designs used aviation Aeronautical Radio Inc. (ARINC) 429/629 or Military Standard (MIL-STD) data buses to connect flight critical avionics systems. Current designs have adopted Transmission Control Protocol (TCP)/Internet Protocol (IP) connectivity to capitalize on speed and weight savings. TCP/IP can be found not only in new aircraft designs but also in post-delivery modifications.

The FAA says a major benefit of TCP/IP is the ability to move data to and from the aircraft without the use of standard storage media. The types of data transmitted can range from customer profile, in-flight entertainment, navigation and aircraft health monitoring.

However, FAA says a “real threat exists” that may be intentional or unintentional with a detrimental effect on system performance. These effects may range from reduced performance, denial of service, or criminal activity.

Developing an ANSP will require preventing unauthorized external access to aircraft networks, identification and assessment of security threats, prevention of inadvertent or malicious changes to aircraft networks and prevention of unauthorized access by onboard sources, the FAA says.

To contact the author of this article, email