Special Conditions: Airbus, Model A350-900 Series Airplane; Isolation or Protection of the Aircraft Electronic System Security From Unauthorized Internal Access, 76252-76254 [2013-29986]
Download as PDF
76252
Federal Register / Vol. 78, No. 242 / Tuesday, December 17, 2013 / Proposed Rules
part 36 and the FAA must issue a
finding of regulatory adequacy under
§ 611 of Public Law 92–574, the ‘‘Noise
Control Act of 1972.’’
The FAA issues special conditions, as
defined in 14 CFR 11.19, under § 11.38,
and they become part of the typecertification basis under § 21.17(a)(2).
Novel or Unusual Design Features
The Airbus Model A350–900 series
will incorporate the following novel or
unusual design feature:
The digital systems architecture for
the Airbus Model A350–900 series
airplanes is composed of several
connected networks. This proposed
network architecture is used for a
diverse set of functions, providing data
connectivity between systems,
including:
1. airplane control, communication,
display, monitoring and navigation
systems,
2. airline business and administrative
support systems,
3. passenger entertainment systems,
and
4. access by systems external to the
airplane.
wreier-aviles on DSK5TPTVN1PROD with PROPOSALS
Discussion
The proposed Airbus Model A350–
900 series architecture and network
configuration may allow increased
connectivity to and access from external
network sources and airline operations
and maintenance networks to the
aircraft control domain and airline
information services domain. The
aircraft control domain and airline
information services domain perform
functions required for the safe operation
and maintenance of the airplane.
Previously these domains had very
limited connectivity with external
network sources. The architecture and
network configuration may allow the
exploitation of network security
vulnerabilities resulting in intentional
or unintentional destruction, disruption,
degradation, or exploitation of data,
systems, and networks critical to the
safety and maintenance of the airplane.
The existing regulations and guidance
material did not anticipate these types
of airplane system architectures.
Furthermore, 14 CFR regulations and
current system safety assessment policy
and techniques do not address potential
security vulnerabilities, which could be
exploited by unauthorized access to
airplane networks, data buses, and
servers. Therefore, these special
conditions are proposed to ensure that
the security (i.e., confidentiality,
integrity, and availability) of airplane
systems is not compromised by
VerDate Mar<15>2010
14:27 Dec 16, 2013
Jkt 232001
unauthorized wired or wireless
electronic connections.
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
Applicability
As discussed above, these proposed
special conditions apply to Airbus
Model A350–900 series airplanes.
Should Airbus apply later for a change
to the type certificate to include another
model incorporating the same novel or
unusual design feature, the proposed
special conditions would apply to that
model as well.
14 CFR Part 25
Conclusion
AGENCY:
This action affects only certain novel
or unusual design features on the Airbus
Model A350–900 series airplanes. It is
not a rule of general applicability.
SUMMARY:
List of Subjects in 14 CFR Part 25
Aircraft, Aviation safety, Reporting
and Recordkeeping requirements.
The authority citation for these
special conditions is as follows:
Authority: 49 U.S.C. 106(g), 40113, 44701,
44702, 44704.
The Proposed Special Conditions
Accordingly, the Federal Aviation
Administration (FAA) proposes the
following special conditions as part of
the type certification basis for Airbus
Model A350–900 series airplanes.
Airplane Electronic System Security
Protection from Unauthorized External
Access.
1. The applicant must ensure airplane
electronic system security protection
from access to or by unauthorized
sources external to the airplane,
including those possibly caused by
maintenance activity.
2. The applicant must ensure that
electronic system security threats are
identified and assessed, and that
effective electronic system security
protection strategies are implemented to
protect the airplane from all adverse
impacts on safety, functionality, and
continued airworthiness.
3. The applicant must establish
appropriate procedures to allow the
operator to ensure that continued
airworthiness of the aircraft is
maintained, including all post type
certification modifications that may
have an impact on the approved
electronic system security safeguards.
Issued in Renton, Washington, on October
22, 2013.
Stephen P. Boyd,
Acting Manager, Transport Airplane
Directorate, Aircraft Certification Service.
[FR Doc. 2013–29985 Filed 12–16–13; 8:45 am]
BILLING CODE 4910–13–P
PO 00000
Frm 00005
Fmt 4702
Sfmt 4702
[Docket No. FAA–2013–0910; Notice No.
25–13–20–SC]
Special Conditions: Airbus, Model
A350–900 Series Airplane; Isolation or
Protection of the Aircraft Electronic
System Security From Unauthorized
Internal Access
Federal Aviation
Administration (FAA), DOT.
ACTION: Notice of proposed special
conditions.
This action proposes special
conditions for Airbus Model A350–900
series airplanes. These airplanes will
have a novel or unusual design feature
associated with aircraft electronic
system security protection or isolation
from unauthorized internal access. The
applicable airworthiness regulations do
not contain adequate or appropriate
safety standards for this design feature.
These proposed special conditions
contain the additional safety standards
that the Administrator considers
necessary to establish a level of safety
equivalent to that established by the
existing airworthiness standards.
DATES: Send your comments on or
before January 31, 2014.
ADDRESSES: Send comments identified
by docket number FAA–2013–0910
using any of the following methods:
• Federal eRegulations Portal: Go to
https://www.regulations.gov/ and follow
the online instructions for sending your
comments electronically.
• Mail: Send comments to Docket
Operations, M–30, U.S. Department of
Transportation (DOT), 1200 New Jersey
Avenue SE., Room W12–140, West
Building Ground Floor, Washington, DC
20590–0001.
• Hand Delivery or Courier: Take
comments to Docket Operations in
Room W12–140 of the West Building
Ground Floor at 1200 New Jersey
Avenue SE., Washington, DC, between 9
a.m. and 5 p.m., Monday through
Friday, except federal holidays.
• Fax: Fax comments to Docket
Operations at 202–493–2251.
Privacy: The FAA will post all
comments it receives, without change,
to https://www.regulations.gov/,
including any personal information the
commenter provides. Using the search
function of the docket Web site, anyone
can find and read the electronic form of
all comments received into any FAA
docket, including the name of the
individual sending the comment (or
E:\FR\FM\17DEP1.SGM
17DEP1
Federal Register / Vol. 78, No. 242 / Tuesday, December 17, 2013 / Proposed Rules
signing the comment for an association,
business, labor union, etc.). DOT’s
complete Privacy Act Statement can be
found in the Federal Register published
on April 11, 2000 (65 FR 19477–19478),
as well as at
https://DocketsInfo.dot.gov/.
Docket: Background documents or
comments received may be read at
https://www.regulations.gov/ at any time.
Follow the online instructions for
accessing the docket or go to the Docket
Operations in Room W12–140 of the
West Building Ground Floor at 1200
New Jersey Avenue SE., Washington,
DC, between 9 a.m. and 5 p.m., Monday
through Friday, except federal holidays.
FOR FURTHER INFORMATION CONTACT:
Varun Khanna, FAA, Airplane and
Flightcrew Interface Branch, ANM–111,
Transport Airplane Directorate, Aircraft
Certification Service, 1601 Lind Avenue
SW., Renton, Washington 98057–3356;
telephone (425) 227–1298; facsimile
(425) 227–1320.
SUPPLEMENTARY INFORMATION:
wreier-aviles on DSK5TPTVN1PROD with PROPOSALS
Comments Invited
We invite interested people to take
part in this rulemaking by sending
written comments, data, or views. The
most helpful comments reference a
specific portion of the special
conditions, explain the reason for any
recommended change, and include
supporting data.
We will consider all comments we
receive on or before the closing date for
comments. We may change these
proposed special conditions based on
the comments we receive.
