[Federal Register Volume 72, Number 72 (Monday, April 16, 2007)]
[Proposed Rules]
[Pages 18923-18925]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 07-1838]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

14 CFR Part 25

[Docket No. NM365 Special Conditions No. 25-07-02-SC]


Special Conditions: Boeing Model 787-8 Airplane; Systems and Data 
Networks Security--Protection of Airplane Systems and Data Networks 
From Unauthorized External Access

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Notice of proposed special conditions.

-----------------------------------------------------------------------

SUMMARY: This notice proposes special conditions for the Boeing Model 
787-8 airplane. This airplane will have novel or unusual design 
features when compared to the state of technology envisioned in the 
airworthiness standards for transport category airplanes. The 
architecture of the Boeing Model 787-8 systems and networks allows 
access to external systems and networks, including the public Internet.

[[Page 18924]]

On-board wired and wireless devices may also have access to parts of 
the airplane's digital systems that provide flight critical functions. 
These new connectivity capabilities may result in security 
vulnerabilities to the airplane's critical systems. For these design 
features, the applicable airworthiness regulations do not contain 
adequate or appropriate safety standards for protection and security of 
airplane systems and data networks against unauthorized access. These 
proposed special conditions contain the additional safety standards 
that the Administrator considers necessary to establish a level of 
safety equivalent to that established by the existing airworthiness 
standards. Additional special conditions will be issued for other novel 
or unusual design features of the Boeing Model 787-8 airplanes.

DATES: Comments must be received on or before May 31, 2007.

ADDRESSES: Comments on this proposal may be mailed in duplicate to: 
Federal Aviation Administration, Transport Airplane Directorate, 
Attention: Rules Docket (ANM-113), Docket No. NM365, 1601 Lind Avenue, 
SW., Renton, Washington 98057-3356; or delivered in duplicate to the 
Transport Airplane Directorate at the above address. All comments must 
be marked Docket No. NM365. Comments may be inspected in the Rules 
Docket weekdays, except Federal holidays, between 7:30 a.m. and 4 p.m.

FOR FURTHER INFORMATION CONTACT: Will Struck, FAA, Airplane and Flight 
Crew Interface, ANM-111, Transport Airplane Directorate, Aircraft 
Certification Service, 1601 Lind Avenue, SW., Renton, Washington 98057-
3356; telephone (425) 227-2764; facsimile (425) 227-1149.

SUPPLEMENTARY INFORMATION:

Comments Invited

    The FAA invites interested persons to participate in this 
rulemaking by submitting written comments, data, or views. The most 
helpful comments reference a specific portion of the special 
conditions, explain the reason for any recommended change, and include 
supporting data. We ask that you send us two copies of written 
comments.
    We will file in the docket all comments we receive as well as a 
report summarizing each substantive public contact with FAA personnel 
concerning these proposed special conditions. The docket is available 
for public inspection before and after the comment closing date. If you 
wish to review the docket in person, go to the address in the ADDRESSES 
section of this notice between 7:30 a.m. and 4 p.m., Monday through 
Friday, except Federal holidays.
    We will consider all comments we receive on or before the closing 
date for comments. We will consider comments filed late if it is 
possible to do so without incurring expense or delay. We may change the 
proposed special conditions based on comments we receive.
    If you want the FAA to acknowledge receipt of your comments on this 
proposal, include with your comments a pre-addressed, stamped postcard 
on which the docket number appears. We will stamp the date on the 
postcard and mail it back to you.

Background

    On March 28, 2003, Boeing applied for an FAA type certificate for 
its new Boeing Model 787-8 passenger airplane. The Boeing Model 787-8 
airplane will be an all-new, two-engine jet transport airplane with a 
two-aisle cabin. The maximum takeoff weight will be 476,000 pounds, 
with a maximum passenger count of 381 passengers.

Type Certification Basis

    Under provisions of 14 CFR 21.17, Boeing must show that Boeing 
Model 787-8 airplanes (hereafter referred to as ``the 787'') meet the 
applicable provisions of 14 CFR part 25, as amended by Amendments 25-1 
through 25-117, except 25.809(a) and 25.812, which will remain at 
Amendment 25-115. If the Administrator finds that the applicable 
airworthiness regulations do not contain adequate or appropriate safety 
standards for the 787 because of a novel or unusual design feature, 
special conditions are prescribed under provisions of 14 CFR 21.16.
    In addition to the applicable airworthiness regulations and special 
conditions, the 787 must comply with the fuel vent and exhaust emission 
requirements of 14 CFR part 34 and the noise certification requirements 
of part 36. In addition, the FAA must issue a finding of regulatory 
adequacy pursuant to section 611 of Public Law 92-574, the ``Noise 
Control Act of 1972.''
    Special conditions, as defined in Sec.  11.19, are issued in 
accordance with Sec.  11.38 and become part of the type certification 
basis in accordance with Sec.  21.17(a)(2).
    Special conditions are initially applicable to the model for which 
they are issued. Should the type certificate for that model be amended 
later to include any other model that incorporates the same or similar 
novel or unusual design feature, the special conditions would also 
apply to the other model under the provisions of Sec.  21.101.

