RTCA Software, Hardware, Security Standards Updates

RTCA Webinar Provides Overview of Near and Far-Term Updates to Three Types of Standards

RTCA hosted a three-part webinar discussing anticipated updates and applications of RTCA software, hardware, and security standards.

Part I: Hardware

The first panel brought together Brenda Ocker from the FAA, Chris Sidor from ALPA, and Ray Reynolds from Collins Aerospace, to discuss how hardware technology advancements will benefit airline operations, and why an update to the long-standing DO-254 standard, Design Assurance Guidance for Airborne Electronic Hardware, is needed and happening.

“The system is under stress,” said Chris Sidor, acknowledging DO-254 is 25 years old and ready for an update due to rapid technological advances. Sidor discussed new capabilities enabled by updated certification standards, including airport surface moving maps, enhanced flight vision systems, broadband data traveling to and from aircraft, weather and graphics, improved robustness for navigation systems, and improved airplane interfaces. Sidor concluded by talking about anti-spoofing and anti-jamming challenges.

Brenda Ocker, from the FAA’s Technical Policy Branch (AIR-620), gave a brief overview of the history of DO-254 and urged using harmonized work by FAA and EASA to support potential changes to DO-254. Ocker also discussed how updated guidance incorporates safety with the development of complex and custom devices to streamline guidance for what the industry wants to achieve.

Ray Reynolds provided the avionics supplier perspective, illustrating how evolving technology and innovation, Commercial Off-the-Shelf (COTS) IP availability and the popularity of System-on-Chip, necessitates an update. He discussed evolving processes and tools; maturing guidance material, including issue papers, certification memos, and advisory circulars; as well as the call for industry harmonization and developing common points of reference, which all compels a DO-254 revision. Reynolds suggested further topics for consideration when updating DO-254, including multi-level support for requirements management, integration such as advanced architecture considerations, advanced verification, service history and model-based development. He concluded that the roadmap to follow for the future assumes additional revisions and being able to evolve with industry needs and future technology trends, with priorities being product integrity, safety, reliability, security, and a commitment from all to get this done.

Part II: Software

Patty Bath from Belcan, LLC, Mark Lillis from Atlantic Certification Group, LLC, and Mike Vukas from the FAA discussed how software is developing, deploying, and evolving with revisions of a new supplement to DO-178C and DO-278A.

FAA Senior Software Specialist Vukas began the session with a review of how software achieves FAA acceptance and an explanation of the necessity of integrating COTS and open-source software as a way to drive certification. While Lillis spoke of the challenges of software protections, Bath covered ground-based assets, the need for alternative guidance, the rigorous requirement and assessment process currently in place, and opportunities for modifications to software.

“What we’re doing with this supplement is kind of a different approach,” said Lillis, who provides training on software supplements for RTCA.

The three also weighed in on how software effects entrants like UAS and eVTOL, and described how software has been used to automate processes in other arenas such as the automotive and medical industries. Maintaining software has been proven to save money and provide a higher level of safety, they concluded.

Part III: Security

Panelists Jens Hennig from GAMA, Marty Reynolds from A4A, and Patrick Morrissey from Collins Aerospace, discussed how RTCA’s security assurance standards protect aircraft operations and incorporate new technologies.

“There has been a great deal of good work done with RTCA,” said Hennig, who went on to give a history lesson in cybersecurity, stating how those in the industry, like the TSA, have requested security be a focus for everyone.

Reynolds believes cybersecurity is fundamental for streamlining operations, increasing safety, and upleveling efficiency, and lauded SC-216 – Aeronautical Information Systems Security for their amazing work. He acknowledged that differing thresholds and timelines exist among participants and said that even though standards work is hard, it is pertinent to get involved.

Morrissey concluded the discussion by stating that the process in place that allows the industry to absorb documents like DO-326A, Airworthiness Security Process Specification, and DO-355A, Information Security Guidance for Continued Airworthiness, and come back with questions, has been effective. Morrisey said it’s important to have a feedback loop with industry and a long-working relationship with industry stakeholders to give them a voice at the table and ensure more players and diverse parties are at the table.. An updated version of DO-326A will be published by the end of 2024.

To view this webinar in its entirety, visit: https://www.youtube.com/watch?si=6anL3XKNiO1ZhMRV&v=LOpFJliMGLU&feature=youtu.be. Stay tuned for August’s webinar on AI from the Regulators’ Perspective.

RTCA would like to thank webinar sponsors NATCA and ALPA.