The European Union Aviation Safety Agency (EASA) has published Executive Director (ED) Decision 2020/006/R, Aircraft Cybersecurity (see, CBR20-2 for additional background).

This Decision “includes amendments to CS-25, CS-27, CS-29, CS-APU, CS-E, CS-ETSO, CS-P, and to the related acceptable means of compliance (AMC) and/or guidance material (GM), together with AMC-20, AMC/GM to CS-23 and AMC/GM to Part 21.”

Attached to this memo is a copy of EASA’s Explanatory Note to the Decision. The specific amendments can be accessed on the agency’s website at:

https://www.easa.europa.eu/document-library/agency-decisions/ed-decision-2020006r

As stated by the agency in the Explanatory Note: “The draft text of this Decision has been developed by EASA, considering existing special conditions (SCs), and has been also based on the ARAC ASISP Working Group recommendations. All interested parties were consulted through Notice of Proposed Amendment (NPA) 2019-01 ‘Aircraft cybersecurity’.”

Key items in the Decision, include:

• AMC 20-42 recognizes as an acceptable means of compliance EUROCAE and RTCA documents:
  • ED-202A / DO-326A
  • ED-203A / DO-356
  • ED-204 / DO355
• Guidance Material (GM) 23.2500(b) to CS-23 states that an “applicant that wishes to certify an aeroplane with certification level 4 to consider cybersecurity threats as possible sources of ‘improper functioning” of the equipment and systems.”
• CS-25 introduces a new CS 25.1319, Equipment, systems and network information protection:
  • (a) Aeroplane equipment, systems and networks, considered separately and in relation to other systems, must be protected from intentional unauthorised electronic interactions (IUEIs) that may result in adverse effects on the safety of the aeroplane. Protection must be ensured by showing that the security risks have been identified, assessed and mitigated as necessary.
  • (b) When required by paragraph (a), the applicant must make procedures and Instructions for Continued Airworthiness (ICA) available that ensure that the security protections of the aeroplane’s equipment, systems and networks are maintained.
• CS-27 introduces a new CS 27.1319 similar to CS 25.1319, but limited to Category A rotorcraft.
• CS-29 introduces a new CS 29.1319 similar to CS 25.1319.
• And, additional amendments adapted to CS-APU, CS-E, CS-ETSO, and CS-P.

Please contact me (jhennig@GAMA.aero), Jonathan Archer (jarcher@GAMA.aero), and Kyle Martin (kmartin@GAMA.aero) with any questions.

[…]

The objective of this Notice of Proposed Amendment (NPA) is to mitigate the potential effects of cybersecurity threats on safety. Such threats could be the consequences of intentional unauthorised acts of interference with aircraft on-board electronic networks and systems.

This NPA proposes amendments to CS-23, CS-25, CS-27, CS-29, CS-E, CS-ETSO, CS-P, and, as applicable to their related acceptable means of compliance (AMC)/guidance material (GM), together with AMC-20. The amendments would introduce cybersecurity provisions into the relevant certification specifications (CSs), taking into account the existing special conditions (SCs) and the recommendations of the Aviation Rulemaking Advisory Committee (ARAC) regarding aircraft systems information security/protection (ASISP).

The proposed amendments are expected to contribute to updating the EASA CSs to reflect the state of the art of protection of products and equipment against cybersecurity threats. They are also expected to improve harmonisation with the Federal Aviation Administration (FAA) regulations. Overall, they would improve safety, would have neither social nor environmental impact, and would have a neutral-to-positive economic impact.

This Decision introduces new Acceptable Means of Compliance (AMC) for Part-21 production and design
organisation approvals, which complement the existing AMC. The objective is to provide a more proportionate
approach for small, non-complex organisations that produce lower-risk products and the parts installed on
these products.
The new AMC shifts the focus of both the applicant and the competent authority onto the effects on the output
of the process, instead of the focus being on the detailed step-by-step documentation of the process. This is a
more product-oriented approach.
The AMC provides for more proportionality for the affected organisations, without having any impact on the
level of safety. It is avoiding an over-burdensome and disproportionate administrative application of regulations
for these small and simple organisations.
The AMC can also serve as the baseline when a means of compliance with the Subpart G and J requirements
needs to be developed outside the applicability of the AMC. In that case, coordination is needed between the
applicant and the competent authority to review and, when necessary, to complement the baseline with more
stringent or detailed processes or procedures so as to provide a consistent and acceptable result.
The AMC can be used by small companies that design and produce low-risk general aviation (GA) aircraft within
the current Part-21. The AMC also allows experience to be gained for a possible future combined (design and
production) company approval. It is anticipated that it will be used until amendments to Part-21, based on the
changes brought about by the new Basic Regulation (Regulation (EU) 2018/1139), allow for new concepts for a
more proportionate regulatory system. At that point, the current AMC may need to be revisited.

This Decision addresses efficiency/proportionality as well as safety issues related to Annex IV (Part-MED) to Commission
Regulation (EU) No 1178/2011. As both rulemaking tasks (RMTs), RMT.0287 and RMT.0700, amend the provisions
prescribed in Part-MED, the European Aviation Safety Agency (EASA) decided to merge the outcome of the respective
consultations and publish one ED Decision on the update of Part-MED and applicable parts of Part ARA to prevent any
inconsistencies that may emerge during the rulemaking process.
The specific objectives of RMT.0287 are to solve the consistency issues, close the loopholes in the rules, as identified
through the implementation experience, as well as keep the requirements up to date with the new developments in the
field of medicine in order to ensure that they are fit for purpose and can be implemented in practice.
The objective of RMT.0700 is to address the recommendations issued by the EASA-led Germanwings Task Force on the
accident of the Germanwings Flight 9525 and the related safety recommendations issued by the Bureau d’Enquêtes et
d’Analyses pour la Sécurité de l’Aviation Civile (BEA).
In summary, the amendments introduced are expected to improve the level of safety by providing further clarification and
guidance regarding:
— medical examination for applicants for and holders of class 1 certificates by including drug and alcohol screening and
comprehensive mental health assessment as well as improved follow-up in case of medical history of psychiatric
conditions;
— medical examination for applicants for and holders of class 2/light aircraft pilot licence (LAPL) medical certificates as
well as cabin crew medical reports including operating pilot restriction limitation (ORL) for class 2 pilots and
clarification for insulin-treated diabetes for cabin crew;
— decrease of medical fitness and use of different types of medication;
— obligations of the aero-medical centres (AeMCs) and aero-medical examiners (AMEs);
— the training, oversight and competency assessment of the AMEs in order to increase the quality of the aero-medical
examinations;
— implementation of the medical provisions in line with the new developments in the field of medicine such as
anticoagulation protocols and colour vision tests; and
— the European aeromedical data repository (EAMR).
Moreover, the amendments aim to ensure harmonisation between the requirements of Part-MED and Part ATCO.MED
(Annex IV to Commission Regulation (EU) 2015/340). Finally, the amendments introduced through this Decision are
expected to enhance clarity and consistency of rules in line with better regulation principles.