Special Conditions: Textron Aviation, Inc. Model 560XL(XLS+) Airplane; Electronic System Security Protection From Unauthorized External Access, 46953-46954 [2023-15467]

Agencies

• Federal Aviation Administration
• DEPARTMENT OF TRANSPORTATION

[Federal Register Volume 88, Number 139 (Friday, July 21, 2023)]
[Rules and Regulations]
[Pages 46953-46954]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-15467]



========================================================================
Rules and Regulations
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains regulatory documents 
having general applicability and legal effect, most of which are keyed 
to and codified in the Code of Federal Regulations, which is published 
under 50 titles pursuant to 44 U.S.C. 1510.

The Code of Federal Regulations is sold by the Superintendent of Documents. 

========================================================================


Federal Register / Vol. 88 , No. 139 / Friday, July 21, 2023 / Rules 
and Regulations

[[Page 46953]]



DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

14 CFR Part 25

[Docket No. FAA-2023-1241; Special Conditions No. 25-838-SC]


Special Conditions: Textron Aviation, Inc. Model 560XL(XLS+) 
Airplane; Electronic System Security Protection From Unauthorized 
External Access

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Final special conditions; request for comments.

-----------------------------------------------------------------------

SUMMARY: These special conditions are issued for the Textron Aviation, 
Inc. (Textron) Model 560XL(XLS+) airplane. This airplane will have a 
novel or unusual design feature when compared to the state of 
technology envisioned in the airworthiness standards for transport-
category airplanes. This design feature is associated with the 
installation of an electronic networks system architecture that will 
allow increased connectivity to and access from external sources (e.g., 
operator networks, wireless devices, internet connectivity, service 
provider satellite communications, electronic flight bags, etc.) to the 
airplane's previously isolated electronic assets (networks, systems, 
and databases). The applicable airworthiness regulations do not contain 
adequate or appropriate safety standards for this design feature. These 
special conditions contain the additional safety standards that the 
Administrator considers necessary to establish a level of safety 
equivalent to that established by the existing airworthiness standards.

DATES: This action is effective on Textron Aviation, Inc. on July 21, 
2023. Send comments on or before September 5, 2023.

ADDRESSES: Send comments identified by Docket No. FAA-2023-1241 using 
any of the following methods:
     Federal eRegulations Portal: Go to https://www.regulations.gov/ and follow the online instructions for sending 
your comments electronically.
     Mail: Send comments to Docket Operations, M-30, U.S. 
Department of Transportation (DOT), 1200 New Jersey Avenue SE, Room 
W12-140, West Building Ground Floor, Washington, DC 20590-0001.
     Hand Delivery or Courier: Take comments to Docket 
Operations in Room W12-140 of the West Building Ground Floor at 1200 
New Jersey Avenue SE, Washington, DC, between 9 a.m. and 5 p.m., Monday 
through Friday, except Federal holidays.
     Fax: Fax comments to Docket Operations at 202-493-2251.
     Docket: Background documents or comments received may be 
read at https://www.regulations.gov/ at any time. Follow the online 
instructions for accessing the docket or go to Docket Operations in 
Room W12-140 of the West Building Ground Floor at 1200 New Jersey 
Avenue SE, Washington, DC, between 9 a.m. and 5 p.m., Monday through 
Friday, except Federal holidays.

FOR FURTHER INFORMATION CONTACT: Thuan T. Nguyen, Avionics Software & 
Components Unit, AIR-626D, Technical Innovation Policy Branch, Policy 
and Innovation Division, Aircraft Certification Service, Federal 
Aviation Administration, 2200 South 216th Street, Des Moines, 
Washington 98198; telephone and fax 206-231-3365; email 
[email protected].

SUPPLEMENTARY INFORMATION: The substance of these special conditions 
has been published in the Federal Register for public comment in 
several prior instances with no substantive comments received. 
Therefore, the FAA finds, pursuant to 14 CFR 11.38(b), that new 
comments are unlikely, and notice and comment prior to this publication 
are unnecessary.

