Security Needed Everywhere!
It's been a busy couple of months at Wind River with conferences and seminars as we lead up to year end. One key theme at the various events I have been to is that of the increased need for cyber-security, a theme that is becoming important in all areas of embedded computing.
The subject first came up in Toulouse at the SAE Aerotech conference. I was there co-hosting a session with Airbus on use of multicore technology in safety certified systems, with a great presentation by our own Joachim Hampp, and also to present a paper on our VxWorks 653 solution as a guest of BARCO. Apart from some very interesting sessions on IMA, Unmanned Vehicles, and safety certification, the other critical area was an update on cyber-security with presentations from Airbus, Boeing and government.
The area covered by Government included an update on both WG 72 and SC 202. These have now started to go through the standardisation process, with RTCA DO-326 / EUROCAE ED 202 being the first, to be followed by further guidance on how you go about security testing avionics systems. The next release will be ED 203 (No RTCA number yet as it is issued when the document is released) which will cover the additional work required to augment safety testing with security requirements.
Of personal interest, as I fly a lot, and also very reassuring, is that this is already happening today, with increased focus on security testing for both Airbus A380, and Boeing 787. The Boeing 787 of course runs our own VxWorks 653 in the common core computer. Both Airbus and Boeing outlined the increased security practices they are using, and also continually working on, to protect aircraft from security threats, both during ground maintenance, and also with increased use of passenger systems (here I was very jealous to hear that the a lot of US operators already supply WiFi as standard through the GoGo service).
Following SAE Aerotech, I attended the Interoperable Open Architectures (IOA) conference in London, hosted by our partner RTI. This was a fascinating mix of presentations from industry and from government, stating the need for IOA, and creating an interesting tension between government and industry. On the one hand you had folks such as General Nick Justice, who stated that IOA was the only way the US Army could afford the future, and on the other hand you had the major defence suppliers seeing their future revenue stream being eroded!
Getting back to security, one thing that all of the IOA projects included, whether it was ground based (GVA), or future aircraft (FACE), or unmanned (USCGS), was the need for increased security testing as the systems become more connected. This was especially true, if they "evolve" to include military app stores as provocatively presented by Curt Schacker in his session on “Achieving System Level Interoperability in Open Architecture and also discussed during the briefing on FACE.
Finally, this week I have been down to Jerusalem to present at theIADC conference, on the subject of cyber-security. I presented our view on the end-to-end challenges around security protection, which is exactly what IOA need to implement, and what companies like Airbus and Boeing are already implementing to protect our aircraft.
For additional information from Wind River, visit http://www.facebook.com/WindRiverSystems.