D-RisQ is researching various techniques for cyber security. These are largely focussed on meeting airworthiness standards such as DO-326A/ED-202A, DO-355/ED-204 and DO-356A/ED-203A.
The first aim is to understand how to schedule security activities such as security analysis and security development activities such that they can efficiently interact with aircraft and systems development and safety processes. There are a number of feedback and feed forward interactions between all these activities with the potential to seriously disrupt development. If the development of security, safety and systems are not well managed the potential for cost overruns is significant, especially as this is a regulated environment.
The development processes need also to ensure that they can be reactive to events. As threats evolve, changes to architecture will be expensive to incorporate. Designs therefore need to be flexible. D-RisQ has been developing techniques to aid compliance with these standards.
"Any sufficiently advanced technology is indistinguishable from magic”