Special Conditions: Boeing Model 747-8/-8F Airplanes, Systems and Data Networks Security - Protection of Airplane Systems, etc.

Federal Register: January 15, 2010 (Volume 75, Number 10)

Rules and Regulations

Page 2433-2434

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

DOCID:fr15ja10-1

Rules and Regulations

Federal Register

This section of the FEDERAL REGISTER contains regulatory documents having general applicability and legal effect, most of which are keyed to and codified in the Code of Federal Regulations, which is published under 50 titles pursuant to 44 U.S.C. 1510.

The Code of Federal Regulations is sold by the Superintendent of Documents.

Prices of new books are listed in the first FEDERAL REGISTER issue of each week.

Page 2433

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration 14 CFR Part 25

Docket No. NM413; Special Conditions No. 25-401-SC

Special Conditions: Boeing Model 747-8/-8F Airplanes, Systems and

Data Networks Security--Protection of Airplane Systems and Data

Networks From Unauthorized External Access

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Final special conditions.

SUMMARY: These special conditions are issued for the Boeing Model 747- 8/-8F airplane. This airplane will have novel or unusual design features associated with the architecture and connectivity capabilities of the airplane's computer systems and networks, which may allow access to external computer systems and networks. Connectivity to external systems and networks may result in security vulnerabilities to the airplane's systems. The applicable airworthiness regulations do not contain adequate or appropriate safety standards for these design features. These special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards.

DATES: Effective Date: February 16, 2010.

FOR FURTHER INFORMATION CONTACT: Will Struck, FAA, Airplane and Flight

Crew Interface Branch, ANM-111, Transport Airplane Directorate, 1601

Lind Avenue, SW., Renton, Washington 98057-3356; telephone (425) 227- 2764; facsimile (425) 227-1149.

SUPPLEMENTARY INFORMATION:

Background

On November 4, 2005, The Boeing Company, P.O. Box 3707, Seattle, WA 98124, applied for an amendment to Type Certificate Number A20WE to include the new Model 747-8 passenger airplane and the new Model 747-8F freighter airplane. The Model 747-8 and the Model 747-8F are derivatives of the 747-400 and the 747-400F, respectively. Both the

Model 747-8 and the Model 747-8F are four-engine jet transport airplanes that will have a maximum takeoff weight of 975,000 pounds and new General Electric GEnx-2B67 engines. The Model 747-8 will have two flight crew and the capacity to carry 660 passengers. The Model 747-8F will have two flight crew and a zero passenger capacity, although the

FAA has issued a partial grant of exemption to Boeing for the carriage of up to six supernumeraries for the 747-8F.

Type Certification Basis

Under the provisions of Title 14, Code of Federal Regulations (14

CFR) 21.17, Boeing must show that the Model 747-8 and 747-8F (hereafter referred as 747-8/-8F) meet the applicable provisions of part 25, as amended by Amendments 25-1 through 25-120, except for Sec. Sec. 25.809(a) and 25.812, which will remain at Amendment 25-115. These regulations will be incorporated into Type Certificate No. A20WE after type certification approval of the 747-8/-8F.

In addition, the certification basis includes other regulations, special conditions and exemptions that are not relevant to these special conditions.

If the Administrator finds that the applicable airworthiness regulations (i.e., 14 CFR part 25) do not contain adequate or appropriate safety standards for the 747-8/-8F because of a novel or unusual design feature, special conditions are prescribed under the provisions of Sec. 21.16.

In addition to the applicable airworthiness regulations and special conditions, the 747-8/-8F must comply with the fuel vent and exhaust emission requirements of 14 CFR part 34 and the noise certification requirements of 14 CFR part 36.

Special conditions, as defined in Sec. 11.19, are issued under

Sec. 11.38, and become part of the type certification basis under

Sec. 21.101.

Special conditions are initially applicable to the model for which they are issued. Should the type certificate for that model be amended later to include any other model that incorporates the same or similar novel or unusual design feature, or should any other model already included on the same type certificate be modified to incorporate the same or similar novel or unusual design feature, the special conditions would also apply to the other model under Sec. 21.101.

Novel or Unusual Design Features

The Boeing Model 747-8/-8F airplane will incorporate the following novel or unusual design features: digital systems architecture composed of several connected networks. The architecture and network configuration may be used for, or interfaced with, a diverse set of functions, including: 1. Flight-safety related control, communication, and navigation systems (aircraft control domain), 2. Airline business and administrative support (airline information domain), 3. Passenger information and entertainment systems (passenger entertainment domain), and 4. The capability to allow access to or by external network sources.

Discussion

The Model 747-8/-8F architecture and network configuration may allow increased connectivity to and access from external network sources and airline operations and maintenance networks to the aircraft control domain and airline information domain. The aircraft control domain and airline information domain perform functions required for the safe operation and maintenance of the airplane. Previously these domains had very limited connectivity with external network sources.

The architecture and network configuration may allow the exploitation of network security vulnerabilities resulting in intentional or unintentional destruction, disruption, degradation, or exploitation of data, systems, and networks critical to the safety and maintenance of the airplane.

The existing regulations and guidance material did not anticipate these types of airplane system architectures. Furthermore, 14 CFR regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities, which could be exploited by unauthorized access to

Page 2434

airplane networks, data bases, and servers. Therefore, these special conditions and a means of compliance are provided to ensure that the security (i.e., confidentiality, integrity, and availability) of airplane systems is not compromised by unauthorized wired or wireless electronic connections.

Discussion of Comments

Notice of proposed special conditions No. 25-09-09-SC for the

Boeing Model 747-8/-8F airplanes was published in the Federal Register on October 2, 2009 (74 FR 50926). No comments were received.

Applicability

As discussed above, these special conditions are applicable to

Boeing Model 747-8/-8F airplanes. Should Boeing apply at a later date for a change to the type certificate to include another model incorporating the same novel or unusual design features, these special conditions would apply to that model as well under the provisions of

Sec. 21.101.

Conclusion

This action affects only certain novel or unusual design features of the Boeing Model 747-8/-8F airplane. It is not a rule of general applicability.

List of Subjects in 14 CFR Part 25

Aircraft, Aviation safety, Reporting and recordkeeping requirements. 0

The authority citation for these special conditions is as follows:

Authority: 49 U.S.C. 106(g), 40113, 44701, 44702, 44704.

The Special Conditions 0

Accordingly, pursuant to the authority delegated to me by the

Administrator, the following special conditions are issued as part of the type certification basis for the Boeing Model 747-8/-8F airplanes. 1. The applicant must ensure electronic system security protection for the aircraft control domain and airline information domain from access by unauthorized sources external to the airplane, including those possibly caused by maintenance activity. 2. The applicant must ensure that electronic system security threats from external sources are identified and assessed, and that effective electronic system security protection strategies are implemented to protect the airplane from all adverse impacts on safety, functionality, and continued airworthiness.

Issued in Renton, Washington, on January 5, 2010.

Ali Bahrami,

Manager, Transport Airplane Directorate, Aircraft Certification

Service.

FR Doc. 2010-661 Filed 1-14-10; 8:45 am

BILLING CODE 4910-13-P