Skip to Content

Rule

Special Conditions: Cessna Model 680 Series Airplanes; Aircraft Electronic System Security Protection From Unauthorized External Access

Document Details

Information about this document as published in the Federal Register.

Enhanced Content

Relevant information about this document from Regulations.gov provides additional context. This information is not part of the official Federal Register document.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Federal Aviation Administration (FAA), DOT.

ACTION:

Final special condition; request for comments.

SUMMARY:

These special conditions are issued for the Cessna Model 680 Series airplanes. These airplanes will have a novel or unusual design feature associated with the architecture and connectivity capabilities of the airplanes' computer systems and networks. Connectivity to, or access by, external systems and networks may result in security vulnerabilities to the airplanes' systems.

The proposed network architecture includes the following connectivity between systems:

1. Airplane control, communication, display, monitoring and navigation systems,

2. Operator business and administrative support systems, and

3. Passenger entertainment systems, and access by systems external to the airplane.

The applicable airworthiness regulations do not contain adequate or appropriate safety standards for this design feature. These special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards.

DATES:

The effective date of these special conditions is December 10, 2013. We must receive your comments by January 24, 2014.

ADDRESSES:

Send comments identified by docket number [FAA-2013-XXXX] using any of the following methods:

Mail: Send comments to Docket Operations, M-30, U.S. Department of Transportation (DOT), 1200 New Jersey Avenue SE., Room W12-140, West Building Ground Floor, Washington, DC 20590-0001.

Hand Delivery or Courier: Take comments to Docket Operations in Room W12-140 of the West Building Ground Floor at 1200 New Jersey Avenue SE., Washington, DC, between 8 a.m. and 5 p.m., Monday through Friday, except federal holidays.

Fax: Fax comments to Docket Operations at 202-493-2251.

Privacy: The FAA will post all comments it receives, without change, to http://www.regulations.gov/​, including any personal information the commenter provides. Using the search function of the docket Web site, anyone can find and read the electronic form of all comments received into any FAA docket, including the name of the individual sending the comment (or signing the comment for an association, business, labor union, etc.). DOT's complete Privacy Act Statement can be found in the Federal Register published on April 11, 2000 (65 FRY 19477-19478), as well as at http://DocketsInfo.dot.gov/​.

Docket: Background documents or comments received may be read at http://www.regulations.gov/​ at any time. Follow the online instructions for accessing the docket or go to the Docket Operations in Room W12-140 of the West Building Ground Floor at 1200 New Jersey Avenue SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except federal holidays.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Varun Khanna, FAA, Airplane and Flight Crew Interface Branch, ANM-111, Transport Airplane Directorate, Aircraft Certification Service, 1601 Lind Avenue SW., Renton, Washington 98057-3356; telephone 425-227-1298; facsimile 425-227-1149.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

The FAA has determined that notice of, and opportunity for prior public comment on, these special conditions are impracticable because these procedures would significantly delay issuance of the design approval and thus delivery of the affected aircraft. The FAA has also determined that notice of these special conditions is unnecessary because the substance of these special conditions has been subject to the public comment process in several prior instances with no substantive comments received. The FAA therefore finds that good cause exists for making these special conditions effective upon publication in the Federal Register.

Comments Invited

We invite interested people to take part in this rulemaking by sending written comments, data, or views. The most helpful comments reference a specific portion of the special conditions, explain the reason for any recommended change, and include supporting data.

We will consider all comments we receive by the closing date for comments. We may change these special Start Printed Page 73994conditions based on the comments we receive.

Background

On September 21, 2010, Cessna Aircraft Company applied for an amendment to Model 680 Type Certificate No. T00012WI.

The Model 680 “New Sovereign” is a twin-engine pressurized executive jet airplane with standard seating provisions for 14 passenger/crew and allowance for baggage and optional equipment. It will have a maximum takeoff weight of 30,775 pounds with a wingspan of 72.3 feet, a maximum operating altitude of 47,000 feet, and will have two aft-mounted Pratt & Whitney 306D engines.

The proposed Cessna Model 680 avionics architecture is novel or unusual for executive jet airplanes by allowing connection to airplane electronic systems and networks, and access from aircraft external sources (e.g., wireless devices, Internet connectivity) to the previously isolated airplane electronic assets. Cessna's proposed design is considered by the FAA to be an architecture which introduces potential security risks and vulnerabilities not addressed in current regulations and aircraft-level or system-level safety assessment methods. Consequently, this special condition has been produced to address security and safety issues arising from the use of this type of architecture, and foreseeable flight and maintenance applications impacted by these interconnected data networks and the addition of external access points.

Type Certification Basis

Under Title 14, Code of Federal Regulations (14 CFR) 21.17, Cessna must show that the Model 680 series meets the applicable provisions of 14 CFR part 25, as amended by Amendments 25-1 through 25-128. The certification basis for the 680 (S/N -000501 and on) is documented and agreed to within the Cessna Aircraft Company Model 680 Block Point Change G-1 Issue Paper.

