Special Conditions: Boeing Model 777-200, -300, and -300ER Series Airplanes; Aircraft Electronic System Security Protection From Unauthorized Internal Access, 68985-68986 [2013-27343]

Agencies

• Federal Aviation Administration
• DEPARTMENT OF TRANSPORTATION

[Federal Register Volume 78, Number 222 (Monday, November 18, 2013)]
[Rules and Regulations]
[Pages 68985-68986]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-27343]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

14 CFR Part 25

[Docket No. FAA-2013-0958; Special Conditions No. 25-503-SC]


Special Conditions: Boeing Model 777-200, -300, and -300ER Series 
Airplanes; Aircraft Electronic System Security Protection From 
Unauthorized Internal Access

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Final special conditions.

-----------------------------------------------------------------------

SUMMARY: These special conditions are issued for the Boeing Model 777-
200, -300, and -300ER series airplanes. These airplanes, as modified by 
the Boeing Company, will have novel or unusual design features 
associated with the architecture and connectivity of the passenger 
service computer network systems to the airplane critical systems and 
data networks. This onboard network system will be composed of a 
network file server, a network extension device, and additional 
interfaces configured by customer option. The applicable airworthiness 
regulations do not contain adequate or appropriate safety standards for 
this design feature. These special conditions contain the additional 
safety standards that the Administrator considers necessary to 
establish a level of safety equivalent to that established by the 
existing airworthiness standards.

DATES: Effective Date: The effective date of these special conditions 
is November 18, 2013.

FOR FURTHER INFORMATION CONTACT: Varun Khanna, FAA, Airplane and Flight 
Crew Interface Branch, ANM-111, Transport Airplane Directorate, 
Aircraft Certification Service, 1601 Lind Avenue SW., Renton, 
Washington 98057-3356; telephone 425-227-1298; facsimile 425-227-1149.

SUPPLEMENTARY INFORMATION: 

Background

    On August 21, 2012, The Boeing Company applied for a change to Type 
Certificate No. T00001SE Rev. 30 dated June 6, 2012 for installation of 
an onboard network system, associated line replaceable units (LRUs) and 
additional software functionality in the Boeing Model 777-200, -300, 
and -300ER Series Airplanes. The Boeing Model 777-200 airplanes are 
long-range, wide-body, twin-engine jet airplanes with a maximum 
capacity of 440 passengers. The Boeing Model 777-300 and 777-300ER 
series airplanes have a maximum capacity of 550 passengers. The Model 
777-200, -300, and -300ER series airplanes have fly-by-wire controls, 
software-configurable avionics, and fiber-optic avionics networks.
    The proposed architecture is novel or unusual for commercial 
transport airplanes by enabling connection to previously isolated data 
networks connected to systems that perform functions required for the 
safe operation of the airplane. This proposed data network and design 
integration may result in security vulnerabilities from intentional or 
unintentional corruption of data and systems critical to the safety and 
maintenance of the airplane. The existing regulations and guidance 
material did not anticipate this type of system architecture or 
electronic access to aircraft systems. Furthermore, regulations and 
current system safety assessment policy and techniques do not address 
potential security vulnerabilities, which could be caused by 
unauthorized access to aircraft data buses and servers.

Type Certification Basis

    Under Title 14, Code of Federal Regulations (14 CFR) 21.17, The 
Boeing Company must show that the Model 777-200, -300, and -300ER 
series airplanes meet the applicable provisions of 14 CFR part 25, as 
amended by Amendments 25-1 through 25-128.
    If the Administrator finds that the applicable airworthiness 
regulations (i.e., 14 CFR part 25) do not contain adequate or 
appropriate safety standards for the Boeing Model 777-200, -300, and -
300ER series airplanes because of a novel or unusual design feature, 
special conditions are prescribed under Sec.  21.16.
    Special conditions are initially applicable to the model for which 
they are issued. Should the type certificate for that model be amended 
later to include any other model that incorporates the same novel or 
unusual design feature, the proposed special conditions would also 
apply to the other model under Sec.  21.101.
    In addition to the applicable airworthiness regulations and 
proposed special conditions, the Boeing Model 777-200, -300, and -300ER 
series airplanes must comply with the fuel vent and exhaust emission 
requirements of 14 CFR part 34 and the noise certification requirements 
of 14 CFR part 36 and the FAA must issue a finding of regulatory 
adequacy under Sec.  611 of Public Law 92-574, the ``Noise Control Act 
of 1972.''
    The FAA issues special conditions, as defined in 14 CFR 11.19, 
under Sec.  11.38, and they become part of the type-certification basis 
under Sec.  21.17(a)(2).