Privacy

    Except for Confidential Business Information (CBI) as described in 
the following paragraph, and other information as described in title 
14, Code of Federal Regulations (14 CFR) 11.35, the FAA will post all 
comments received without change to https://www.regulations.gov/, 
including any personal information you provide. The FAA will also post 
a report summarizing each substantive verbal contact received about 
these special conditions.

Confidential Business Information

    Confidential Business Information (CBI) is commercial or financial 
information that is both customarily and actually treated as private by 
its owner. Under the Freedom of Information Act (FOIA) (5 U.S.C. 552), 
CBI is exempt from public disclosure. If your comments responsive to 
these special conditions contain commercial or financial information 
that is customarily treated as private, that you actually treat as 
private, and that is relevant or responsive to these special 
conditions, it is important that you clearly designate the submitted 
comments as CBI. Please mark each page of your submission containing 
CBI as ``PROPIN.'' The FAA will treat such marked submissions as 
confidential under the FOIA, and the indicated comments will not be 
placed in the public docket of these special conditions. Send 
submissions containing CBI to Thuan T. Nguyen, Avionics Software & 
Components Unit, AIR-626D, Technical Innovation Policy Branch, Policy 
and Innovation Division, Aircraft Certification Service, Federal 
Aviation Administration, 2200 South 216th Street, Des Moines, 
Washington 98198; telephone and fax 206-231-3365; email 
[email protected]. Comments the FAA receives, which are not 
specifically designated as CBI, will be placed in the public docket for 
these special conditions.

Comments Invited

    The FAA invites interested people to take part in this rulemaking 
by sending written comments, data, or views. The most helpful comments 
reference a specific portion of the special conditions, explain the 
reason for any recommended change, and include supporting data.
    The FAA will consider all comments received by the closing date for 
comments, and will consider comments filed late if it is possible to do 
so without incurring delay. The FAA may change these special conditions 
based on the comments received.

Background

    On June 30, 2021, Textron Aviation, Inc. applied for an Amended 
Type Certificate (ATC) for the installation of a digital systems 
architecture that will allow increased connectivity to and

[[Page 46954]]

access from external network sources, (e.g., operator networks, 
wireless devices, internet connectivity, service provider satellite 
communications, electronic flight bags, etc.) to the airplane's 
previously isolated electronic assets (networks, systems, and 
databases). The Textron Model 560XL(XLS+) airplane, which is a 
derivative of the Model 560XL currently approved under Type Certificate 
No. A22CE, is a two-engine transport category airplane. The maximum 
seating capacity is 12 passengers and 2 crew members. The maximum 
takeoff weight is 20,200 to 20,330 pounds, depending on the specific 
variant.

Type Certification Basis

    Under the provisions of title 14, Code of Federal Regulations (14 
CFR) 21.101, Textron Aviation, Inc. must show that the Model 
560XL(XLS+) airplane, as changed, continues to meet the applicable 
provisions of the regulations listed in Type Certificate No. A22CE or 
the applicable regulations in effect on the date of application for the 
change, except for earlier amendments as agreed upon by the FAA.
    If the Administrator finds that the applicable airworthiness 
regulations (e.g., 14 CFR part 25) do not contain adequate or 
appropriate safety standards for the Textron Model 560XL(XLS+) airplane 
because of a novel or unusual design feature, special conditions are 
prescribed under the provisions of Sec.  21.16.
    Special conditions are initially applicable to the model for which 
they are issued. Should the applicant apply for an ATC to modify any 
other model included on the same type certificate to incorporate the 
same novel or unusual design feature, these special conditions would 
also apply to the other under Sec.  21.101.
    In addition to the applicable airworthiness regulations and special 
conditions, the Textron Model 560XL(XLS+) airplane must comply with the 
exhaust-emission requirements of 14 CFR part 34, and the noise-
certification requirements of 14 CFR part 36.
    The FAA issues special conditions, as defined in 14 CFR 11.19, in 
accordance with Sec.  11.38, and they become part of the type 
certification basis under Sec.  21.101.

