GM3 SPA.EFB.100(b)(3) Use of electronic flight bags (EFBs) – Operational approval    

CAA ORS9 Decision No. 1

SECURITY

Examples of typical safety and security defences are contained in the following non-exhaustive list:

(a) Individual system firewalls;

(b) The clustering of systems with similar safety standards into domains;

(c) Data encryption and authentication;

(d) Virus scans;

(e) Keeping the OS up to date;

(f) Initiating air–ground connections only when required and always from the aircraft;

(g) ‘Whitelists’ for allowed internet domains;

(h) Virtual private networks (VPNs);

(i) Granting of access rights on a need-to-have basis;

(j) Troubleshooting procedures that consider security threats as potential root causes of EFB misbehaviour, and provide for responses to be developed to prevent future successful attacks when relevant;

(k) Virtualisation; and

(l) Forensic tools and procedures.