Aviation regulations and the industry are aware of these changes. In the system design of the safety critical domain (i.e. Part-21 Initial Airworthiness), a demonstration of cybersecurity is required to complete the safety analysis and mitigate cyber risks. In terms of organization and operations, a new part called Part-IS (information System) is about to be released to manage cybersecurity between each stakeholder: transverse cyber risk analysis, event detection, assessment of operational and safety impacts, reporting.
The challenge is not restricted to designing the appropriate aircraft cyber protections and to monitoring them but also to keep defenses operational while vulnerabilities evolve at open-world speed.
The question arises, in a highly regulated world required to maintain safety excellence, how can connected aircraft keep protection levels up to date to tackle cyber threats, without impacting aircraft operability?