Sofema Aviation Services (SAS) considers key aspects in relation to the process for the Security Risk Assessment identified in ED-202A Section 2.1.1 (PISRA).
ED-202A Section 2.1.1 is an acceptable means of compliance for performing the PISRA for products and parts under Annex I (Part 21) to Regulation (EU) No 748/2012.
Additional guidance material for the PISRA can be found in ED-203A.
Guidance on Performing a Product and Part Security Risk Assessment (PISRA)
The process outlined in ED-202A Section 2.1.1 is recognized as an acceptable means of compliance (AMC) for performing the Product and Part Security Risk Assessment (PISRA) under Annex I (Part 21) to Regulation (EU) No 748/2012.
Below is a step-by-step explanation and guidance on implementing this process effectively, referencing ED-203A for detailed methodologies and best practices.
Understand the Context and Scope
PISRA Objective:
The goal is to assess and mitigate security risks associated with aviation products, parts, and appliances during design and production.
Compliance Framework:
Ensure alignment with EASA Part 21 requirements and any additional specific security considerations mandated by EU Regulation 748/2012.
Achieving compliance with EASA Part 21 requires a robust understanding of the regulatory framework, integration of security risk management into organizational processes, and alignment with PISRA methodologies. This also ensures alignment with Safety Management System (SMS) objectives.
Using ED-202A and ED-203A as reference frameworks ensures that your approach meets both the technical and procedural expectations of these regulations. Regular audits, training, and continuous monitoring are critical to maintaining compliance.
Process Overview per ED-202A Section 2.1.1
The PISRA process involves several main steps to evaluate and address potential security threats.
Establish System Boundaries
Establishing system boundaries is essential for a focused and effective security risk assessment. By identifying the product or part under assessment and defining its functional, operational, and regulatory environments, organizations can ensure that all relevant risks are addressed while maintaining compliance with regulatory standards. Clear boundaries set the stage for successful risk identification, mitigation, and validation.
- Identify the product or part under assessment.
- Define its functional, operational, and regulatory environment.
- Defines the real-world conditions under which the product or part will function.
- Temperature, pressure, vibration, and other environmental factors.
- Describe where and how the system will be used (e.g., in the cockpit, ground operations, maintenance facilities).
- Define how users or operators interact with the system.
- Consider how the system interacts with external entities (e.g., third-party systems, regulatory bodies).
Identify Security Objectives
- Determine the critical assets requiring protection.
- Outline the security goals to ensure asset confidentiality, integrity, and availability.
Identifying security objectives by determining critical assets and aligning with Confidentiality, Integrity, and Availability (CIA) principles ensures a targeted and effective approach to securing aviation products and parts.
This step lays the foundation for the entire PISRA process, enabling organizations to develop appropriate mitigations and achieve regulatory compliance.
Threat Identification
- Identify potential threats relevant to the product or part.
- Use industry best practices (refer to ED-203A) to catalog threats systematically.
Vulnerability Assessment
- Analyze weaknesses in the product, part, or associated systems that could be exploited by threats.
- Consider vulnerabilities during the design, manufacturing, and operational phases.
Risk Assessment
- Evaluate the impact of potential security threats exploiting identified vulnerabilities.
- Apply risk assessment methodologies (refer to ED-203A for detailed tools and techniques).
Select Appropriate Risk Assessment Methodologies
ED-203A outlines multiple tools and techniques for assessing risks. The choice depends on the complexity of the system and the nature of the risks. Below are commonly used methodologies:
Fault Tree Analysis (FTA)
Identify root causes of security failures by analyzing a top-level security breach.
Steps:
- Define the undesired top event (e.g., unauthorized access to a critical system).
- Break down the event into its contributing factors, using a tree structure.
- Analyze the probability of each contributing factor.
When to Use: For highly structured systems where understanding failure chains is critical.
Event Tree Analysis (ETA)
Evaluate potential outcomes of an initiating event, focusing on the effectiveness of mitigation measures.
Steps:
- Define an initiating event (e.g., malware intrusion).
- Map possible events branching from the initial one.
- Calculate probabilities for each branch and assess their consequences.
When to Use: To analyze sequences of events and evaluate risk mitigation effectiveness.
Failure Mode and Effects Analysis (FMEA)
Identify potential failure modes, their causes, and consequences.
Steps:
- List all components and functions.
- Identify failure modes for each component.
- Assess the severity, occurrence likelihood, and detection probability.
- Calculate the Risk Priority Number (RPN) = Severity × Occurrence × Detection.
When to Use: For systematic identification and prioritization of risks in complex systems.
Attack Tree Analysis
Analyze potential attack paths and their likelihood of success.
Steps:
- Define a goal (e.g., compromise of sensitive data).
- Identify all possible attack paths leading to the goal.
- Assign likelihood and impact scores to each path.
When to Use: For analyzing cybersecurity threats and their pathways.
Hazard and Operability Study (HAZOP)
Examine deviations in the system design or operations that could lead to security risks.
Steps:
- Define system operations or design.
- Identify deviations (e.g., unauthorized system access).
- Assess the causes, consequences, and safeguards for each deviation.
When to Use: For exploring potential deviations in highly complex systems.
Risk Matrices
Provide a visual representation of risks based on likelihood and severity.
Steps:
- Define severity levels (e.g., negligible to catastrophic).
- Define likelihood levels (e.g., unlikely to almost certain).
- Plot each risk on the matrix to prioritize them.
When to Use: For straightforward prioritization and decision-making.
Mitigation Strategies
- Develop security measures to mitigate identified risks.
- Prioritize mitigations based on risk level and feasibility.
Effective mitigation strategies require developing targeted security measures to address specific risks and prioritizing those mitigations based on risk level and feasibility.
Design Mitigation Measures:
- Implement measures to address vulnerabilities, such as:
- Software patches.
- Hardware redundancies.
- Operational controls.
Document Findings
Maintain detailed documentation of the entire PISRA process, including identified risks, mitigation measures, and residual risk levels.
Leveraging Guidance Material in ED-203A
Threat and Vulnerability Analysis:
- Use threat libraries and industry-standard vulnerability databases to strengthen identification efforts.
- Include threats relevant to:
- Cybersecurity.
- Physical security.
- Operational disruptions.
Mitigation Validation
Ensure mitigations are effective through simulation, testing, or peer review.
Residual Risk Management:
- Implement procedures for monitoring and managing risks that cannot be fully mitigated.
Best Practices
- Engage multi-disciplinary teams.
- Perform PISRA iteratively throughout the design and production lifecycle.
- Integrate PISRA into the Safety Management System (SMS).
Conclusion
The PISRA process, guided by ED-202A Section 2.1.1 and supported by ED-203A, provides a robust framework for securing aviation products and parts.
Next Steps
Follow this link to our Library to find & download related documents for Free.
Implementing Information & Cyber Security Program – EASA Part 145 Organization (2 Days)
For questions, contact [email protected].
Tags:
Safety Management System SMS, easa part 21, SAS blogs, Regulation (EU) No 748/2012, Annex I (Part 21), best practices, Failure Mode and Effects Analysis (FMEA), Fault Tree Analysis (FTA), threat identification, BlogSeries, PISRA, ED-202A Section 2.1.1, Vulnerability Assessment, Event Tree Analysis (ETA), Hazard and Operability Study (HAZOP)
