Special Conditions: Boeing Model 777-200, -300, and -300ER Series Airplanes; Aircraft Electronic System Security Protection from Unauthorized Internal Access.

As Enacted ( Federal Register)

Cited authorities 2

Cited in

Federal Register, Volume 78 Issue 229 (Wednesday, November 27, 2013)

Federal Register Volume 78, Number 229 (Wednesday, November 27, 2013)

Rules and Regulations

Pages 70849-70851

From the Federal Register Online via the Government Printing Office www.gpo.gov

FR Doc No: 2013-28408

-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

14 CFR Part 25

Docket No. FAA-2013-0999; Special Conditions No. 25-506-SC

Special Conditions: Boeing Model 777-200, -300, and -300ER Series Airplanes; Aircraft Electronic System Security Protection from Unauthorized Internal Access.

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Final special conditions.

-----------------------------------------------------------------------

SUMMARY: These special conditions are issued for the Boeing Model 777-

200, -300, and -300ER series airplanes. These airplanes, as modified by ARINC Aerospace Company, will have novel or unusual design features associated with Class 3 Electronic Flight Bags (EFB) and wireless local area data networks (LAN) associated with the EFB architecture and existing airplane network systems. The applicable airworthiness regulations do not contain adequate or appropriate safety standards for this design feature. These special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards.

DATES: Effective Date: The effective date of these special conditions is November 27, 2013.

FOR FURTHER INFORMATION CONTACT: Varun Khanna, FAA, Airplane and Flight Crew Interface Branch, ANM-111, Transport Airplane Directorate, Aircraft Certification Service, 1601 Lind Avenue SW., Renton, Washington 98057-3356; telephone 425-227-1298; facsimile 425-227-1149.

SUPPLEMENTARY INFORMATION:

Background

On August 21, 2012, ARINC Aerospace Company applied for a change to Type Certificate No. T00001SE Rev. 30 dated June 6, 2012 for installation of Class 3 EFBs and related LANs in the Boeing Model 777-

200, -300, and -300ER Series Airplanes. The Boeing Model 777-200 airplanes are long-range, wide-body, twin-engine jet airplanes with a maximum capacity of 440 passengers. The Boeing Model 777-300 and 777-

300ER series airplanes have a maximum capacity of 550 passengers. The Model 777-200, -300, and -300ER series airplanes have fly-by-wire controls, software-configurable avionics, and fiber-optic avionics networks.

The proposed Class 3 EFB architecture is novel or unusual for commercial transport airplanes by allowing connection to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane. This proposed data network and design integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate this type of system architecture or electronic access to aircraft systems. Furthermore, regulations and current system safety assessment policy and techniques do

Page 70850

not address potential security vulnerabilities, which could be caused by unauthorized access to aircraft data buses and servers.

Type Certification Basis

Under Title 14, Code of Federal Regulations (14 CFR) 21.17, ARINC Aerospace Company must show that the Model 777-200, -300, and -300ER series airplanes meet the applicable provisions of 14 CFR part 25, as amended by the following for each model airplane:

For Model 777-200 airplanes--Title 14 CFR part 25, as amended by Amendment 25-1 through Amendment 25-82.

For Model 777-300 airplanes--Title 14 CFR part 25, as amended by Amendment 25-1 through Amendment 25-86.

For Model 777-300ER airplanes--Title 14 CFR part 25, as amended by Amendment 25-1 through Amendment 25-98.

In addition, the certification basis includes certain special conditions, exemptions, or later amended sections of the applicable part that are not relevant to these special conditions.

Special conditions, as defined in Sec. 11.19, are issued in accordance with Sec. 11.38 and become part of the type certification basis in accordance with Sec. 21.101.

If the Administrator finds that the applicable airworthiness regulations (i.e., 14 CFR part 25) do not contain adequate or appropriate safety standards for the Boeing Model 777-200, -300, and -

300ER series airplanes because of a novel or unusual design feature, special conditions are prescribed under Sec. 21.16.

Special conditions are initially applicable to the model for which they are issued. Should the type certificate for that model be amended later to include any other model that incorporates the same novel or unusual design feature, the proposed special conditions would also apply to the other model under Sec. 21.101.

