Special Conditions: Cessna Model 750 Series Airplanes; Aircraft Electronic System Security Isolation or Protection From Internal Access, 75453-75454 [2013-29683]

Download as PDF Federal Register / Vol. 78, No. 239 / Thursday, December 12, 2013 / Rules and Regulations DEPARTMENT OF TRANSPORTATION Federal Aviation Administration 14 CFR Part 25 [Docket No. FAA–2013–1037; Special Conditions No. 25–509–SC] Special Conditions: Cessna Model 750 Series Airplanes; Aircraft Electronic System Security Isolation or Protection From Internal Access Federal Aviation Administration (FAA), DOT. ACTION: Final special condition; request for comments. AGENCY: These special conditions are issued for the Cessna Model 750 series airplanes. These airplanes will have novel or unusual design features associated with connectivity of the passenger service computer systems to the airplane critical systems and data networks. DATES: The effective date of these special conditions is December 12, 2013. We must receive your comments by January 27, 2014. ADDRESSES: Send comments identified by docket number FAA–XXXX–XXXX using any of the following methods: • Federal eRegulations Portal: Go to https://www.regulations.gov/ and follow the online instructions for sending your comments electronically. Mail: Send comments to Docket Operations, M–30, U.S. Department of Transportation (DOT), 1200 New Jersey Avenue SE., Room W12–140, West Building Ground Floor, Washington, DC, 20590–0001. Hand Delivery or Courier: Take comments to Docket Operations in Room W12–140 of the West Building Ground Floor at 1200 New Jersey Avenue SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except federal holidays. Fax: Fax comments to Docket Operations at 202–493–2251. Privacy: The FAA will post all comments it receives, without change, to https://www.regulations.gov/, including any personal information the commenter provides. Using the search function of the docket Web site, anyone can find and read the electronic form of all comments received into any FAA docket, including the name of the individual sending the comment (or signing the comment for an association, business, labor union, etc.). DOT’s complete Privacy Act Statement can be found in the Federal Register published on April 11, 2000 (65 FR 19477–19478), as well as at https://DocketsInfo.dot .gov/. wreier-aviles on DSK5TPTVN1PROD with RULES SUMMARY: VerDate Mar<15>2010 15:03 Dec 11, 2013 Jkt 232001 Docket: Background documents or comments received may be read at https://www.regulations.gov/ at any time. Follow the online instructions for accessing the docket or go to the Docket Operations in Room W12–140 of the West Building Ground Floor at 1200 New Jersey Avenue SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except federal holidays. FOR FURTHER INFORMATION CONTACT: Varun Khanna, FAA, Airplane and Flight Crew Interface Branch, ANM– 111, Transport Airplane Directorate, Aircraft Certification Service, 1601 Lind Avenue SW., Renton, Washington 98057–3356; telephone 425–227–1298; facsimile 425–227–1149. The network architecture is composed of several connected networks including the following: 1. Flight-safety related control and navigation systems, 2. Operator business and administrative support, and 3. Passenger entertainment. The applicable airworthiness regulations do not contain adequate or appropriate safety standards for this design feature. These special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards. The FAA has determined that notice of, and opportunity for prior public comment on, these special conditions are impracticable because these procedures would significantly delay issuance of the design approval and thus delivery of the affected aircraft. In addition, the substance of these special conditions has been subject to the public comment process in several prior instances with no substantive comments received. The FAA therefore finds that good cause exists for making these special conditions effective upon publication in the Federal Register. SUPPLEMENTARY INFORMATION: Comments Invited We invite interested people to take part in this rulemaking by sending written comments, data, or views. The most helpful comments reference a specific portion of the special conditions, explain the reason for any recommended change, and include supporting data. We will consider all comments we receive by the closing date for comments. We may change these special conditions based on the comments we receive. PO 00000 Frm 00005 Fmt 4700 Sfmt 4700 75453 Background On September 10, 2010, Cessna applied for a change to Type Certificate No. T00007WI in the digital systems architecture in the Cessna Model 750 series airplanes. The Model 750 is a twin-engine pressurized executive jet airplane with standard seating provisions for 14 passenger/crew. This airplane will have a maximum takeoff weight of 36,600 pounds with a wingspan of 69.2 feet, a maximum operating altitude of 51,000 feet, and will have two aft-mounted Rolls-Royce AE3007C2 engines. The proposed Cessna Model 750 architecture is novel or unsual for executive jet airplanes by allowing connection to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane. This proposed data network and design integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate this type of system architecture or electronic access to aircraft systems. Furthermore, regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities, which could be caused by unauthorized access to aircraft data buses and servers. The intent of these special conditions is to ensure that security, integrity, and availability of aircraft systems are not compromised by certain wired or wireless electronic connections between airplane data busses and networks. A separate Cessna Model 750 project special condition addresses aircraft electronic system security protection from unauthorized external access. Type Certification Basis Under Title 14, Code of Federal Regulations (14 CFR) 21.17, Cessna must show that the Model 45 series meets the applicable provisions of 14 CFR part 25, as amended by Amendments 25–1 through 25–128. If the Administrator finds that the applicable airworthiness regulations (i.e., 14 CFR part 25) do not contain adequate or appropriate safety standards for the Model 45 series because of a novel or unusual design feature, special conditions are prescribed under § 21.16. Special conditions are initially applicable to the model for which they are issued. Should the type certificate for that model be amended later to include any other model that incorporates the same novel or unusual E:\FR\FM\12DER1.SGM 12DER1 75454 Federal Register / Vol. 78, No. 239 / Thursday, December 12, 2013 / Rules and Regulations design feature, the proposed special conditions would also apply to the other model under § 21.101. In addition to the applicable airworthiness regulations and proposed special conditions, the Cessna Model 750 series airplane must comply with the fuel vent and exhaust emission requirements of 14 CFR part 34 and the noise certification requirements of 14 CFR part 36 and the FAA must issue a finding of regulatory adequacy under § 611 of Public Law 92–574, the ‘‘Noise Control Act of 1972.’’ The FAA issues special conditions, as defined in 14 CFR 11.19, under § 11.38, and they become part of the typecertification basis under § 21.17(a)(2). wreier-aviles on DSK5TPTVN1PROD with RULES Novel or Unusual Design Features The Cessna Model 750 will incorporate the following novel or unusual design features. The proposed architecture and network configuration may be used for, or interfaced with, a diverse set of functions, including: 1. Flight-safety related control, communication, and navigation systems (aircraft control domain); 2. Operator business and administrative support (operator information domain); and 3. Passenger information and entertainment systems (passenger entertainment domain). In addition, the operating systems (OS) for current aircraft systems are usually and historically proprietary. Therefore, they are not as susceptible to corruption from worms, viruses, and other malicious actions as more widely used commercial operating systems because access to the design details of these proprietary OS is limited to the system developer and aircraft integrator. Some systems installed on the Cessna Model 750 series airplanes will use operating systems that are widely used and commercially available from third party software suppliers. The security vulnerabilities of these operating systems may be more widely known than proprietary operating systems currently used by avionics manufacturers. Discussion The integrated network configurations in the Cessna Model 750 series airplanes may allow increased connectivity with external network sources and will have more interconnected networks and systems, such as passenger entertainment and information services than previous airplane models. This may allow the exploitation of network security vulnerabilities and increased risks potentially resulting in unsafe VerDate Mar<15>2010 15:03 Dec 11, 2013 Jkt 232001 conditions for the airplanes and occupants. This potential exploitation of security vulnerabilities may result in intentional or unintentional destruction, disruption, degradation, or exploitation of data and systems critical to the safety and maintenance of the airplane. Cessna Aircraft Company should develop instructions for the operators to maintain the built-in security safeguards after the airplane enters commercial service. The instructions should address physical security, operational security, audit and monitoring of the effectiveness of security safeguards and key management procedures. A test plan should also be developed and implemented to insure that security requirements are met and there is no inadvertent or malicious change to any system, software or data. The existing regulations and guidance material did not anticipate these types of system architectures. Furthermore, 14 CFR regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities which could be exploited by unauthorized access to airplane networks and servers. Therefore, these special conditions are being issued to ensure that the security (i.e., confidentiality, integrity, and availability) of airplane systems is not compromised by unauthorized wired or wireless electronic connections between airplane systems and the passenger entertainment services. For the reasons discussed above, these special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards. Applicability As discussed above, these special conditions are applicable to the Cessna Model 750 series airplanes. Should Cessna apply at a later date for a change to the type certificate to include another model incorporating the same novel or unusual design feature, the special conditions would apply to that model as well. Conclusion This action affects only certain novel or unusual design features on one model series of airplanes. It is not a rule of general applicability. The substance of these special conditions has been subjected to the notice and comment period in several prior instances and has been derived without substantive change from those previously issued. It is unlikely that prior public comment would result in a PO 00000 Frm 00006 Fmt 4700 Sfmt 9990 significant change from the substance contained herein. Therefore, because a delay would significantly affect the certification of the airplane, which is imminent, the FAA has determined that prior public notice and comment are unnecessary and impracticable, and good cause exists for adopting these special conditions upon publication in the Federal Register. The FAA is requesting comments to allow interested persons to submit views that may not have been submitted in response to the prior opportunities for comment described above. List of Subjects in 14 CFR Part 25 Aircraft, Aviation safety, Reporting and recordkeeping requirements. The authority citation for these special conditions is as follows: Authority: 49 U.S.C. 106(g), 40113, 44701, 44702, 44704. The Special Conditions Accordingly, pursuant to the authority delegated to me by the Administrator, the following special conditions are issued as part of the type certification basis for Cessna Model 750 series airplanes. Isolation or Security Protection of the Aircraft Control Domain and the Information Services Domain From the Passenger Services Domain 1. The applicant must ensure that the design provides isolation from, or airplane electronic system security protection against, access by unauthorized sources internal to the airplane. The design must prevent inadvertent and malicious changes to, and all adverse impacts upon, airplane equipment, systems, networks, or other assets required for safe flight and operations. 2. The applicant must establish appropriate procedures to allow the operator to ensure that continued airworthiness of the aircraft is maintained, including all post-typecertification modifications that may have an impact on the approved electronic system security safeguards. Issued in Renton, Washington, on December 4, 2013. John P. Piccola, Jr., Acting Manager, Transport Airplane Directorate, Aircraft Certification Service. [FR Doc. 2013–29683 Filed 12–11–13; 8:45 am] BILLING CODE 4910–13–P E:\FR\FM\12DER1.SGM 12DER1