Novel or Unusual Design Features

    The digital systems architecture for the 787 consists of several 
connected networks. This proposed network architecture is used for a 
diverse set of functions, including the following.
    1. Flight-safety-related control and navigation systems (Aircraft 
Control Domain).
    2. Airline business and administrative support (Airline Information 
Services Domain).
    3. Passenger entertainment, information, and Internet services 
(Passenger Information and Entertainment Services Domain).
    The proposed architecture of the 787 is different from that of 
existing production (and retrofitted) airplanes. It allows connection 
to and access from external sources (the public Internet) and airline 
operator networks to the previously isolated Aircraft Control Domain 
and Airline Information Services Domain. The Aircraft Control Domain 
and the Airline Information Services Domain perform functions required 
for the safe operation of the airplane.
    Capability is proposed for providing electronic transmission of 
field-loadable software applications and databases to the aircraft. 
These would subsequently be loaded into systems within the Aircraft 
Control Domain and Airline Information Services Domain. Also, it may be 
proposed that on-board wired and wireless devices have access to the 
Aircraft Control Domain and Airline Information Services Domain. These 
new connectivity capabilities and features of the proposed design may 
result in security vulnerabilities from intentional or unintentional 
corruption of data and systems critical to the safety and maintenance 
of the airplane. The existing regulations and guidance material did not 
anticipate this type of system architecture or Internet and wireless 
electronic access to aircraft systems that provide flight critical 
functions. Furthermore, 14 CFR regulations and current system safety 
assessment policy and techniques do not address potential security 
vulnerabilities that could be caused by unauthorized external access to 
aircraft data buses and servers. Therefore, a special condition is 
proposed to ensure the security, integrity and availability of the 
critical systems within the Aircraft Control Domain and Airline 
Information Services Domain by establishing requirements for:
    1. Protection of Aircraft Control Domain and Airline Information

[[Page 18925]]

Services Domain systems, hardware, software, and databases from 
unauthorized access.
    2. Protection of field-loadable software (FLS) applications and 
databases which are electronically transmitted from external sources to 
the on-aircraft networks and storage devices, and used within the 
Aircraft Control Domain and Airline Information Services Domain.

Applicability

    As discussed above, these proposed special conditions are 
applicable to the 787. Should Boeing apply at a later date for a change 
to the type certificate to include another model incorporating the same 
novel or unusual design features, these proposed special conditions 
would apply to that model as well under the provisions of Sec.  21.101.

Conclusion

    This action affects only certain novel or unusual design features 
of the 787. It is not a rule of general applicability, and it affects 
only the applicant that applied to the FAA for approval of these 
features on the airplane.

List of Subjects in 14 CFR Part 25

    Aircraft, Aviation safety, Reporting and recordkeeping 
requirements.

    The authority citation for these Special Conditions is as follows:

    Authority: 49 U.S.C. 106(g), 40113, 44701, 44702, 44704.

The Proposed Special Conditions

    Accordingly, the Administrator of the Federal Aviation 
Administration (FAA) proposes the following special conditions as part 
of the type certification basis for the Boeing Model 787-8 airplane.

    The applicant shall ensure system security protection for the 
Aircraft Control Domain and Airline Information Services Domain from 
unauthorized external access. The applicant shall also ensure that 
security threats are identified and risk mitigation strategies are 
implemented to minimize the likelihood of occurrence of each of the 
following conditions:
    1. Reduction in airplane safety margins or airplane functional 
capabilities, including those possibly caused by maintenance 
activity;
    2. An increase in flightcrew workload or conditions impairing 
flightcrew efficiency, and;
    3. Distress or injury to airplane occupants.

    Issued in Renton, Washington, on April 5, 2007.
Stephen P. Boyd,
Acting Manager, Transport Airplane Directorate, Aircraft Certification 
Service.
[FR Doc. 07-1838 Filed 4-13-07; 8:45 am]
BILLING CODE 4910-13-P ?>