Defining Appropriate Cyber Security Requirements - A Risk Based Approach

Defining Appropriate Cyber Security Requirements - A Risk Based Approach

November 14, 2018, 11:15 AM - 12:00 PM

Theater 2 - USE
Language:
English

Considerable work is being done by the Joint Authorities for Rulemaking on Unmanned Systems (JARUS) on the Specific Operational Risk Assessment (SORA) process. The idea of conducting a SORA is to inform a National authority's approval of a specific UAS use case. This is accomplished using a risk-based assessment of the vehicle, Operator, and mission concept of operations to define appropriate requirements to mitigate the risks presented by the operation. The FAA is looking at SORA as one way to streamline approvals for "permits to fly" in the future; and EASA has fully adopted it for their “Specific” category. Unfortunately, the SORA, as written, currently "punts" on Security, “Security aspects are excluded from the applicability of this methodology…" But, the proposed EASA UAS rule framework requires the operational risk assessment (i.e. the SORA) to include Cyber Security, “The requirements on the operational risk assessment have been amended to also include an evaluation of privacy and security risks." And the FAA process of applying the 14 CFR 21.17(b) rule for Special Class certification of UAS specifically identifies cyber security as one of the “unique technologies and challenges that require additional coordination to determine appropriate levels of safety” and requires applicants to address cyber security aspects of their operation when seeking certification. It is the author’s opinion that - once the industry produces airworthy designs, has airspace access solved, and spectrum is available - cyber security (or lack thereof) will become the "next " show stopper to widespread use of UAS.

Contributors

  • Andy Thurling

    Speaker

    Chief Technology

    NUAIR Alliance

    Andy Thurling recently joined NUAIR Alliance, manager of the New York UAS Test Site, as the Chief Technology Officer where he leads technical...

Categories

  1. Track
    Unmanned Security

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies.