Special Conditions: Airbus Model A330-200, A330-200F, A330-300 and A330-900 Series Airplanes; Electronic System Security Protection From Unauthorized Internal Access, 66084-66086 [2018-27818]
Download as PDF
<![CDATA[
66084
Federal Register / Vol. 83, No. 246 / Wednesday, December 26, 2018 / Rules and Regulations
(c) The Director may propose
imposition of a civil penalty for
violation of a requirement of a
regulation or rule under paragraph (a) of
this section or a compliance order
issued under paragraph (b) of this
section, not to exceed $150,346 for each
violation.
*
*
*
*
*
22. Section 851.5 is amended by
revising the first sentence of paragraph
(a) to read as follows:
■
Enforcement.
(a) A contractor that is indemnified
under section 170d. of the AEA (or any
subcontractor or supplier thereto) and
that violates (or whose employee
violates) any requirement of this part
shall be subject to a civil penalty of up
to $97,639 for each such
violation. * * *
*
*
*
*
*
■ 23. Appendix B to part 851 is
amended by:
■ a. Revising the last sentences of
paragraphs (b)(1) and (2) in section VI;
and
■ b. Revising paragraph 1.(e)(1) in
section IX.
The revisions read as follows:
amozie on DSK3GDR082PROD with RULES
Appendix B to Part 851—General
Statement of Enforcement Policy
*
*
*
*
*
VI. Severity of Violations
*
*
*
*
*
(b) * * *
(1) * * * A Severity Level I violation
would be subject to a base civil penalty
of up to 100% of the maximum base
civil penalty of $97,639.
(2) * * * A Severity Level II violation
would be subject to a base civil penalty
up to 50% of the maximum base civil
penalty ($48,820).
*
*
*
*
*
IX. Enforcement Actions
*
*
*
*
*
1. Notice of Violation
*
*
*
*
*
(e) * * *
(1) DOE may assess civil penalties of
up to $97,639 per violation per day on
contractors (and their subcontractors
and suppliers) that are indemnified by
Jkt 247001
■
24. The authority citation for part
1013 continues to reads as follows:
■
25. Section 1013.3 is amended by
revising paragraphs (a)(1)(iv) and
(b)(1)(ii) to read as follows:
§ 1013.3 Basis for civil penalties and
assessments.
Authority: 42 U.S.C. 2201(i)(3), (p); 42
U.S.C. 2282c; 42 U.S.C. 5801 et seq.; 42
U.S.C. 7101 et seq.; 50 U.S.C. 2401 et seq.;
28 U.S.C. 2461 note.
16:56 Dec 21, 2018
PART 1013—PROGRAM FRAUD CIVIL
REMEDIES AND PROCEDURES
■
21. The authority citation for part 851
continues to read as follows:
■
VerDate Sep<11>2014
Authority: The Constitution of the United
States, Article I, Section 9; 5 U.S.C. 7342; 22
U.S.C. 2694; 42 U.S.C. 7254 and 7262; 28
U.S.C. 2461 note.
Authority: 31 U.S.C. 3801–3812; 28 U.S.C.
2461 note.
PART 851—WORKER SAFETY AND
HEALTH PROGRAM
§ 851.5
the Price-Anderson Act, 42 U.S.C.
2210(d). See 10 CFR 851.5(a).
*
*
*
*
*
(a) * * *
(1) * * *
(iv) Is for payment for the provision
of property or services which the person
has not provided as claimed, shall be
subject, in addition to any other remedy
that may be prescribed by law, to a civil
penalty of not more than $11,463 for
each such claim.
*
*
*
*
*
(b) * * *
(1) * * *
(ii) Contains or is accompanied by an
express certification or affirmation of
the truthfulness and accuracy of the
contents of the statement, shall be
subject, in addition to any other remedy
that may be prescribed by law, to a civil
penalty of not more than $11,463 for
each such statement.
*
*
*
*
*
PART 1017—IDENTIFICATION AND
PROTECTION OF UNCLASSIFIED
CONTROLLED NUCLEAR
INFORMATION
26. The authority citation for part
1017 continues to read as follows:
■
Authority: 42 U.S.C. 7101 et seq.; 50 U.S.C.
2401 et seq.; 42 U.S.C. 2168; 28 U.S.C. 2461
note.
27. Section 1017.29 is amended by
revising paragraph (c) to read as follows:
■
§ 1017.29
Civil penalty.
*
*
*
*
*
(c) Amount of penalty. The Director
may propose imposition of a civil
penalty for violation of a requirement of
a regulation under paragraph (a) of this
section or a compliance order issued
under paragraph (b) of this section, not
to exceed $270,753 for each violation.
*
*
*
*
*
PART 1050—FOREIGN GIFTS AND
DECORATIONS
28. The authority citation for part
1050 continues to read as follows:
■
PO 00000
Frm 00008
Fmt 4700
Sfmt 4700
29. Section 1050.303 is amended by
revising the last sentence in paragraph
(d) to read as follows:
§ 1050.303
Enforcement.
*
*
*
*
*
(d) * * * The court in which such
action is brought may assess a civil
penalty against such employee in any
amount not to exceed the retail value of
the gift improperly solicited or received
plus $20,526.
[FR Doc. 2018–27670 Filed 12–21–18; 8:45 am]
BILLING CODE 6450–01–P
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 25
[Docket No. FAA–2018–1054; Special
Conditions No. 25–740–SC]
Special Conditions: Airbus Model
A330–200, A330–200F, A330–300 and
A330–900 Series Airplanes; Electronic
System Security Protection From
Unauthorized Internal Access
Federal Aviation
Administration (FAA), DOT.
ACTION: Final special conditions; request
for comments.
AGENCY:
These special conditions are
issued for the Airbus Model A330–200,
A330–200F, A330–300, and A330–900
series airplanes. These airplanes will
have a novel or unusual design feature
when compared to the state of
technology envisioned in the
airworthiness standards for transport
category airplanes. This design feature
is airplane electronic systems and
networks that allow access, from aircraft
internal sources (e.g., wireless devices,
internet connectivity), to the airplane’s
previously isolated, internal, electronic
components. The applicable
airworthiness regulations do not contain
adequate or appropriate safety standards
for this design feature. These special
conditions contain the additional safety
standards that the Administrator
considers necessary to establish a level
of safety equivalent to that established
by the existing airworthiness standards.
DATES: This action is effective on Airbus
on December 26, 2018. Send comments
on or before February 11, 2019.
ADDRESSES: Send comments identified
by Docket No. FAA–2018–1054 using
any of the following methods:
SUMMARY:
E:\FR\FM\26DER1.SGM
26DER1
Federal Register / Vol. 83, No. 246 / Wednesday, December 26, 2018 / Rules and Regulations
• Federal eRegulations Portal: Go to
https://www.regulations.gov/ and follow
the online instructions for sending your
comments electronically.
• Mail: Send comments to Docket
Operations, M–30, U.S. Department of
Transportation (DOT), 1200 New Jersey
Avenue SE, Room W12–140, West
Building Ground Floor, Washington, DC
20590–0001.
• Hand Delivery or Courier: Take
comments to Docket Operations in
Room W12–140 of the West Building
Ground Floor at 1200 New Jersey
Avenue SE, Washington, DC, between 9
a.m. and 5 p.m., Monday through
Friday, except Federal holidays.
• Fax: Fax comments to Docket
Operations at 202–493–2251.
Privacy: The FAA will post all
comments it receives, without change,
to https://www.regulations.gov/,
including any personal information the
commenter provides. Using the search
function of the docket website, anyone
can find and read the electronic form of
all comments received into any FAA
docket, including the name of the
individual sending the comment (or
signing the comment for an association,
business, labor union, etc.). DOT’s
complete Privacy Act Statement can be
found in the Federal Register published
on April 11, 2000 (65 FR 19477–19478).
Docket: Background documents or
comments received may be read at
https://www.regulations.gov/ at any time.
Follow the online instructions for
accessing the docket or go to Docket
Operations in Room W12–140 of the
West Building Ground Floor at 1200
New Jersey Avenue SE, Washington,
DC, between 9 a.m. and 5 p.m., Monday
through Friday, except Federal holidays.