Agencies

[Federal Register Volume 78, Number 239 (Thursday, December 12, 2013)]
[Rules and Regulations]
[Pages 75453-75454]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-29683]



[[Page 75453]]

-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

14 CFR Part 25

[Docket No. FAA-2013-1037; Special Conditions No. 25-509-SC]


Special Conditions: Cessna Model 750 Series Airplanes; Aircraft 
Electronic System Security Isolation or Protection From Internal Access

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Final special condition; request for comments.

-----------------------------------------------------------------------

SUMMARY: These special conditions are issued for the Cessna Model 750 
series airplanes. These airplanes will have novel or unusual design 
features associated with connectivity of the passenger service computer 
systems to the airplane critical systems and data networks.

DATES: The effective date of these special conditions is December 12, 
2013. We must receive your comments by January 27, 2014.

ADDRESSES: Send comments identified by docket number FAA-XXXX-XXXX 
using any of the following methods:
     Federal eRegulations Portal: Go to https://www.regulations.gov/ and follow the online instructions for sending 
your comments electronically.
    Mail: Send comments to Docket Operations, M-30, U.S. Department of 
Transportation (DOT), 1200 New Jersey Avenue SE., Room W12-140, West 
Building Ground Floor, Washington, DC, 20590-0001.
    Hand Delivery or Courier: Take comments to Docket Operations in 
Room W12-140 of the West Building Ground Floor at 1200 New Jersey 
Avenue SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through 
Friday, except federal holidays.
    Fax: Fax comments to Docket Operations at 202-493-2251.
    Privacy: The FAA will post all comments it receives, without 
change, to https://www.regulations.gov/, including any personal 
information the commenter provides. Using the search function of the 
docket Web site, anyone can find and read the electronic form of all 
comments received into any FAA docket, including the name of the 
individual sending the comment (or signing the comment for an 
association, business, labor union, etc.). DOT's complete Privacy Act 
Statement can be found in the Federal Register published on April 11, 
2000 (65 FR 19477-19478), as well as at https://DocketsInfo.dot.gov/.
    Docket: Background documents or comments received may be read at  
https://www.regulations.gov/ at any time. Follow the online instructions 
for accessing the docket or go to the Docket Operations in Room W12-140 
of the West Building Ground Floor at 1200 New Jersey Avenue SE., 
Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, 
except federal holidays.

FOR FURTHER INFORMATION CONTACT: Varun Khanna, FAA, Airplane and Flight 
Crew Interface Branch, ANM-111, Transport Airplane Directorate, 
Aircraft Certification Service, 1601 Lind Avenue SW., Renton, 
Washington 98057-3356; telephone 425-227-1298; facsimile 425-227-1149.