Background
On August 25, 2008, Airbus applied
for a type certificate for their new Model
A350–900 series airplane. Later, Airbus
requested and the FAA approved an
extension to the application for FAA
type certification to June 28, 2009. The
Model A350–900 series has a
conventional layout with twin wingmounted Rolls-Royce Trent XWB
engines. It features a twin aisle 9-abreast
economy class layout, and
accommodates side-by-side placement
of LD–3 containers in the cargo
compartment. The basic Model A350–
900 series configuration will
accommodate 315 passengers in a
standard two-class arrangement. The
design cruise speed is Mach 0.85 with
a Maximum Take-Off Weight of 602,000
lbs. Airbus proposes the Model A350–
900 series to be certified for extended
operations (ETOPS) beyond 180 minutes
at entry into service for up to a 420minute maximum diversion time.
Contemporary transport category
airplanes have both safety-related and
VerDate Mar<15>2010
14:27 Dec 16, 2013
Jkt 232001
non-safety-related electronic system
networks for many operational
functions. However, electronic system
network security considerations and
functions have played a relatively minor
role in the certification of such systems
because of the isolation, protection
mechanisms, and limited connectivity
between the different networks.
Type Certification Basis
Under Title 14, Code of Federal
Regulations (14 CFR) 21.17, Airbus must
show that the Model A350–900 series
meets the applicable provisions of 14
CFR part 25, as amended by
Amendments 25–1 through 25–129.
If the Administrator finds that the
applicable airworthiness regulations
(i.e., 14 CFR part 25) do not contain
adequate or appropriate safety standards
for the Model A350–900 series because
of a novel or unusual design feature,
special conditions are prescribed under
§ 21.16.
Special conditions are initially
applicable to the model for which they
are issued. Should the type certificate
for that model be amended later to
include any other model that
incorporates the same novel or unusual
design feature, the proposed special
conditions would also apply to the other
model under § 21.101.
In addition to the applicable
airworthiness regulations and proposed
special conditions, the Model A350–900
series must comply with the fuel vent
and exhaust emission requirements of
14 CFR part 34 and the noise
certification requirements of 14 CFR
part 36 and the FAA must issue a
finding of regulatory adequacy under
§ 611 of Public Law 92–574, the ‘‘Noise
Control Act of 1972.’’
The FAA issues special conditions, as
defined in 14 CFR 11.19, under § 11.38,
and they become part of the typecertification basis under § 21.17(a)(2).
Novel or Unusual Design Feature
The Airbus Model A350–900 series
will incorporate the following novel or
unusual design feature: an electronics
network system architecture which is
new and novel for commercial transport
airplanes which introduces potential
security risks and vulnerabilities not
addressed in current regulations and
aircraft-level or system-level safety
assessment methods.
Discussion
The Airbus Model A350–900 series
architecture is new and novel for
commercial transport airplanes because
it allows connection to previously
isolated data networks connected to
systems that perform functions required
PO 00000
Frm 00006
Fmt 4702
Sfmt 4702
76253
for the safe operation of the airplane.
This proposed data network and design
integration may result in security
vulnerabilities from intentional or
unintentional corruption of data and
systems critical to the safety and
maintenance of the airplane. The
existing regulations and guidance
material did not anticipate this type of
system architecture or electronic access
to aircraft systems. Furthermore, 14 CFR
regulations and current system safety
assessment policy and techniques do
not address potential security
vulnerabilities, which could be
exploited by unauthorized access to
airplane networks and servers.
Therefore, these special conditions are
proposed to ensure that the security of
airplane systems and networks is not
compromised by unauthorized wired or
wireless internal access.
Applicability
As discussed above, these proposed
special conditions apply to Airbus
Model A350–900 series airplanes.
Should Airbus apply later for a change
to the type certificate to include another
model incorporating the same novel or
unusual design feature, the proposed
special conditions would apply to that
model as well.
Conclusion
This action affects only certain novel
or unusual design features on the Airbus
Model A350–900 series airplanes
related to electronic system security
protection. It is not a rule of general
applicability.
