Special Conditions: Boeing Model 777-200, -300, and -300ER Series Airplanes; Aircraft Electronic System Security Protection From Unauthorized External Access
Final Special Conditions.
These special conditions are issued for the Boeing Model 777-200, -300, and-300ER series airplanes. These airplanes, as modified by The Boeing Company, will have novel or unusual design features associated with the architecture and connectivity capabilities of the airplane's onboard network computer systems, which may allow access to or by external computer systems and networks. This onboard network system will be composed of a network file server, a network extension device, and additional interfaces configured by customer option. Connectivity to, or access by, external systems and networks may result in security vulnerabilities to the airplane's onboard network system. The applicable airworthiness regulations do not contain adequate or appropriate safety standards for this design feature. These special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards.
Table of Contents Back to Top
DATES: Back to Top
Effective Date: The effective date of these special conditions is November 18, 2013.
FOR FURTHER INFORMATION CONTACT: Back to Top
Varun Khanna, FAA, Airplane and Flight Crew Interface Branch, ANM-111, Transport Airplane Directorate, Aircraft Certification Service, 1601 Lind Avenue SW., Renton, Washington 98057-3356; telephone 425-227-1298; facsimile 425-227-1149.
SUPPLEMENTARY INFORMATION: Back to Top
Background Back to Top
On August 21, 2012, The Boeing Company applied for a change to Type Certificate No. T00001SE Rev. 30 dated June 6, 2012 for installation of an onboard network system, associated line replaceable units (LRUs) and additional software functionality in the Boeing Model 777-200, -300, and -300ER Series Airplanes. The Boeing Model 777-200 airplanes are long-range, wide-body, twin-engine jet airplanes with a maximum capacity of 440 passengers. The Boeing Model 777-300 and 777-300ER series airplanes have a maximum capacity of 550 passengers. The Model 777-200, -300, and -300ER series airplanes have fly-by-wire controls, software-configurable avionics, and fiber-optic avionics networks.
The proposed architecture is novel or unusual for commercial transport airplanes by enabling connection to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane. This proposed data network and design integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate this type of system architecture or electronic access to aircraft systems. Furthermore, regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities, which could be caused by unauthorized access to aircraft data buses and servers.
Type Certification Basis Back to Top
Under Title 14, Code of Federal Regulations (14 CFR) 21.17, The Boeing Company must show that the Boeing Model 777-200, -300, and -300ER series airplanes meet the applicable provisions of 14 CFR part 25, as amended by Amendments 25-1 through 25-128.
If the Administrator finds that the applicable airworthiness regulations (i.e., 14 CFR part 25) do not contain adequate or appropriate safety standards for the Boeing Model 777-200, -300, and -300ER series airplanes because of a novel or unusual design feature, special conditions are prescribed under § 21.16.
Special conditions are initially applicable to the model for which they are issued. Should the type certificate for that model be amended later to include any other model that incorporates the same novel or unusual design feature, the proposed special conditions would also apply to the other model under § 21.101.
In addition to the applicable airworthiness regulations and proposed special conditions, the Boeing Model 777-200, -300, and -300ER series airplanes must comply with the fuel vent and exhaust emission requirements of 14 CFR part 34 and the noise certification requirements of 14 CFR part 36 and the FAA must issue a finding of regulatory adequacy under § 611 of 92, the “Noise Control Act of 1972.”
The FAA issues special conditions, as defined in 14 CFR 11.19, under § 11.38, and they become part of the type-certification basis under § 21.17(a)(2).
Novel or Unusual Design Features Back to Top
The Boeing Model 777-200, -300, -300ER series airplanes will incorporate the following novel or unusual design features: An onboard computer network system, and a network extension device. The network extension device will improve domain separation between the airplane information services domain and the aircraft control domain. The proposed architecture and network configuration may be used for, or interfaced with, a diverse set of functions, including:
1. Flight Safety related control and information systems.
2. Operator business and administrative support (operator information domain);
3. Passenger information and entertainment systems (passenger entertainment domain), and;
4. The capability to allow access to or by external sources.
Discussion Back to Top
The architecture and network configuration in the Boeing Model 777-200, -300, and-300ER series airplanes may enable increased connectivity to, or access by, external airplane sources, airline operations, and maintenance systems to the aircraft control functions and airline information services. The aircraft control functions and airline information services perform functions required for the safe operation and maintenance of the airplane. Previously these domains had very limited connectivity with external sources. The architecture and network configuration may allow the exploitation of network security vulnerabilities resulting in intentional or unintentional destruction, disruption, degradation, or exploitation of data, systems, and networks critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate these types of airplane system architectures. Furthermore, 14 CFR regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities, which could be exploited by unauthorized access to airplane systems, data buses, and servers. Therefore, these special conditions are issued to ensure that the security (i.e., confidentiality, integrity, and availability) of airplane systems is not compromised by unauthorized wired or wireless electronic connections.
Applicability Back to Top
As discussed above, these special conditions are applicable to the Boeing Model 777-200, -300, -300ER series airplanes. Should The Boeing Company apply at a later date for a change to the type certificate to include another model on the same type certificate incorporating the same novel or unusual design feature, the special conditions would apply to that model as well.
Conclusion Back to Top
This action affects only certain novel or unusual design features on Boeing Model 777-200, -300, -300ER series airplanes. It is not a rule of general applicability and affects only the applicant who applied to the FAA for approval of these features on the airplane.
The substance of these special conditions has been subjected to the notice and comment period in several prior instances and has been derived without substantive change from those previously issued. It is unlikely that prior public comment would result in a significant change from the substance contained herein. Therefore, the FAA has determined that prior public notice and comment are unnecessary, and good cause exists for adopting these special conditions upon publication in the Federal Register.
The authority citation for these special conditions is as follows:
Authority: Back to Top
49 U.S.C. 106(g), 40113, 44701, 44702, 44704.
The Special Conditions Back to Top
Accordingly, pursuant to the authority delegated to me by the Administrator, the following special conditions are issued as part of the type certification basis for Boeing Model 777-200, -300, -300ER series airplanes modified by The Boeing Company.
1. The applicant must ensure airplane electronic system security protection from access by unauthorized sources external to the airplane, including those possibly caused by maintenance activity.
2. The applicant must ensure that electronic system security threats are identified and assessed, and that effective electronic system security protection strategies are implemented to protect the airplane from all adverse impacts on safety, functionality, and continued airworthiness.
3. The applicant must establish appropriate procedures to enable the operator to ensure that continued airworthiness of the aircraft is maintained, including all post Type Certification modifications that may have an impact on the approved electronic system security safeguards.
Jeffrey E. Duven,
Acting Manager, Transport Airplane Directorate,Aircraft Certification Service.
[FR Doc. 2013-27342 Filed 11-15-13; 8:45 am]
BILLING CODE 4910-13-P