This paper highlights the challenges faced by the practical retroactive application of the RTCA DO-326A1 / EUROCAE ED-202A2 guidelines for cybersecurity on an in-service military aircraft. The growing reliance on technology for safety-critical functions in aviation presents a new and rising threat of cyberrelated hazards and attacks. Existing safety regulations and standards for aircraft provide a baseline for information security, but as the world becomes more connected, it is essential that the same approach be adopted for cyber-security. New regulations to address airworthiness security concerns have been introduced by EASA3 and the FAA4, and have process guidelines published by RTCA5 and EUROCAE6. While these guidelines are expected to establish the route to develop and certificate aircraft, the work to implement them is embryonic. Therefore, the practical aspects of retrospective implementation on existing platforms remain largely unknown for both regulators and industry. It is also recognized that many of the challenges faced in traditional safety are even greater when considered from a cyber-security perspective, where existing risk classification methodologies are not compatible.