List of Subjects in 14 CFR Part 25
Aircraft, Aviation safety, Reporting
and recordkeeping requirements.
The authority citation for these
special conditions is as follows:
Authority: 49 U.S.C. 106(g), 40113, 44701,
44702, 44704.
The Proposed Special Conditions
Accordingly, the Federal Aviation
Administration (FAA) proposes the
following special conditions as part of
the type certification basis for Airbus
Model A350–900 series airplanes.
Isolation of the Airplane Electronic
System Security Protection from
Unauthorized Internal Access.
■ 1. The applicant must ensure that the
design provides isolation from, or
airplane electronic system security
protection against, access by
unauthorized sources internal to the
airplane. The design must prevent
inadvertent and malicious changes to,
and all adverse impacts upon, airplane
equipment, systems, networks, or other
E:\FR\FM\17DEP1.SGM
17DEP1
76254
Federal Register / Vol. 78, No. 242 / Tuesday, December 17, 2013 / Proposed Rules
assets required for safe flight and
operations.
■ 2. The applicant must establish
appropriate procedures to allow the
operator to ensure that continued
airworthiness of the aircraft is
maintained, including all post type
certification modifications that may
have an impact on the approved
electronic system security safeguards.
Issued in Renton, Washington, on October
22, 2013.
Stephen P. Boyd,
Acting Manager, Transport Airplane
Directorate, Aircraft Certification Service.
[FR Doc. 2013–29986 Filed 12–16–13; 8:45 am]
BILLING CODE 4910–13–P
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 25
[Docket No. FAA–2013–0899; Notice No.
25–13–15–SC]
Special Conditions: Airbus, Model
A350–900 Series Airplane; Control
Surface Awareness and Mode
Annunciation
Federal Aviation
Administration (FAA), DOT.
ACTION: Notice of proposed special
conditions.
AGENCY:
This action proposes special
conditions for the Airbus Model A350–
900 series airplanes. These airplanes
will have a novel or unusual design
feature(s) associated with control
surface awareness and mode
annunciation provided by the electronic
flight control system. The applicable
airworthiness regulations do not contain
adequate or appropriate safety standards
for this design feature. These proposed
special conditions contain the
additional safety standards that the
Administrator considers necessary to
establish a level of safety equivalent to
that established by the existing
airworthiness standards.
DATES: Send your comments on or
before January 31, 2014.
ADDRESSES: Send comments identified
by docket number FAA–2013–0899
using any of the following methods:
• Federal eRegulations Portal: Go to
https://www.regulations.gov/ and follow
the online instructions for sending your
comments electronically.
• Mail: Send comments to Docket
Operations, M–30, U.S. Department of
Transportation (DOT), 1200 New Jersey
Avenue SE., Room W12–140, West
Building Ground Floor, Washington, DC
20590–0001.
wreier-aviles on DSK5TPTVN1PROD with PROPOSALS
SUMMARY:
VerDate Mar<15>2010
14:27 Dec 16, 2013
Jkt 232001
• Hand Delivery or Courier: Take
comments to Docket Operations in
Room W12–140 of the West Building
Ground Floor at 1200 New Jersey
Avenue SE., Washington, DC, between 9
a.m. and 5 p.m., Monday through
Friday, except federal holidays.
• Fax: Fax comments to Docket
Operations at 202–493–2251.
Privacy: The FAA will post all
comments it receives, without change,
to https://www.regulations.gov/,
including any personal information the
commenter provides. Using the search
function of the docket Web site, anyone
can find and read the electronic form of
all comments received into any FAA
docket, including the name of the
individual sending the comment (or
signing the comment for an association,
business, labor union, etc.). DOT’s
complete Privacy Act Statement can be
found in the Federal Register published
on April 11, 2000 (65 FR 19477–19478),
as well as at
https://DocketsInfo.dot.gov/.
Docket: Background documents or
comments received may be read at
https://www.regulations.gov/ at any time.