FOR FURTHER INFORMATION CONTACT:
amozie on DSK3GDR082PROD with RULES
Thuan Nguyen, Airplane and Flight
Crew Interface Section, AIR–671,
Transport Standards Branch, Policy and
Innovation Division, Aircraft
Certification Service, Federal Aviation
Administration, 2200 South 216th
Street, Des Moines, Washington 98198;
telephone and fax 206–231–3365; email
Thuan.T.Nguyen@faa.gov.
SUPPLEMENTARY INFORMATION:
The substance of these special
conditions has been published in the
Federal Register for public comment in
several prior instances with no
substantive comments received.
Therefore, the FAA has determined that
prior public notice and comment are
unnecessary, and finds that, for the
same reason, good cause exists for
adopting these special conditions upon
publication in the Federal Register.
VerDate Sep<11>2014
16:56 Dec 21, 2018
Jkt 247001
Comments Invited
We invite interested people to take
part in this rulemaking by sending
written comments, data, or views. The
most helpful comments reference a
specific portion of the special
conditions, explain the reason for any
recommended change, and include
supporting data.
We will consider all comments we
receive by the closing date for
comments. We may change these special
conditions based on the comments we
receive.
Background
On January 20, 2015, Airbus applied
for an amendment to Type Certificate
No. A46NM to include the new Model
A330–900 series airplane. The Airbus
Model A330–900 series airplane is a
derivative of the Model A330–300 series
airplane currently approved under Type
Certificate No. A46NM.
On August 9, 2018, Airbus applied for
a change to Type Certificate No. A46NM
for the installation of electronic system
architecture or Flight Operations and
Maintenance Exchanger (FOMAX)
equipment in Model A330–200, A330–
200F, A330–300, and A330–900 series
airplanes. These airplanes are twinengine, transport category airplanes
with a maximum passenger seating
capacity of 406 for the A330–200 series
and a maximum passenger seating
capacity of 440 for the A330–300 and
A330–900 series airplanes. These
airplanes have a maximum takeoff
weight of 533,518 pounds.
Type Certification Basis
Under the provisions of title 14, Code
of Federal Regulations (14 CFR) 21.101,
Airbus must show that the Model A330–
900 series airplane and the Model
A330–200, A330–200F, and A330–300
series airplanes, as changed, meet the
applicable provisions of the regulations
listed in Type Certificate No. A46NM, or
the applicable regulations in effect on
the date of application for the change,
except for earlier amendments as agreed
upon by the FAA.
If the Administrator finds that the
applicable airworthiness regulations
(i.e., 14 CFR part 25) do not contain
adequate or appropriate safety standards
for the Airbus Model A330–200, A330–
200F, A330–300, and A330–900 series
airplanes because of a novel or unusual
design feature, special conditions are
prescribed under the provisions of
§ 21.16.
Special conditions are initially
applicable to the model for which they
are issued. Should the type certificate
for that model be amended later to
PO 00000
Frm 00009
Fmt 4700
Sfmt 4700
66085
include any other model that
incorporates the same novel or unusual
design feature, or should any other
model already included on the same
type certificate be modified to
incorporate the same novel or unusual
design feature, these special conditions
would also apply to the other model
under § 21.101.
In addition to the applicable
airworthiness regulations and special
conditions, the Airbus Model A330–
200, A330–200F, A330–300, and A330–
900 series airplanes must comply with
the fuel vent and exhaust emission
requirements of 14 CFR part 34 and the
noise certification requirements of 14
CFR part 36.
The FAA issues special conditions, as
defined in 14 CFR 11.19, in accordance
with § 11.38, and they become part of
the type certification basis under
§ 21.101.
Novel or Unusual Design Features
The Airbus Model A330–200, A330–
200F, A330–300, and A330–900 series
airplanes will incorporate the following
novel or unusual design feature:
The installation and activation of
electronic network system architecture
or Flight Operations and Maintenance
Exchanger (FOMAX) equipment that
allows access from internal sources (e.g.,
wireless devices, internet connectivity)
to the airplane’s once isolated internal
electronic components.