SUPPLEMENTARY INFORMATION: The network architecture is composed of 
several connected networks including the following:
    1. Flight-safety related control and navigation systems,
    2. Operator business and administrative support, and
    3. Passenger entertainment.
    The applicable airworthiness regulations do not contain adequate or 
appropriate safety standards for this design feature. These special 
conditions contain the additional safety standards that the 
Administrator considers necessary to establish a level of safety 
equivalent to that established by the existing airworthiness standards.
    The FAA has determined that notice of, and opportunity for prior 
public comment on, these special conditions are impracticable because 
these procedures would significantly delay issuance of the design 
approval and thus delivery of the affected aircraft. In addition, the 
substance of these special conditions has been subject to the public 
comment process in several prior instances with no substantive comments 
received. The FAA therefore finds that good cause exists for making 
these special conditions effective upon publication in the Federal 
Register.

Comments Invited

    We invite interested people to take part in this rulemaking by 
sending written comments, data, or views. The most helpful comments 
reference a specific portion of the special conditions, explain the 
reason for any recommended change, and include supporting data.
    We will consider all comments we receive by the closing date for 
comments. We may change these special conditions based on the comments 
we receive.

Background

    On September 10, 2010, Cessna applied for a change to Type 
Certificate No. T00007WI in the digital systems architecture in the 
Cessna Model 750 series airplanes.
    The Model 750 is a twin-engine pressurized executive jet airplane 
with standard seating provisions for 14 passenger/crew. This airplane 
will have a maximum takeoff weight of 36,600 pounds with a wingspan of 
69.2 feet, a maximum operating altitude of 51,000 feet, and will have 
two aft-mounted Rolls-Royce AE3007C2 engines.
    The proposed Cessna Model 750 architecture is novel or unsual for 
executive jet airplanes by allowing connection to previously isolated 
data networks connected to systems that perform functions required for 
the safe operation of the airplane. This proposed data network and 
design integration may result in security vulnerabilities from 
intentional or unintentional corruption of data and systems critical to 
the safety and maintenance of the airplane. The existing regulations 
and guidance material did not anticipate this type of system 
architecture or electronic access to aircraft systems. Furthermore, 
regulations and current system safety assessment policy and techniques 
do not address potential security vulnerabilities, which could be 
caused by unauthorized access to aircraft data buses and servers. The 
intent of these special conditions is to ensure that security, 
integrity, and availability of aircraft systems are not compromised by 
certain wired or wireless electronic connections between airplane data 
busses and networks. A separate Cessna Model 750 project special 
condition addresses aircraft electronic system security protection from 
unauthorized external access.

Type Certification Basis

    Under Title 14, Code of Federal Regulations (14 CFR) 21.17, Cessna 
must show that the Model 45 series meets the applicable provisions of 
14 CFR part 25, as amended by Amendments 25-1 through 25-128.
    If the Administrator finds that the applicable airworthiness 
regulations (i.e., 14 CFR part 25) do not contain adequate or 
appropriate safety standards for the Model 45 series because of a novel 
or unusual design feature, special conditions are prescribed under 
Sec.  21.16.
    Special conditions are initially applicable to the model for which 
they are issued. Should the type certificate for that model be amended 
later to include any other model that incorporates the same novel or 
unusual

[[Page 75454]]

design feature, the proposed special conditions would also apply to the 
other model under Sec.  21.101.
    In addition to the applicable airworthiness regulations and 
proposed special conditions, the Cessna Model 750 series airplane must 
comply with the fuel vent and exhaust emission requirements of 14 CFR 
part 34 and the noise certification requirements of 14 CFR part 36 and 
the FAA must issue a finding of regulatory adequacy under Sec.  611 of 
Public Law 92-574, the ``Noise Control Act of 1972.''
    The FAA issues special conditions, as defined in 14 CFR 11.19, 
under Sec.  11.38, and they become part of the type-certification basis 
under Sec.  21.17(a)(2).