In addition to the applicable airworthiness regulations and proposed special conditions, the Boeing Model 777-200, -300, and -300ER series airplanes must comply with the fuel vent and exhaust emission requirements of 14 CFR part 34 and the noise certification requirements of 14 CFR part 36 and the FAA must issue a finding of regulatory adequacy under Sec. 611 of Public Law 92-574, the ``Noise Control Act of 1972.''

The FAA issues special conditions, as defined in 14 CFR 11.19, under Sec. 11.38, and they become part of the type-certification basis under Sec. 21.17(a)(2).

Novel or Unusual Design Features

The Boeing Model 777-200, -300, -300ER series airplanes will incorporate the following novel or unusual design features:

Multiple Electronic Flight Bags (EFBs) and several connected networks that will interface to existing aircraft systems. The proposed network architecture is used for a diverse set of functions, providing data connectivity between systems, including:

Flight-safety related control and navigation systems,
Operator business and administrative support (operator information services),
Passenger information systems, and,
Access by systems internal to the airplane.

Discussion

The integrated network configurations in the Boeing Model 777-200, -300, and -300ER series airplanes may allow increased connectivity with external network sources and will have more interconnected networks and systems, such as passenger entertainment and information services than previous airplane models. This may allow the exploitation of network security vulnerabilities and increased risks potentially resulting in unsafe conditions for the airplanes and occupants. This potential exploitation of security vulnerabilities may result in intentional or unintentional destruction, disruption, degradation, or exploitation of data and systems critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate these types of system architectures. Furthermore, 14 CFR regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities which could be exploited by unauthorized access to airplane networks and servers. Therefore, these special conditions are being issued to ensure that the security (i.e., confidentiality, integrity, and availability) of airplane systems is not compromised by unauthorized wired or wireless electronic connections between airplane systems and the passenger entertainment services.

For the reasons discussed above, these special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards.

Applicability

As discussed above, these special conditions are applicable to the Boeing Model 777-200, -300, -300ER series airplanes. Should ARINC Aerospace Company apply at a later date for a change to the type certificate to include another model on the same type certificate incorporating the same novel or unusual design feature, the special conditions would apply to that model as well.

Conclusion

This action affects only certain novel or unusual design features on Boeing Model 777-200, -300, -300ER series airplanes. It is not a rule of general applicability.

The substance of these special conditions has been subjected to the notice and comment period in several prior instances and has been derived without substantive change from those previously issued. It is unlikely that prior public comment would result in a significant change from the substance contained herein. Therefore, the FAA has determined that prior public notice and comment are unnecessary, and good cause exists for adopting these special conditions upon publication in the Federal Register.

List of Subjects in 14 CFR Part 25

Aircraft, Aviation safety, Reporting and recordkeeping requirements.

The authority citation for these special conditions is as follows:

Authority: 49 U.S.C. 106(g), 40113, 44701, 44702, 44704.

The Special Conditions

Accordingly, pursuant to the authority delegated to me by the Administrator, the following special conditions are issued as part of the type certification basis for Boeing Model 777-200, -300, -300ER series airplanes modified by ARINC Aerospace Company.

Aircraft Electronic System Security Protection from Unauthorized Internal Access
The applicant must ensure that the design provides isolation from, or airplane electronic system security protection against, access by unauthorized sources internal to the airplane. The design must prevent inadvertent and malicious changes to, and all adverse impacts upon, airplane equipment, systems, networks, or other assets required for safe flight and operations.
The applicant must establish appropriate procedures to allow the

Page 70851

operator to ensure that continued airworthiness of the aircraft is maintained, including all post STC modifications that may have an impact on the approved electronic system security safeguards.

Issued in Renton, Washington, on November 15, 2013.

John Piccola,

Acting Manager, Transport Airplane Directorate, Aircraft Certification Service.

FR Doc. 2013-28408 Filed 11-26-13; 8:45 am

BILLING CODE 4910-13-P

Subscribers can access the reported version of this case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the cited cases and legislation of a document.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the documents that have cited the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the revised versions of legislation with amendments.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see any amendments made to the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a visualisation of a case and its relationships to other cases. An alternative to lists of cases, the Precedent Map makes it easier to establish which ones may be of most relevance to your research and prioritise further reading. You also get a useful overview of how the case was received.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the list of results connected to your document through the topics and citations Vincent found.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Special Conditions: Boeing Model 777-200, -300, and -300ER Series Airplanes; Aircraft Electronic System Security Protection from Unauthorized Internal Access.

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users