Threat analysis and Risk Assessment (TARA)

Argus threat analysis and risk assessments identify the assets, threats, and vulnerabilities in a target system, map potential risk scenarios and provide the risk level associated with each threat scenario based on its likelihood and impact. Argus TARA projects provide our customers with a detailed report that includes recommendations to mitigate the overall risk.

Argus TARA is performed according to the aviation industry’s best practices and general standards of compliance, DO 326A/ ED 202A and DO 356A/ ED 203A. Argus TARA reports help our customers obtain a Supplemental Type Certificate (STC) for their systems.

Penetration Testing

Argus tailors each penetration test according to the security objectives of our customers. Penetration tests (PT) can vary from an initial assessment of existing security mechanisms to comprehensive vulnerability scanning of an entire system (e.g. IFEC) or a specific target component (e.g. LRU, modem). At the completion of the test, customers receive a detailed report that includes the probability and impact of exploitation of each vulnerability with recommendations for improving the cyber resilience of the target system and overall system security.

Argus PT’s best practices in the field of security testing, such as NIST SP 800-115, ISO 29119, SAE J3061, Open Web Application Security Project (OWASP) Testing Guide, PCI Security Standards Council Penetration Testing Guide, US-CERT guideline for Risk-based and Functional Security Testing and Continental internal guidelines for Test Engineering.

Security Requirements Specification (SRS)

Argus consultants work with customers to create a set of security requirements that fulfill each customer’s cyber-security objectives.  Based on customer inputs, the Argus research team defines the features and methodologies through which customer cyber-security objectives can be met. Included in the service, Argus provides verification and validation methodologies that will help customers maintain and monitor that the cyber security specifications are met.   

For the most effective results, Argus Security Requirements Specification (SRS) services should be introduced at the earliest possible stage of design. 

Vulnerability Analysis

Argus consultants analyze the aircraft architecture to find security weaknesses within the airborne systems and components. Argus provides customers with a comprehensive report of the vulnerabilities and recommends actionable steps to close the security gaps and reduce the risk.

Aircraft Network Security Program

Argus consultants work with airlines to create and implement an Aircraft Network Security Program (ANSP) in compliance with the Federal Aviation Authorities OpSpec D301 Aircraft Network Security Program. In accordance with the program, Argus works with customers to build cyber security policies and processes, such as: managing aircraft certificates, continuous security audits of aircraft networks, and more.