Follow the online instructions for
accessing the docket or go to the Docket
Operations in Room W12–140 of the
West Building Ground Floor at 1200
New Jersey Avenue SE., Washington,
DC, between 9 a.m. and 5 p.m., Monday
through Friday, except federal holidays.
FOR FURTHER INFORMATION CONTACT: Joe
Jacobsen, FAA, Airplane and Flightcrew
Interface Branch, ANM–111, Transport
Airplane Directorate, Aircraft
Certification Service, 1601 Lind Avenue
SW., Renton, Washington 98057–3356;
telephone (425) 227–2011; facsimile
(425) 227–1320.
SUPPLEMENTARY INFORMATION:
Comments Invited
We invite interested people to take
part in this rulemaking by sending
written comments, data, or views. The
most helpful comments reference a
specific portion of the proposed special
conditions, explain the reason for any
recommended change, and include
supporting data.
We will consider all comments we
receive on or before the closing date for
comments. We may change these special
conditions based on the comments we
receive.
Background
On August 25, 2008, Airbus applied
for a type certificate for their new Model
A350–900 series airplane. Later, Airbus
requested and the FAA approved an
extension to the application for FAA
type certification to June 28, 2009. The
PO 00000
Frm 00007
Fmt 4702
Sfmt 4702
Model A350–900 series has a
conventional layout with twin wingmounted Rolls-Royce Trent XWB
engines. It features a twin aisle 9-abreast
economy class layout, and
accommodates side-by-side placement
of LD–3 containers in the cargo
compartment. The basic Airbus Model
A350–900 series configuration will
accommodate 315 passengers in a
standard two-class arrangement. The
design cruise speed is Mach 0.85 with
a Maximum Take-Off Weight of 602,000
lbs. Airbus proposes the Model A350–
900 series to be certified for extended
operations (ETOPS) beyond 180 minutes
at entry into service for up to a 420minute maximum diversion time.
These proposed special conditions for
control surface awareness, applicable to
Airbus Model A350–900 series
airplanes, propose suitable flight control
position annunciation and control
system mode of operation to be
provided to the flight crew when a flight
condition exists in which nearly full
surface authority (not crewcommanded) is being utilized.
Suitability of such a display must take
into account that some pilot-demanded
maneuvers (e.g., rapid roll) are
necessarily associated with intended
full performance, which may saturate
the surface. Therefore, simple alerting
systems, which would function in both
intended or unexpected control-limiting
situations, must be properly balanced
between needed crew awareness and
nuisance features. A monitoring system
that might compare airplane motion and
surface deflection, and pilot side stick
controller (SSC) demand could be useful
for elimination of nuisance alerting.
Type Certification Basis
Under Title 14, Code of Federal
Regulations (14 CFR) 21.17, Airbus must
show that the Model A350–900 series
meets the applicable provisions of 14
CFR part 25, as amended by
Amendments 25–1 through 25–129.
If the Administrator finds that the
applicable airworthiness regulations
(i.e., 14 CFR part 25) do not contain
adequate or appropriate safety standards
for the Model A350–900 series because
of a novel or unusual design feature,
special conditions are prescribed under
§ 21.16.
Special conditions are initially
applicable to the model for which they
are issued. Should the type certificate
for that model be amended later to
include any other model that
incorporates the same or similar novel
or unusual design feature, the proposed
special conditions would also apply to
the other model under § 21.101.
E:\FR\FM\17DEP1.SGM
17DEP1
Agencies
[Federal Register Volume 78, Number 242 (Tuesday, December 17, 2013)]
[Proposed Rules]
[Pages 76252-76254]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-29986]
-----------------------------------------------------------------------
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 25
[Docket No. FAA-2013-0910; Notice No. 25-13-20-SC]
Special Conditions: Airbus, Model A350-900 Series Airplane;
Isolation or Protection of the Aircraft Electronic System Security From
Unauthorized Internal Access
AGENCY: Federal Aviation Administration (FAA), DOT.
ACTION: Notice of proposed special conditions.