Novel or Unusual Design Features

    The Textron Model 560XL(XLS+) airplane will incorporate a novel or 
unusual design feature, which is the installation of a digital systems 
architecture that will allow increased connectivity to and access from 
external network sources, (e.g., operator networks, wireless devices, 
internet connectivity, service provider satellite communications, 
electronic flight bags, etc.) to the airplane's previously isolated 
electronic assets (networks, systems, and databases).

Discussion

    The Textron Model 560XL(XLS+) airplane electronic system 
architecture and network configuration is novel or unusual for 
commercial transport airplanes because it may allow increased 
connectivity to and access from external network sources, airline 
operations, and maintenance networks, to the airplane control domain 
and airline information services domain. The airplane's control domain 
and airline information-services domain perform functions required for 
the safe operation and maintenance of the airplane. Previously, these 
domains had very limited connectivity with external network sources. 
This data network and design integration creates a potential for 
unauthorized persons to access the aircraft-control domain and airline 
information-services domain, and presents security vulnerabilities 
related to the introduction of computer viruses and worms, user errors, 
and intentional sabotage of airplane electronic assets (networks, 
systems, and databases) critical to the safety and maintenance of the 
airplane.
    The existing FAA regulations did not anticipate these networked 
airplane-system architectures. Furthermore, these regulations and the 
current guidance material do not address potential security 
vulnerabilities, which could be exploited by unauthorized access to 
airplane networks, data buses, and servers. Therefore, these special 
conditions ensure that the security (i.e., confidentiality, integrity, 
and availability) of airplane systems is not compromised by 
unauthorized wired or wireless electronic connections. This includes 
ensuring that the security of the airplane's systems is not compromised 
during maintenance of the airplane's electronic systems. These special 
conditions also require the applicant to provide appropriate 
instructions to the operator to maintain all electronic-system 
safeguards that have been implemented as part of the original network 
design so that this feature does not allow or introduce security 
threats.
    These special conditions contain the additional safety standards 
that the Administrator considers necessary to establish a level of 
safety equivalent to that established by the existing airworthiness 
standards.

Applicability

    As discussed above, these special conditions are applicable to the 
Textron Model 560XL(XLS+) airplane. Should Textron Aviation, Inc. apply 
at a later date for ATC to modify any other model included on Type 
Certificate No. A22CE to incorporate the same novel or unusual design 
feature, these special conditions would apply to that model as well.

Conclusion

    This action affects only a certain novel or unusual design feature 
on the Textron Model 560XL(XLS+) airplane. It is not a rule of general 
applicability.

List of Subjects in 14 CFR Part 25

    Aircraft, Aviation safety, Reporting and recordkeeping 
requirements.

Authority Citation

    The authority citation for these special conditions is as follows:

    Authority: 49 U.S.C. 106(f), 106(g), 40113, 44701, 44702, and 
44704.

The Special Conditions

    Accordingly, pursuant to the authority delegated to me by the 
Administrator, the following special conditions are issued as part of 
the type certification basis for the Textron Model 560XL(XLS+) airplane 
for airplane electronic unauthorized external access.
    1. The applicant must ensure airplane electronic-system security 
protection from access by unauthorized sources external to the 
airplane, including those possibly caused by maintenance activity.
    2. The applicant must ensure airplane electronic system security 
threats are identified and assessed, and that effective electronic 
system security protection strategies are implemented to protect the 
airplane from all adverse impacts on safety, functionality, and 
continued airworthiness.
    3. The applicant must establish appropriate procedures to allow the 
operator to ensure that continued airworthiness of the airplane is 
maintained, including all post-type-certification modifications that 
may have an impact on the approved electronic-system security 
safeguards.

    Issued in Kansas City, Missouri, on July 17, 2023.
Patrick R. Mullen,
Manager, Technical Innovation Policy Branch, Policy and Innovation 
Division, Aircraft Certification Service.
[FR Doc. 2023-15467 Filed 7-20-23; 8:45 am]
BILLING CODE 4910-13-P