Discussion
The Airbus airplane Model A330–200,
A330–200F, A330–300, and A330–900
series electronic network system
architecture is novel or unusual for
commercial transport airplanes because
it allows connection to previously
isolated data networks connected to
systems that perform functions required
for the safe operation of the airplane.
This data network and design
integration may result in security
vulnerabilities from intentional or
unintentional corruption of data and
systems critical to the safety and
maintenance of the airplane. The
existing regulations and guidance
material did not anticipate this type of
system architecture or electronic access
to aircraft systems. Furthermore, 14 CFR
regulations and the current system
safety assessment policy and techniques
do not address potential security
vulnerabilities, which could be
exploited by unauthorized access to
airplane networks and servers.
Therefore, these special conditions are
to ensure that the security of airplane
systems and networks is not
compromised by unauthorized wired or
wireless internal access.
E:\FR\FM\26DER1.SGM
26DER1
66086
Federal Register / Vol. 83, No. 246 / Wednesday, December 26, 2018 / Rules and Regulations
These special conditions contain the
additional safety standards that the
Administrator considers necessary to
establish a level of safety equivalent to
that established by the existing
airworthiness standards.
Issued in Des Moines, Washington, on
December 12, 2018.
Victor Wicklund,
Manager, Transport Standards Branch, Policy
and Innovation Division, Aircraft
Certification Service.
Applicability
BILLING CODE 4910–13–P
As discussed above, these special
conditions are applicable to the Airbus
Model A330–200, A330–200F, A330–
300, and A330–900 series airplanes.
Should Airbus apply at a later date for
a change to the type certificate to
include another model incorporating the
same novel or unusual design feature,
these special conditions would apply to
that model as well.
Conclusion
This action affects only a certain
novel or unusual design feature on
Airbus Model A330–200, A330–200F,
A330–300, and A330–900 series
airplanes. It is not a rule of general
applicability.
The authority citation for these
special conditions is as follows:
Authority: 49 U.S.C. 106(f), 106(g), 40113,
44701, 44702, 44704.
The Special Conditions
amozie on DSK3GDR082PROD with RULES
14 CFR Part 25
[Docket No. FAA–2018–1053; Special
Conditions No. 25–739–SC]
Special Conditions: Airbus Model
A330–200, A330–200F, A330–300 and
A330–900 Series Airplanes; Electronic
System Security Protection From
Unauthorized External Access
These special conditions are
issued for the Airbus Model A330–200,
A330–200F, A330–300, and A330–900
series airplanes. These airplanes will
have a novel or unusual design feature
when compared to the state of
technology envisioned in the
airworthiness standards for transport
category airplanes. This design feature
is airplane electronic systems and
networks that allow access from
external sources (e.g., wireless devices,
internet connectivity) to the airplane’s
internal electronic components. The
applicable airworthiness regulations do
not contain adequate or appropriate
safety standards for this design feature.
These special conditions contain the
additional safety standards that the
Administrator considers necessary to
establish a level of safety equivalent to
that established by the existing
airworthiness standards.
DATES: This action is effective on Airbus
on December 26, 2018. Send comments
on or before February 11, 2019.
ADDRESSES: Send comments identified
by Docket No. FAA–2018–1053 using
any of the following methods:
• Federal eRegulations Portal: Go to
https://www.regulations.gov/ and follow
the online instructions for sending your
comments electronically.
• Mail: Send comments to Docket
Operations, M–30, U.S. Department of
Transportation (DOT), 1200 New Jersey
Avenue SE, Room W12–140, West
Building Ground Floor, Washington, DC
20590–0001.
SUMMARY:
Authority Citation
Accordingly, pursuant to the
authority delegated to me by the
Administrator, the following special
conditions are issued as part of the type
certification basis for Airbus Model
A330–200, A330–200F, A330–300, and
A330–900 series airplanes.
1. The applicant must ensure that the
design provides isolation from, or
airplane electronic system security
protection against, access by
unauthorized sources internal to the
airplane. The design must prevent
inadvertent and malicious changes to,
and all adverse impacts upon, airplane
equipment, systems, networks, or other
assets required for safe flight and
operations.
