Special Conditions: Cessna Model 750 Series Airplanes; Aircraft Electronic System Security Isolation or Protection From Internal Access

Federal Register, Volume 78 Issue 239 (Thursday, December 12, 2013)

Federal Register Volume 78, Number 239 (Thursday, December 12, 2013)

Rules and Regulations

Pages 75453-75454

From the Federal Register Online via the Government Printing Office www.gpo.gov

FR Doc No: 2013-29683

Page 75453

-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

14 CFR Part 25

Docket No. FAA-2013-1037; Special Conditions No. 25-509-SC

Special Conditions: Cessna Model 750 Series Airplanes; Aircraft Electronic System Security Isolation or Protection From Internal Access

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Final special condition; request for comments.

-----------------------------------------------------------------------

SUMMARY: These special conditions are issued for the Cessna Model 750 series airplanes. These airplanes will have novel or unusual design features associated with connectivity of the passenger service computer systems to the airplane critical systems and data networks.

DATES: The effective date of these special conditions is December 12, 2013. We must receive your comments by January 27, 2014.

ADDRESSES: Send comments identified by docket number FAA-XXXX-XXXX using any of the following methods:

Federal eRegulations Portal: Go to http://www.regulations.gov/ and follow the online instructions for sending your comments electronically.

Mail: Send comments to Docket Operations, M-30, U.S. Department of Transportation (DOT), 1200 New Jersey Avenue SE., Room W12-140, West Building Ground Floor, Washington, DC, 20590-0001.

Hand Delivery or Courier: Take comments to Docket Operations in Room W12-140 of the West Building Ground Floor at 1200 New Jersey Avenue SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except federal holidays.

Fax: Fax comments to Docket Operations at 202-493-2251.

Privacy: The FAA will post all comments it receives, without change, to http://www.regulations.gov/, including any personal information the commenter provides. Using the search function of the docket Web site, anyone can find and read the electronic form of all comments received into any FAA docket, including the name of the individual sending the comment (or signing the comment for an association, business, labor union, etc.). DOT's complete Privacy Act Statement can be found in the Federal Register published on April 11, 2000 (65 FR 19477-19478), as well as at http://DocketsInfo.dot.gov/.

Docket: Background documents or comments received may be read at http://www.regulations.gov/ at any time. Follow the online instructions for accessing the docket or go to the Docket Operations in Room W12-140 of the West Building Ground Floor at 1200 New Jersey Avenue SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except federal holidays.

FOR FURTHER INFORMATION CONTACT: Varun Khanna, FAA, Airplane and Flight Crew Interface Branch, ANM-111, Transport Airplane Directorate, Aircraft Certification Service, 1601 Lind Avenue SW., Renton, Washington 98057-3356; telephone 425-227-1298; facsimile 425-227-1149.

SUPPLEMENTARY INFORMATION: The network architecture is composed of several connected networks including the following:

1. Flight-safety related control and navigation systems,

2. Operator business and administrative support, and

3. Passenger entertainment.

   The applicable airworthiness regulations do not contain adequate or appropriate safety standards for this design feature. These special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards.

   The FAA has determined that notice of, and opportunity for prior public comment on, these special conditions are impracticable because these procedures would significantly delay issuance of the design approval and thus delivery of the affected aircraft. In addition, the substance of these special conditions has been subject to the public comment process in several prior instances with no substantive comments received. The FAA therefore finds that good cause exists for making these special conditions effective upon publication in the Federal Register.

   Comments Invited

   We invite interested people to take part in this rulemaking by sending written comments, data, or views. The most helpful comments reference a specific portion of the special conditions, explain the reason for any recommended change, and include supporting data.

   We will consider all comments we receive by the closing date for comments. We may change these special conditions based on the comments we receive.

   Background

   On September 10, 2010, Cessna applied for a change to Type Certificate No. T00007WI in the digital systems architecture in the Cessna Model 750 series airplanes.

   The Model 750 is a twin-engine pressurized executive jet airplane with standard seating provisions for 14 passenger/crew. This airplane will have a maximum takeoff weight of 36,600 pounds with a wingspan of 69.2 feet, a maximum operating altitude of 51,000 feet, and will have two aft-mounted Rolls-Royce AE3007C2 engines.

   The proposed Cessna Model 750 architecture is novel or unsual for executive jet airplanes by allowing connection to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane. This proposed data network and design integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate this type of system architecture or electronic access to aircraft systems. Furthermore, regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities, which could be caused by unauthorized access to aircraft data buses and servers. The intent of these special conditions is to ensure that security, integrity, and availability of aircraft systems are not compromised by certain wired or wireless electronic connections between airplane data busses and networks. A separate Cessna Model 750 project special condition addresses aircraft electronic system security protection from unauthorized external access.

   Type Certification Basis

   Under Title 14, Code of Federal Regulations (14 CFR) 21.17, Cessna must show that the Model 45 series meets the applicable provisions of 14 CFR part 25, as amended by Amendments 25-1 through 25-128.

   If the Administrator finds that the applicable airworthiness regulations (i.e., 14 CFR part 25) do not contain adequate or appropriate safety standards for the Model 45 series because of a novel or unusual design feature, special conditions are prescribed under Sec. 21.16.