-----------------------------------------------------------------------
SUMMARY: This action proposes special conditions for Airbus Model A350-
900 series airplanes. These airplanes will have a novel or unusual
design feature associated with aircraft electronic system security
protection or isolation from unauthorized internal access. The
applicable airworthiness regulations do not contain adequate or
appropriate safety standards for this design feature. These proposed
special conditions contain the additional safety standards that the
Administrator considers necessary to establish a level of safety
equivalent to that established by the existing airworthiness standards.
DATES: Send your comments on or before January 31, 2014.
ADDRESSES: Send comments identified by docket number FAA-2013-0910
using any of the following methods:
Federal eRegulations Portal: Go to https://www.regulations.gov/ and follow the online instructions for sending
your comments electronically.
Mail: Send comments to Docket Operations, M-30, U.S.
Department of Transportation (DOT), 1200 New Jersey Avenue SE., Room
W12-140, West Building Ground Floor, Washington, DC 20590-0001.
Hand Delivery or Courier: Take comments to Docket
Operations in Room W12-140 of the West Building Ground Floor at 1200
New Jersey Avenue SE., Washington, DC, between 9 a.m. and 5 p.m.,
Monday through Friday, except federal holidays.
Fax: Fax comments to Docket Operations at 202-493-2251.
Privacy: The FAA will post all comments it receives, without
change, to https://www.regulations.gov/, including any personal
information the commenter provides. Using the search function of the
docket Web site, anyone can find and read the electronic form of all
comments received into any FAA docket, including the name of the
individual sending the comment (or
[[Page 76253]]
signing the comment for an association, business, labor union, etc.).
DOT's complete Privacy Act Statement can be found in the Federal
Register published on April 11, 2000 (65 FR 19477-19478), as well as at
https://DocketsInfo.dot.gov/.
Docket: Background documents or comments received may be read at
https://www.regulations.gov/ at any time. Follow the online instructions
for accessing the docket or go to the Docket Operations in Room W12-140
of the West Building Ground Floor at 1200 New Jersey Avenue SE.,
Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday,
except federal holidays.
FOR FURTHER INFORMATION CONTACT: Varun Khanna, FAA, Airplane and
Flightcrew Interface Branch, ANM-111, Transport Airplane Directorate,
Aircraft Certification Service, 1601 Lind Avenue SW., Renton,
Washington 98057-3356; telephone (425) 227-1298; facsimile (425) 227-
1320.
SUPPLEMENTARY INFORMATION:
Comments Invited
We invite interested people to take part in this rulemaking by
sending written comments, data, or views. The most helpful comments
reference a specific portion of the special conditions, explain the
reason for any recommended change, and include supporting data.
We will consider all comments we receive on or before the closing
date for comments. We may change these proposed special conditions
based on the comments we receive.
Background
On August 25, 2008, Airbus applied for a type certificate for their
new Model A350-900 series airplane. Later, Airbus requested and the FAA
approved an extension to the application for FAA type certification to
June 28, 2009. The Model A350-900 series has a conventional layout with
twin wing-mounted Rolls-Royce Trent XWB engines. It features a twin
aisle 9-abreast economy class layout, and accommodates side-by-side
placement of LD-3 containers in the cargo compartment. The basic Model
A350-900 series configuration will accommodate 315 passengers in a
standard two-class arrangement. The design cruise speed is Mach 0.85
with a Maximum Take-Off Weight of 602,000 lbs. Airbus proposes the
Model A350-900 series to be certified for extended operations (ETOPS)
beyond 180 minutes at entry into service for up to a 420-minute maximum
diversion time.
Contemporary transport category airplanes have both safety-related
and non-safety-related electronic system networks for many operational
functions. However, electronic system network security considerations
and functions have played a relatively minor role in the certification
of such systems because of the isolation, protection mechanisms, and
limited connectivity between the different networks.