2. The applicant must establish
appropriate procedures to allow the
operator to ensure that continued
airworthiness of the aircraft is
maintained, including all post type
certification modifications that may
have an impact on the approved
electronic system security safeguards.
Jkt 247001
Federal Aviation Administration
Federal Aviation
Administration (FAA), DOT.
ACTION: Final special conditions; request
for comments.
Aircraft, Aviation safety, Reporting
and recordkeeping requirements.
16:56 Dec 21, 2018
DEPARTMENT OF TRANSPORTATION
AGENCY:
List of Subjects in 14 CFR Part 25
VerDate Sep<11>2014
[FR Doc. 2018–27818 Filed 12–21–18; 8:45 am]
PO 00000
Frm 00010
Fmt 4700
Sfmt 4700
• Hand Delivery or Courier: Take
comments to Docket Operations in
Room W12–140 of the West Building
Ground Floor at 1200 New Jersey
Avenue SE, Washington, DC, between 9
a.m. and 5 p.m., Monday through
Friday, except Federal holidays.
• Fax: Fax comments to Docket
Operations at 202–493–2251.
Privacy: The FAA will post all
comments it receives, without change,
to https://www.regulations.gov/,
including any personal information the
commenter provides. Using the search
function of the docket website, anyone
can find and read the electronic form of
all comments received into any FAA
docket, including the name of the
individual sending the comment (or
signing the comment for an association,
business, labor union, etc.). DOT’s
complete Privacy Act Statement can be
found in the Federal Register published
on April 11, 2000 (65 FR 19477–19478).
Docket: Background documents or
comments received may be read at
https://www.regulations.gov/ at any time.
Follow the online instructions for
accessing the docket or go to Docket
Operations in Room W12–140 of the
West Building Ground Floor at 1200
New Jersey Avenue SE, Washington,
DC, between 9 a.m. and 5 p.m., Monday
through Friday, except Federal holidays.
FOR FURTHER INFORMATION CONTACT:
Thuan Nguyen, Airplane and Flight
Crew Interface Section, AIR–671,
Transport Standards Branch, Policy and
Innovation Division, Aircraft
Certification Service, Federal Aviation
Administration, 2200 South 216th
Street, Des Moines, Washington 98198;
telephone and fax 206–231–3365; email
Thuan.T.Nguyen@faa.gov.
SUPPLEMENTARY INFORMATION:
The substance of these special
conditions has been published in the
Federal Register for public comment in
several prior instances with no
substantive comments received.
Therefore, the FAA has determined that
prior public notice and comment are
unnecessary, and finds that, for the
same reason, good cause exists for
adopting these special conditions upon
publication in the Federal Register.
Comments Invited
We invite interested people to take
part in this rulemaking by sending
written comments, data, or views. The
most helpful comments reference a
specific portion of the special
conditions, explain the reason for any
recommended change, and include
supporting data.
E:\FR\FM\26DER1.SGM
26DER1
]]>Agencies
[Federal Register Volume 83, Number 246 (Wednesday, December 26, 2018)]
[Rules and Regulations]
[Pages 66084-66086]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-27818]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 25
[Docket No. FAA-2018-1054; Special Conditions No. 25-740-SC]
Special Conditions: Airbus Model A330-200, A330-200F, A330-300
and A330-900 Series Airplanes; Electronic System Security Protection
From Unauthorized Internal Access
AGENCY: Federal Aviation Administration (FAA), DOT.
ACTION: Final special conditions; request for comments.
-----------------------------------------------------------------------
SUMMARY: These special conditions are issued for the Airbus Model A330-
200, A330-200F, A330-300, and A330-900 series airplanes. These
airplanes will have a novel or unusual design feature when compared to
the state of technology envisioned in the airworthiness standards for
transport category airplanes. This design feature is airplane
electronic systems and networks that allow access, from aircraft
internal sources (e.g., wireless devices, internet connectivity), to
the airplane's previously isolated, internal, electronic components.
