b1lanc

I think some of Airbus' comments are very enlightening:
AIRBUS Comment (a): Airbus said that the meaning of “shall ensure system security protection * * * from unauthorized external access” in the first sentence is not accurate enough. Airbus commented that this could be interpreted as a zero allowance and demonstrating compliance with such a requirement all through the aircraft's life cycle is quite impossible since security threats evolve very rapidly. The commenter maintained that the only possible solution to such a requirement would be no link and no communication at all between the aircraft and the outside world. Airbus asked, “if some residual vulnerabilities are allowed, which criteria have to be used to assess their acceptability?”

AIRBUS Comment (d): Airbus said that the external environment needs to be characterized in order to determine which threats the Aircraft Control Domain and Airline Information Domain must be protected from. Questions to be answered include who can and cannot access; who is and is not trusted; and what threat source profile must be considered. The commenter asked whether only new communication media (like internet protocol (IP) communications) would be considered not trusted, or whether all communications, including existing communications for which no security requirements have been applied up to now, would be considered not trusted. Airbus gave ACARS (the Aeronautical Radio Incorporated Communication Addressing and Reporting System) as an example of existing communications that currently have no security requirements.