If the Administrator finds that the applicable airworthiness regulations (i.e., 14 CFR part 25) do not contain adequate or appropriate safety standards for the Model 680 series because of a novel or unusual design feature, special conditions are prescribed under § 21.16.

Special conditions are initially applicable to the model for which they are issued. Should the type certificate for that model be amended later to include any other model that incorporates the same novel or unusual design feature, the proposed special conditions would also apply to the other model under § 21.101.

In addition to the applicable airworthiness regulations and proposed special conditions, the Cessna Model 680 series airplane must comply with the fuel vent and exhaust emission requirements of 14 CFR part 34 and the noise certification requirements of 14 CFR part 36 and the FAA must issue a finding of regulatory adequacy under § 611 of Public Law 92-574, the “Noise Control Act of 1972.”

The FAA issues special conditions, as defined in 14 CFR 11.19, under § 11.38, and they become part of the type-certification basis under § 21.17(a)(2).

Novel or Unusual Design Features

The Cessna Model 680 will incorporate the following novel or unusual design features: Digital systems architecture composed of several connected networks. The proposed architecture and network configuration may be used for, or interfaced with, a diverse set of functions, including:

1. Flight-safety related control, communication, display, monitoring, and navigation systems (aircraft control functions);

2. Operator business and administrative support (operator information services);

3. Passenger information and entertainment systems (passenger entertainment services); and,

4. The capability to allow access to or by systems external to the airplane.

Discussion

The architecture and network configuration in the Cessna Model 680 Series airplanes may allow increased connectivity to, or access by, external airplane sources, airline operations, and maintenance systems to the aircraft control functions and airline information services. The aircraft control functions and airline information services perform functions required for the safe operation and maintenance of the airplane. Previously these functions and services had very limited connectivity with external sources. The architecture and network configuration may allow the exploitation of network security vulnerabilities resulting in intentional or unintentional destruction, disruption, degradation, or exploitation of data, systems, and networks critical to the safety and maintenance of the airplane. This configuration may also include the electronic transmission of field-loadable software (and hardware) applications and databases to the airplane, which would subsequently be loaded into the safety-related equipment and systems. The existing regulations and guidance material did not anticipate these types of airplane system architectures. Furthermore, 14 CFR regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities, which could be exploited by unauthorized access to airplane systems, data buses, and servers. Therefore, these special conditions are issued to ensure that the security (i.e., confidentiality, integrity, and availability) of airplane systems is not compromised by unauthorized wired or wireless electronic connections.

For the reasons discussed above, these special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards.

Applicability

As discussed above, these special conditions are applicable to the Cessna Model 680 Series airplanes. Should Cessna apply at a later date for a change to the type certificate to include another model incorporating the same novel or unusual design feature, the special conditions would apply to that model as well.

Conclusion

This action affects only certain novel or unusual design features on one model series of airplanes. It is not a rule of general applicability.

The substance of these special conditions has been subjected to the notice and comment period in several prior instances and has been derived without substantive change from those previously issued. It is unlikely that prior public comment would result in a significant change from the substance contained herein. Therefore, the FAA has determined that prior public notice and comment are unnecessary, and good cause exists for adopting these special conditions upon publication in the Federal Register. The FAA is requesting comments to allow interested persons to submit views that may not have been submitted in response to the prior opportunities for comment described above.

Start List of Subjects

List of Subjects in 14 CFR Part 25

End List of Subjects

The authority citation for these special conditions is as follows:

Start Authority

Authority: 49 B.S.C. 106(g), 40113, 44701, 44702, 44704.Start Printed Page 73995

End Authority

The Special Conditions

Accordingly, pursuant to the authority delegated to me by the Administrator, the following special conditions are issued as part of the type certification basis for Cessna Model 680 Series airplanes.

System Security Protection for Aircraft Control Domain and Information Services Domain From External Access

1. The applicant must ensure airplane electronic system security protection from access by unauthorized sources external to the airplane, including those possibly caused by maintenance activity.

2. The applicant must ensure that electronic system security threats are identified and assessed, and that effective electronic system security protection strategies are implemented to protect the airplane from all adverse impacts on safety, functionality, and continued airworthiness.

3. The applicant must establish appropriate procedures to allow the operator to ensure that continued airworthiness of the aircraft is maintained, including all post-type-certification modifications that may have an impact on the approved electronic system security safeguards.

Start Signature

Issued in Renton, Washington, on December 4, 2013.

Jeffrey E. Duven,

Manager, Transport Airplane Directorate, Aircraft Certification Service.

End Signature End Supplemental Information

[FR Doc. 2013-29378 Filed 12-9-13; 8:45 am]

BILLING CODE 4910-13-P