Special Condition 1: Assurance for unauthorized access can only be achieved through the separation of data communication connectivity. Force this separation through requirements.
Special Condition 2: Changes in threats occur frequently. Since Gulfstream does not manufacture the avionics equipment that could be affected by new threats, this special condition 2 applies mostly to the avionic manufactures over which Gulfstream has no authority.
Special Condition 3: My response in special condition 2 is also pertinent to this condition 3.
General comment: Separation of data communication is essential in reducing cyber risk to critical avionics. Configuration management policy over LAN structures is essential. This will prevent unauthorized connectivity to lower assurance data communication used for the customer.
The highest priority should be the testing of known vulnerabilities in avionic equipment to show how a successful cyber attack will manifest itself to the pilot and later to the forensics of the technician. The special conditions will only reduce the possibility of hacking. Reducing the time of a successful cyber attack is a matter of educating the pilot on its manifestation.
Outside of the data communication separation, the security requirements specified by the FAA is mostly an avionic manufacture requirement and not that of Gulfstream
Related Comments
Total: 1
Steve Carver Public SubmissionPosted: 06/21/2012
ID: FAA-2012-0625-0002
Steve Carver
This is comment on Rule
Special Conditions: Gulfstream Aerospace LP (GALP), Model Gulfstream G280 airplane; Aircraft Electronic System Security Protection from Unauthorized External Access
View Comment
Related Comments
Public Submission Posted: 06/21/2012 ID: FAA-2012-0625-0002
Aug 02,2012 11:59 PM ET