Cyberfit to Fly: The Aircraft Information Security Program

With the rapid growth of aircraft connectivity, network systems, and automation, new vulnerabilities in aircraft information systems have emerged. Increasing reliance on information and communication technology makes aircraft information security vital.

An Aircraft Information Security Program (AISP) provides guidance to document, implement, and manage key elements of an operator’s information security policy with regards to aircraft digital information transfer and connectivity.

Design Approval Holder (DAH) Responsibilities

When existing certification rules don’t cover novel or unusual aircraft design features, authorities may issue Special Conditions (SCs) that become part of the Type Certificate. In information systems, SCs are typically triggered when systems connect to public or commercial networks, receive external data, and a failure could have a “major” or greater impact.

The Design Approval Holder (DAH) must identify affected systems, provide guidance to support the operator’s Aircraft Information Security Program, and include Instructions for Continued Airworthiness (ICAs) for onboard networks. ICAs aim to guide maintenance staff and flag security risks, though additional protections for ground systems and connected IT may require separate operator procedures.

Note: Under EASA rules, many aircraft network security requirements are now part of CS 25.1319 and AMC 20-42, instead of being handled only through Special Conditions. Special Conditions are still used for older designs or unique features. The DAH must still find and address risks, and give ICAs and other procedures to keep systems secure.

Regulatory Approaches and Operator Responsibilities

Regulatory authorities have taken different approaches to these cybersecurity challenges. In Europe, EASA addresses them through Part-IS, which establishes the framework for an organization-wide Information Security Management System (ISMS). Only the elements relevant to the aircraft’s technical operational requirements and constraints are included in the AISP. EASA does not require a separate, standalone AISP—rather, it must form part of the ISMS, whether managed independently or integrated.

In the U.S., the FAA’s Advisory Circular AC 119-1A defines the requirements for an Aircraft Network Security Program (ANSP)—the U.S. term for an Aircraft Information Security Program—and mandates its operational authorization for when aircraft have been certificated with a special condition (SC) related to the security of the onboard computer network.

The AISP Basis

When an aircraft is certificated with a Special Condition (SC) related to network security, the operator will receive guidance from the Design Approval Holder (DAH). This guidance forms the basis for building the operator’s AISP and outlines how to keep the aircraft’s network systems secure and compliant.

Operators will also be provided with Instructions for Continued Airworthiness (ICAs) for maintaining the onboard network. These instructions are typically found in the Aircraft Maintenance Manual (AMM), but related tasks and recommendations may also appear in the Fault Isolation Manual (FIM), Service Letters (SL), or Service Bulletins (SB). Together, these resources ensure operators have the necessary procedures to preserve system integrity, security, and airworthiness throughout the aircraft’s service life.

Key Components
In practice, an effective AISP should include:

• A description of the security environment.

• Roles and responsibilities, identifying persons with authority and accountability.

• Training and qualification requirements.

• Control of portable software, data loading devices, and Ground Support Equipment (GSE) access and use.

• Control of access to the airport’s wired and wireless service networks.

• Control of access to the Loadable Software Airplane Part (LSAP) librarian resource.

• Creation of secure parts signing processes and control of access to private keys.

• Control of aircraft conformity to type design.

• Provisions for parts pooling and borrowing.

• Procedures for part exchanges within the operator’s fleet.

• Event recognition, response, reporting, and recovery.

• Event evaluation, including considerations for program improvement.

Conclusion

As aircraft become increasingly connected, the risks to onboard networks and information systems grow. An effective Aircraft Information Security Program isa regulatory requirement, whether integrated within the ISMS or managed separately.

By aligning DAH guidance, regulatory standards, and operator-specific procedures, airlines can ensure their fleets remain cyberfit to fly throughout their lifecycle.

Take the Lead with Aircraft Cybersecurity Expertise

Strengthen your ability to manage aircraft cybersecurity risks with our Information Security for Continuing Airworthiness course, aligned with EUROCAE ED-204A / RTCA DO-355A, and gain the knowledge and tools to protect aircraft systems throughout their operational life.