   Special conditions are initially applicable to the model for which they are issued. Should the type certificate for that model be amended later to include any other model that incorporates the same novel or unusual

   Page 75454

   design feature, the proposed special conditions would also apply to the other model under Sec. 21.101.

   In addition to the applicable airworthiness regulations and proposed special conditions, the Cessna Model 750 series airplane must comply with the fuel vent and exhaust emission requirements of 14 CFR part 34 and the noise certification requirements of 14 CFR part 36 and the FAA must issue a finding of regulatory adequacy under Sec. 611 of Public Law 92-574, the ``Noise Control Act of 1972.''

   The FAA issues special conditions, as defined in 14 CFR 11.19, under Sec. 11.38, and they become part of the type-certification basis under Sec. 21.17(a)(2).

   Novel or Unusual Design Features

   The Cessna Model 750 will incorporate the following novel or unusual design features.

   The proposed architecture and network configuration may be used for, or interfaced with, a diverse set of functions, including:

1. Flight-safety related control, communication, and navigation systems (aircraft control domain);

2. Operator business and administrative support (operator information domain); and

3. Passenger information and entertainment systems (passenger entertainment domain).

   In addition, the operating systems (OS) for current aircraft systems are usually and historically proprietary. Therefore, they are not as susceptible to corruption from worms, viruses, and other malicious actions as more widely used commercial operating systems because access to the design details of these proprietary OS is limited to the system developer and aircraft integrator. Some systems installed on the Cessna Model 750 series airplanes will use operating systems that are widely used and commercially available from third party software suppliers. The security vulnerabilities of these operating systems may be more widely known than proprietary operating systems currently used by avionics manufacturers.

   Discussion

   The integrated network configurations in the Cessna Model 750 series airplanes may allow increased connectivity with external network sources and will have more interconnected networks and systems, such as passenger entertainment and information services than previous airplane models. This may allow the exploitation of network security vulnerabilities and increased risks potentially resulting in unsafe conditions for the airplanes and occupants. This potential exploitation of security vulnerabilities may result in intentional or unintentional destruction, disruption, degradation, or exploitation of data and systems critical to the safety and maintenance of the airplane.

   Cessna Aircraft Company should develop instructions for the operators to maintain the built-in security safeguards after the airplane enters commercial service. The instructions should address physical security, operational security, audit and monitoring of the effectiveness of security safeguards and key management procedures. A test plan should also be developed and implemented to insure that security requirements are met and there is no inadvertent or malicious change to any system, software or data.

   The existing regulations and guidance material did not anticipate these types of system architectures. Furthermore, 14 CFR regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities which could be exploited by unauthorized access to airplane networks and servers. Therefore, these special conditions are being issued to ensure that the security (i.e., confidentiality, integrity, and availability) of airplane systems is not compromised by unauthorized wired or wireless electronic connections between airplane systems and the passenger entertainment services.

   For the reasons discussed above, these special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards.

   Applicability

   As discussed above, these special conditions are applicable to the Cessna Model 750 series airplanes. Should Cessna apply at a later date for a change to the type certificate to include another model incorporating the same novel or unusual design feature, the special conditions would apply to that model as well.

   Conclusion

   This action affects only certain novel or unusual design features on one model series of airplanes. It is not a rule of general applicability.

   The substance of these special conditions has been subjected to the notice and comment period in several prior instances and has been derived without substantive change from those previously issued. It is unlikely that prior public comment would result in a significant change from the substance contained herein. Therefore, because a delay would significantly affect the certification of the airplane, which is imminent, the FAA has determined that prior public notice and comment are unnecessary and impracticable, and good cause exists for adopting these special conditions upon publication in the Federal Register. The FAA is requesting comments to allow interested persons to submit views that may not have been submitted in response to the prior opportunities for comment described above.

   List of Subjects in 14 CFR Part 25

   Aircraft, Aviation safety, Reporting and recordkeeping requirements.

   The authority citation for these special conditions is as follows:

   Authority: 49 U.S.C. 106(g), 40113, 44701, 44702, 44704.

   The Special Conditions

   Accordingly, pursuant to the authority delegated to me by the Administrator, the following special conditions are issued as part of the type certification basis for Cessna Model 750 series airplanes.

   Isolation or Security Protection of the Aircraft Control Domain and the Information Services Domain From the Passenger Services Domain

1. The applicant must ensure that the design provides isolation from, or airplane electronic system security protection against, access by unauthorized sources internal to the airplane. The design must prevent inadvertent and malicious changes to, and all adverse impacts upon, airplane equipment, systems, networks, or other assets required for safe flight and operations.

2. The applicant must establish appropriate procedures to allow the operator to ensure that continued airworthiness of the aircraft is maintained, including all post-type-certification modifications that may have an impact on the approved electronic system security safeguards.

   Issued in Renton, Washington, on December 4, 2013.

   John P. Piccola, Jr.,

   Acting Manager, Transport Airplane Directorate, Aircraft Certification Service.

   FR Doc. 2013-29683 Filed 12-11-13; 8:45 am

   BILLING CODE 4910-13-P