Novel or Unusual Design Features

    The Cessna Model 750 will incorporate the following novel or 
unusual design features.
    The proposed architecture and network configuration may be used 
for, or interfaced with, a diverse set of functions, including:
    1. Flight-safety related control, communication, and navigation 
systems (aircraft control domain);
    2. Operator business and administrative support (operator 
information domain); and
    3. Passenger information and entertainment systems (passenger 
entertainment domain).
    In addition, the operating systems (OS) for current aircraft 
systems are usually and historically proprietary. Therefore, they are 
not as susceptible to corruption from worms, viruses, and other 
malicious actions as more widely used commercial operating systems 
because access to the design details of these proprietary OS is limited 
to the system developer and aircraft integrator. Some systems installed 
on the Cessna Model 750 series airplanes will use operating systems 
that are widely used and commercially available from third party 
software suppliers. The security vulnerabilities of these operating 
systems may be more widely known than proprietary operating systems 
currently used by avionics manufacturers.

Discussion

    The integrated network configurations in the Cessna Model 750 
series airplanes may allow increased connectivity with external network 
sources and will have more interconnected networks and systems, such as 
passenger entertainment and information services than previous airplane 
models. This may allow the exploitation of network security 
vulnerabilities and increased risks potentially resulting in unsafe 
conditions for the airplanes and occupants. This potential exploitation 
of security vulnerabilities may result in intentional or unintentional 
destruction, disruption, degradation, or exploitation of data and 
systems critical to the safety and maintenance of the airplane.
    Cessna Aircraft Company should develop instructions for the 
operators to maintain the built-in security safeguards after the 
airplane enters commercial service. The instructions should address 
physical security, operational security, audit and monitoring of the 
effectiveness of security safeguards and key management procedures. A 
test plan should also be developed and implemented to insure that 
security requirements are met and there is no inadvertent or malicious 
change to any system, software or data.
    The existing regulations and guidance material did not anticipate 
these types of system architectures. Furthermore, 14 CFR regulations 
and current system safety assessment policy and techniques do not 
address potential security vulnerabilities which could be exploited by 
unauthorized access to airplane networks and servers. Therefore, these 
special conditions are being issued to ensure that the security (i.e., 
confidentiality, integrity, and availability) of airplane systems is 
not compromised by unauthorized wired or wireless electronic 
connections between airplane systems and the passenger entertainment 
services.
    For the reasons discussed above, these special conditions contain 
the additional safety standards that the Administrator considers 
necessary to establish a level of safety equivalent to that established 
by the existing airworthiness standards.

Applicability

    As discussed above, these special conditions are applicable to the 
Cessna Model 750 series airplanes. Should Cessna apply at a later date 
for a change to the type certificate to include another model 
incorporating the same novel or unusual design feature, the special 
conditions would apply to that model as well.

Conclusion

    This action affects only certain novel or unusual design features 
on one model series of airplanes. It is not a rule of general 
applicability.
    The substance of these special conditions has been subjected to the 
notice and comment period in several prior instances and has been 
derived without substantive change from those previously issued. It is 
unlikely that prior public comment would result in a significant change 
from the substance contained herein. Therefore, because a delay would 
significantly affect the certification of the airplane, which is 
imminent, the FAA has determined that prior public notice and comment 
are unnecessary and impracticable, and good cause exists for adopting 
these special conditions upon publication in the Federal Register. The 
FAA is requesting comments to allow interested persons to submit views 
that may not have been submitted in response to the prior opportunities 
for comment described above.

List of Subjects in 14 CFR Part 25

    Aircraft, Aviation safety, Reporting and recordkeeping 
requirements.

    The authority citation for these special conditions is as follows:

    Authority: 49 U.S.C. 106(g), 40113, 44701, 44702, 44704.

The Special Conditions

    Accordingly, pursuant to the authority delegated to me by the 
Administrator, the following special conditions are issued as part of 
the type certification basis for Cessna Model 750 series airplanes.

Isolation or Security Protection of the Aircraft Control Domain and the 
Information Services Domain From the Passenger Services Domain

    1. The applicant must ensure that the design provides isolation 
from, or airplane electronic system security protection against, access 
by unauthorized sources internal to the airplane. The design must 
prevent inadvertent and malicious changes to, and all adverse impacts 
upon, airplane equipment, systems, networks, or other assets required 
for safe flight and operations.
    2. The applicant must establish appropriate procedures to allow the 
operator to ensure that continued airworthiness of the aircraft is 
maintained, including all post-type-certification modifications that 
may have an impact on the approved electronic system security 
safeguards.

    Issued in Renton, Washington, on December 4, 2013.
John P. Piccola, Jr.,
Acting Manager, Transport Airplane Directorate, Aircraft Certification 
Service.
[FR Doc. 2013-29683 Filed 12-11-13; 8:45 am]
BILLING CODE 4910-13-P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.