Type Certification Basis
Under Title 14, Code of Federal Regulations (14 CFR) 21.17, Airbus
must show that the Model A350-900 series meets the applicable
provisions of 14 CFR part 25, as amended by Amendments 25-1 through 25-
129.
If the Administrator finds that the applicable airworthiness
regulations (i.e., 14 CFR part 25) do not contain adequate or
appropriate safety standards for the Model A350-900 series because of a
novel or unusual design feature, special conditions are prescribed
under Sec. 21.16.
Special conditions are initially applicable to the model for which
they are issued. Should the type certificate for that model be amended
later to include any other model that incorporates the same novel or
unusual design feature, the proposed special conditions would also
apply to the other model under Sec. 21.101.
In addition to the applicable airworthiness regulations and
proposed special conditions, the Model A350-900 series must comply with
the fuel vent and exhaust emission requirements of 14 CFR part 34 and
the noise certification requirements of 14 CFR part 36 and the FAA must
issue a finding of regulatory adequacy under Sec. 611 of Public Law
92-574, the ``Noise Control Act of 1972.''
The FAA issues special conditions, as defined in 14 CFR 11.19,
under Sec. 11.38, and they become part of the type-certification basis
under Sec. 21.17(a)(2).
Novel or Unusual Design Feature
The Airbus Model A350-900 series will incorporate the following
novel or unusual design feature: an electronics network system
architecture which is new and novel for commercial transport airplanes
which introduces potential security risks and vulnerabilities not
addressed in current regulations and aircraft-level or system-level
safety assessment methods.
Discussion
The Airbus Model A350-900 series architecture is new and novel for
commercial transport airplanes because it allows connection to
previously isolated data networks connected to systems that perform
functions required for the safe operation of the airplane. This
proposed data network and design integration may result in security
vulnerabilities from intentional or unintentional corruption of data
and systems critical to the safety and maintenance of the airplane. The
existing regulations and guidance material did not anticipate this type
of system architecture or electronic access to aircraft systems.
Furthermore, 14 CFR regulations and current system safety assessment
policy and techniques do not address potential security
vulnerabilities, which could be exploited by unauthorized access to
airplane networks and servers. Therefore, these special conditions are
proposed to ensure that the security of airplane systems and networks
is not compromised by unauthorized wired or wireless internal access.
Applicability
As discussed above, these proposed special conditions apply to
Airbus Model A350-900 series airplanes. Should Airbus apply later for a
change to the type certificate to include another model incorporating
the same novel or unusual design feature, the proposed special
conditions would apply to that model as well.
Conclusion
This action affects only certain novel or unusual design features
on the Airbus Model A350-900 series airplanes related to electronic
system security protection. It is not a rule of general applicability.
List of Subjects in 14 CFR Part 25
Aircraft, Aviation safety, Reporting and recordkeeping
requirements.
The authority citation for these special conditions is as follows:
Authority: 49 U.S.C. 106(g), 40113, 44701, 44702, 44704.
The Proposed Special Conditions
Accordingly, the Federal Aviation Administration (FAA) proposes the
following special conditions as part of the type certification basis
for Airbus Model A350-900 series airplanes. Isolation of the Airplane
Electronic System Security Protection from Unauthorized Internal
Access.
0
1. The applicant must ensure that the design provides isolation from,
or airplane electronic system security protection against, access by
unauthorized sources internal to the airplane. The design must prevent
inadvertent and malicious changes to, and all adverse impacts upon,
airplane equipment, systems, networks, or other
[[Page 76254]]
assets required for safe flight and operations.
0
2. The applicant must establish appropriate procedures to allow the
operator to ensure that continued airworthiness of the aircraft is
maintained, including all post type certification modifications that
may have an impact on the approved electronic system security
safeguards.
Issued in Renton, Washington, on October 22, 2013.
Stephen P. Boyd,
Acting Manager, Transport Airplane Directorate, Aircraft Certification
Service.
[FR Doc. 2013-29986 Filed 12-16-13; 8:45 am]
BILLING CODE 4910-13-P