We are pleased to announce the publication of ER-039 “Report on Aviation Data Security”.

ER-039 Report on Aviation Data Security consists of three main sections. First is to define an aviation focused data security life cycle. Second is to develop an aviation data security framework for regulatory and standards groups to utilize to create aviation security objectives. Third is to provide recommendations on sufficient security measures for airborne software.

For individuals who participate in regulatory and standards organisations, the intent of the framework defined in CHAPTER 3 is to allow users to capture minimum and consistent security objectives for data protection within the aviation ecosystem. Misuse of aviation data might lead to information security threats including impacts to human and equipment safety. The framework is meant to be utilised for new and existing data types or constructs to provide effective security and assurance for the data.
For individuals who need to secure airborne software, a list of recommendations is provided for the scope defined in Section 4.2. The recommendations are not a formal means of compliance (MOC).

A heartfelt thank you to the dedicated members of WG-72 Aeronautical Systems Security — chaired by Alain Combes (Airbus) and Nikita Johnson (Rolls-Royce) — and to our partners at RTCA SC-216 for their outstanding work and collaboration.

You can download the document here.