Embedded software is increasingly responsible for the safety of aircraft in the air and on the landing strip. But as we have learned from the problems of Boeing 737 Max 8, engineers can sometimes overlook the interdependencies between operations, which can lead to catastrophic results. In the Boeing cases, the angle of attack (AoA) sensor and other instrument failures were related to a design flaw involving the Maneuvering characteristics augmentation system (MCAS) of the 737 MAX series.
“You increasingly have to think of the aircraft as a unified system,” says Barbara Filkins, safety consultant, SANS research director and professor at California Aeronautical University, who is also working on her doctorate in aeronautical science. “There also needs to be more alignment between aircraft safety culture and cybersecurity culture.
In this video interview, Barbara explains how on-board software drives aviation today and provides examples of interdependencies impacting flight and landing operations that developers need to understand in the planning and evaluation stages. . She also talks about the software-driven cockpit systems in her own home-built experimental aircraft, which is pictured in her background.
- GrammaTech Blog on the importance of static and binary analysis in aeronautical systems and describes a hybrid Agile, CI/CD and DevSecOps approach: https://blogs.grammatech.com/devsecops-in-safety-critical-avionic-software-and-the-role-of-static-analysis.
- EU/US DO-178C, Software Considerations in Certification of Airborne Systems and Equipment specifically calls DevSecOps.
- DO-326 (2019)”Airworthiness Safety Process Specification,indicates that manufacturers and operators seeking certification of new aircraft systems and networks, or modifications to existing ones, will be necessary to address threats that may lead to unauthorized access and disruption of aircraft electronic system interfaces or information.
- Details of methods and tools for aviation related security processes are defined in DO-356 (2018), “Airworthiness Safety Methods and Considerations”, defines the certificationsecurity risk assessment and security development activities. Safety risks assessed during assessment activities require safety development activities to mitigate the risk to the aircraft. These activities are intended to be incorporated into the security processes required for the software.
- FAA 2017 CA 20-115D for embedded software assurance, section 6.1.4 defines the relationships between software provided by the supplier: Software provided by the vendor is usually related to in-flight entertainment (IFE), navigation databases and terrain awareness and warning systems (TAWS). This software is typically subject to frequent updates and is managed through OpSpecs, carrier engineering documents, or vendor contractual agreements.
*** This is a syndicated blog from Shift Left’s Security Bloggers Network written by Deb Radcliff. Read the original post at: https://shiftleft.grammatech.com/danger-in-the-skies-software-driving-our-flightsinterview-with-aviation-and-cybersecurity-expert-barbara-filkins