Novel or Unusual Design Features

    The Boeing Model 777-200, -300, -300ER series airplanes will 
incorporate the following novel or unusual design features: An onboard 
computer network system, and a network extension device. The network 
extension device will improve domain separation between the airplane 
information services domain and the aircraft control domain. The 
proposed architecture and network configuration may be used for, or 
interfaced with, a diverse set of functions, including:
    1. Flight-safety related control and navigation systems,
    2. Operator business and administrative support (operator 
information services),
    3. Passenger information systems, and,
    4. Access by systems internal to the airplane.

Discussion

    The integrated network configurations in the Boeing Model 777-200, 
-300, and -300ER series airplanes may enable increased connectivity 
with external network sources and will have more interconnected 
networks and systems, such as passenger entertainment and information 
services than previous airplane models. This may enable the 
exploitation of network security vulnerabilities and increased risks 
potentially resulting in unsafe conditions for the airplanes and 
occupants. This potential exploitation of security vulnerabilities may 
result in intentional or unintentional destruction, disruption, 
degradation, or exploitation of data and systems critical to the safety 
and maintenance of the airplane. The existing regulations and guidance 
material did not anticipate these types of system architectures. 
Furthermore, 14 CFR regulations and current system safety assessment 
policy and techniques do not address potential security vulnerabilities 
which could be exploited by unauthorized access to airplane networks 
and servers. Therefore, these special conditions are being issued to 
ensure that the security (i.e., confidentiality, integrity, and 
availability) of airplane systems is not compromised by unauthorized 
wired or

[[Page 68986]]

wireless electronic connections between the airplane information 
services domain, aircraft control domain, and the passenger 
entertainment services.
    For the reasons discussed above, these special conditions contain 
the additional safety standards that the Administrator considers 
necessary to establish a level of safety equivalent to that established 
by the existing airworthiness standards.

Applicability

    As discussed above, these special conditions are applicable to the 
Boeing Model 777-200, -300, -300ER series airplanes. Should The Boeing 
Company apply at a later date for a change to the type certificate to 
include another model on the same type certificate incorporating the 
same novel or unusual design feature, the special conditions would 
apply to that model as well.

Conclusion

    This action affects only certain novel or unusual design features 
on Boeing Model 777-200, -300, -300ER series airplanes. It is not a 
rule of general applicability.
    The substance of these special conditions has been subjected to the 
notice and comment period in several prior instances and has been 
derived without substantive change from those previously issued. It is 
unlikely that prior public comment would result in a significant change 
from the substance contained herein. Therefore, the FAA has determined 
that prior public notice and comment are unnecessary, and good cause 
exists for adopting these special conditions upon publication in the 
Federal Register.

List of Subjects in 14 CFR Part 25

    Aircraft, Aviation safety, Reporting and recordkeeping 
requirements.

    The authority citation for these special conditions is as follows:

    Authority:  49 U.S.C. 106(g), 40113, 44701, 44702, 44704.

The Special Conditions

    Accordingly, pursuant to the authority delegated to me by the 
Administrator, the following special conditions are issued as part of 
the type certification basis for Boeing Model 777-200, -300, -300ER 
series airplanes modified by The Boeing Company.
    1. The applicant must ensure that the design provides isolation 
from, or airplane electronic system security protection against, access 
by unauthorized sources internal to the airplane. The design must 
prevent inadvertent and malicious changes to, and all adverse impacts 
upon, airplane equipment, systems, networks, or other assets required 
for safe flight and operations.
    2. The applicant must establish appropriate procedures to enable 
the operator to ensure that continued airworthiness of the aircraft is 
maintained, including all post STC modifications that may have an 
impact on the approved electronic system security safeguards.

Jeffrey E. Duven,
Acting Manager, Transport Airplane Directorate, Aircraft Certification 
Service.
[FR Doc. 2013-27343 Filed 11-15-13; 8:45 am]
BILLING CODE 4910-13-P