The applicable airworthiness regulations do not contain adequate or
appropriate safety standards for this design feature. These special
conditions contain the additional safety standards that the
Administrator considers necessary to establish a level of safety
equivalent to that established by the existing airworthiness standards.
DATES: This action is effective on Airbus on December 26, 2018. Send
comments on or before February 11, 2019.
ADDRESSES: Send comments identified by Docket No. FAA-2018-1054 using
any of the following methods:
[[Page 66085]]
Federal eRegulations Portal: Go to https://www.regulations.gov/ and follow the online instructions for sending
your comments electronically.
Mail: Send comments to Docket Operations, M-30, U.S.
Department of Transportation (DOT), 1200 New Jersey Avenue SE, Room
W12-140, West Building Ground Floor, Washington, DC 20590-0001.
Hand Delivery or Courier: Take comments to Docket
Operations in Room W12-140 of the West Building Ground Floor at 1200
New Jersey Avenue SE, Washington, DC, between 9 a.m. and 5 p.m., Monday
through Friday, except Federal holidays.
Fax: Fax comments to Docket Operations at 202-493-2251.
Privacy: The FAA will post all comments it receives, without
change, to https://www.regulations.gov/, including any personal
information the commenter provides. Using the search function of the
docket website, anyone can find and read the electronic form of all
comments received into any FAA docket, including the name of the
individual sending the comment (or signing the comment for an
association, business, labor union, etc.). DOT's complete Privacy Act
Statement can be found in the Federal Register published on April 11,
2000 (65 FR 19477-19478).
Docket: Background documents or comments received may be read at
https://www.regulations.gov/ at any time. Follow the online instructions
for accessing the docket or go to Docket Operations in Room W12-140 of
the West Building Ground Floor at 1200 New Jersey Avenue SE,
Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday,
except Federal holidays.
FOR FURTHER INFORMATION CONTACT: Thuan Nguyen, Airplane and Flight Crew
Interface Section, AIR-671, Transport Standards Branch, Policy and
Innovation Division, Aircraft Certification Service, Federal Aviation
Administration, 2200 South 216th Street, Des Moines, Washington 98198;
telephone and fax 206-231-3365; email Thuan.T.Nguyen@faa.gov.
SUPPLEMENTARY INFORMATION:
The substance of these special conditions has been published in the
Federal Register for public comment in several prior instances with no
substantive comments received. Therefore, the FAA has determined that
prior public notice and comment are unnecessary, and finds that, for
the same reason, good cause exists for adopting these special
conditions upon publication in the Federal Register.
Comments Invited
We invite interested people to take part in this rulemaking by
sending written comments, data, or views. The most helpful comments
reference a specific portion of the special conditions, explain the
reason for any recommended change, and include supporting data.
We will consider all comments we receive by the closing date for
comments. We may change these special conditions based on the comments
we receive.
Background
On January 20, 2015, Airbus applied for an amendment to Type
Certificate No. A46NM to include the new Model A330-900 series
airplane. The Airbus Model A330-900 series airplane is a derivative of
the Model A330-300 series airplane currently approved under Type
Certificate No. A46NM.
On August 9, 2018, Airbus applied for a change to Type Certificate
No. A46NM for the installation of electronic system architecture or
Flight Operations and Maintenance Exchanger (FOMAX) equipment in Model
A330-200, A330-200F, A330-300, and A330-900 series airplanes. These
airplanes are twin-engine, transport category airplanes with a maximum
passenger seating capacity of 406 for the A330-200 series and a maximum
passenger seating capacity of 440 for the A330-300 and A330-900 series
airplanes. These airplanes have a maximum takeoff weight of 533,518
pounds.
Type Certification Basis
Under the provisions of title 14, Code of Federal Regulations (14
CFR) 21.101, Airbus must show that the Model A330-900 series airplane
and the Model A330-200, A330-200F, and A330-300 series airplanes, as
changed, meet the applicable provisions of the regulations listed in
Type Certificate No. A46NM, or the applicable regulations in effect on
the date of application for the change, except for earlier amendments
as agreed upon by the FAA.
If the Administrator finds that the applicable airworthiness
regulations (i.e., 14 CFR part 25) do not contain adequate or
appropriate safety standards for the Airbus Model A330-200, A330-200F,
A330-300, and A330-900 series airplanes because of a novel or unusual
design feature, special conditions are prescribed under the provisions
of Sec. 21.16.
Special conditions are initially applicable to the model for which
they are issued. Should the type certificate for that model be amended
later to include any other model that incorporates the same novel or
unusual design feature, or should any other model already included on
the same type certificate be modified to incorporate the same novel or
unusual design feature, these special conditions would also apply to
the other model under Sec. 21.101.
In addition to the applicable airworthiness regulations and special
conditions, the Airbus Model A330-200, A330-200F, A330-300, and A330-
900 series airplanes must comply with the fuel vent and exhaust
emission requirements of 14 CFR part 34 and the noise certification
requirements of 14 CFR part 36.
The FAA issues special conditions, as defined in 14 CFR 11.19, in
accordance with Sec. 11.38, and they become part of the type
certification basis under Sec. 21.101.
Novel or Unusual Design Features
The Airbus Model A330-200, A330-200F, A330-300, and A330-900 series
airplanes will incorporate the following novel or unusual design
feature:
The installation and activation of electronic network system
architecture or Flight Operations and Maintenance Exchanger (FOMAX)
equipment that allows access from internal sources (e.g., wireless
devices, internet connectivity) to the airplane's once isolated
internal electronic components.
Discussion
The Airbus airplane Model A330-200, A330-200F, A330-300, and A330-
900 series electronic network system architecture is novel or unusual
for commercial transport airplanes because it allows connection to
previously isolated data networks connected to systems that perform
functions required for the safe operation of the airplane. This data
network and design integration may result in security vulnerabilities
from intentional or unintentional corruption of data and systems
critical to the safety and maintenance of the airplane. The existing
regulations and guidance material did not anticipate this type of
system architecture or electronic access to aircraft systems.
Furthermore, 14 CFR regulations and the current system safety
assessment policy and techniques do not address potential security
vulnerabilities, which could be exploited by unauthorized access to
airplane networks and servers. Therefore, these special conditions are
to ensure that the security of airplane systems and networks is not
compromised by unauthorized wired or wireless internal access.
[[Page 66086]]
These special conditions contain the additional safety standards
that the Administrator considers necessary to establish a level of
safety equivalent to that established by the existing airworthiness
standards.
Applicability
As discussed above, these special conditions are applicable to the
Airbus Model A330-200, A330-200F, A330-300, and A330-900 series
airplanes. Should Airbus apply at a later date for a change to the type
certificate to include another model incorporating the same novel or
unusual design feature, these special conditions would apply to that
model as well.
Conclusion
This action affects only a certain novel or unusual design feature
on Airbus Model A330-200, A330-200F, A330-300, and A330-900 series
airplanes. It is not a rule of general applicability.
List of Subjects in 14 CFR Part 25
Aircraft, Aviation safety, Reporting and recordkeeping
requirements.
Authority Citation
The authority citation for these special conditions is as follows:
Authority: 49 U.S.C. 106(f), 106(g), 40113, 44701, 44702, 44704.
The Special Conditions
Accordingly, pursuant to the authority delegated to me by the
Administrator, the following special conditions are issued as part of
the type certification basis for Airbus Model A330-200, A330-200F,
A330-300, and A330-900 series airplanes.
1. The applicant must ensure that the design provides isolation
from, or airplane electronic system security protection against, access
by unauthorized sources internal to the airplane. The design must
prevent inadvertent and malicious changes to, and all adverse impacts
upon, airplane equipment, systems, networks, or other assets required
for safe flight and operations.
2. The applicant must establish appropriate procedures to allow the
operator to ensure that continued airworthiness of the aircraft is
maintained, including all post type certification modifications that
may have an impact on the approved electronic system security
safeguards.
Issued in Des Moines, Washington, on December 12, 2018.
Victor Wicklund,
Manager, Transport Standards Branch, Policy and Innovation Division,
Aircraft Certification Service.
[FR Doc. 2018-27818 Filed 12-21-18; 8:45 am]
BILLING CODE 4910-13-P
