[Federal Register Volume 78, Number 237 (Tuesday, December 10, 2013)]
[Rules and Regulations]
[Pages 73995-73997]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2013-29377]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

14 CFR Part 25

[Docket No. FAA-2013-1035; Special Conditions No. 25-507-SC]


Special Conditions: Cessna Model 680 Series Airplanes; Aircraft 
Electronic System Security Isolation or Protection From Internal Access

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Final special condition; request for comments.

-----------------------------------------------------------------------

SUMMARY: These special conditions are issued for the Cessna Model 680 
series airplanes. These airplanes will have novel or unusual design 
features associated with connectivity of the passenger service computer 
systems to the airplane critical systems and data networks. The network 
architecture is composed of several connected networks including the 
following:
    1. Flight-Safety related control and navigation systems,
    2. Operator business and administrative support, and
    3. Passenger entertainment.
    The applicable airworthiness regulations do not contain adequate or 
appropriate safety standards for this design feature. These special 
conditions contain the additional safety standards that the 
Administrator considers necessary to establish a level of safety 
equivalent to that established by the existing airworthiness standards.

DATES: The effective date of these special conditions is December 10, 
2013. We must receive your comments by January 24, 2014.

ADDRESSES: Send comments identified by docket number FAA-XXXX-XXXX 
using any of the following methods:
     Federal eRegulations Portal: Go to http://www.regulations.gov/ and follow the online instructions for sending 
your comments electronically.
    Mail: Send comments to Docket Operations, M-30, U.S. Department of 
Transportation (DOT), 1200 New Jersey Avenue SE., Room W12-140, West 
Building Ground Floor, Washington, DC 20590-0001.
    Hand Delivery or Courier: Take comments to Docket Operations in 
Room W12-140 of the West Building Ground Floor at 1200 New Jersey 
Avenue SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through 
Friday, except federal holidays.
    Fax: Fax comments to Docket Operations at 202-493-2251.
    Privacy: The FAA will post all comments it receives, without 
change, to http://www.regulations.gov/, including any personal 
information the commenter provides. Using the search function of the 
docket Web site, anyone can find and read the electronic form of all 
comments received into any FAA docket, including the name of the 
individual sending the comment (or signing the comment for an 
association, business, labor union, etc.). DOT's complete Privacy Act 
Statement can be found in the Federal Register published on April 11, 
2000 (65 FR 19477-19478), as well as at http://DocketsInfo.dot.gov/.
    Docket: Background documents or comments received may be read at 
http://www.regulations.gov/ at any time. Follow the online instructions 
for accessing the docket or go to the Docket Operations in Room W12-140 
of the West Building Ground Floor at 1200 New Jersey Avenue SE., 
Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, 
except federal holidays.

FOR FURTHER INFORMATION CONTACT: Varun Khanna, FAA, Airplane and Flight 
Crew Interface Branch, ANM-111, Transport Airplane Directorate, 
Aircraft Certification Service, 1601 Lind Avenue SW., Renton, 
Washington 98057-3356; telephone 425-227-1298; facsimile 425-227-1149.

SUPPLEMENTARY INFORMATION: The FAA has determined that notice of, and 
opportunity for prior public comment on, these special conditions are 
impracticable because these procedures would significantly delay 
issuance of the design approval and thus delivery of the affected 
aircraft. In addition, the substance of these special conditions has 
been subject to the public comment process in several prior instances 
with no substantive comments received. The FAA therefore finds that 
good cause exists for making these special conditions effective upon 
publication in the Federal Register.

Comments Invited

    We invite interested people to take part in this rulemaking by 
sending written comments, data, or views. The most helpful comments 
reference a specific portion of the special conditions, explain the 
reason for any recommended change, and include supporting data.
    We will consider all comments we receive by the closing date for 
comments. We may change these special conditions based on the comments 
we receive.

Background

    On September 21, 2010, Cessna applied for a change to Type 
Certificate No. T00012WI in the digital systems architecture in the 
Cessna Model 680 series airplanes.
    The Cessna Model 680 ``New Sovereign'' is a twin-engine pressurized 
executive jet airplane with standard seating provisions for 14 
passenger/crew and allowance for baggage and optional equipment. This 
airplane will have a maximum takeoff weight of 30,775 pounds with a 
wingspan of 72.3 feet, a maximum operating altitude of 47,000 feet, and 
will have two aft-mounted Pratt & Whitney 306D engines.
    The proposed Cessna Model 680 architecture is novel or unusual for 
executive jet airplanes by allowing connection to previously isolated 
data networks connected to systems that perform functions required for 
the safe operation of the airplane. This proposed data network and 
design integration may result in security vulnerabilities from 
intentional or unintentional corruption of data and systems critical to 
the safety and maintenance of the

[[Page 73996]]

airplane. The existing regulations and guidance material did not 
anticipate this type of system architecture or electronic access to 
aircraft systems. Furthermore, regulations and current system safety 
assessment policy and techniques do not address potential security 
vulnerabilities, which could be caused by unauthorized access to 
aircraft data buses and servers. The intent of these special conditions 
is to ensure that security, integrity, and availability of aircraft 
systems are not compromised by certain wired or wireless electronic 
connections between airplane data busses and networks. A separate 
Cessna Model 680 project special condition addresses aircraft 
electronic system security protection from unauthorized external 
access.

Type Certification Basis

    Under Title 14, Code of Federal Regulations (14 CFR) 21.17, Cessna 
must show that the Model 45 series meets the applicable provisions of 
14 CFR part 25, as amended by Amendments 25-1 through 25-128.
    If the Administrator finds that the applicable airworthiness 
regulations (i.e., 14 CFR part 25) do not contain adequate or 
appropriate safety standards for the Model 45 series because of a novel 
or unusual design feature, special conditions are prescribed under 
Sec.  21.16.
    Special conditions are initially applicable to the model for which 
they are issued. Should the type certificate for that model be amended 
later to include any other model that incorporates the same novel or 
unusual design feature, the proposed special conditions would also 
apply to the other model under Sec.  21.101.
    In addition to the applicable airworthiness regulations and 
proposed special conditions, the Cessna Model 680 series airplane must 
comply with the fuel vent and exhaust emission requirements of 14 CFR 
part 34 and the noise certification requirements of 14 CFR part 36 and 
the FAA must issue a finding of regulatory adequacy under Sec.  611 of 
Public Law 92-574, the ``Noise Control Act of 1972.''
    The FAA issues special conditions, as defined in 14 CFR 11.19, 
under Sec.  11.38, and they become part of the type-certification basis 
under Sec.  21.17(a)(2).

Novel or Unusual Design Features

    The Cessna Model 680 will incorporate the following novel or 
unusual design features.
    The proposed architecture and network configuration may be used 
for, or interfaced with, a diverse set of functions, including:
    1. Flight-safety related control, communication, and navigation 
systems (aircraft control domain);
    2. Operator business and administrative support (operator 
information domain); and
    3. Passenger information and entertainment systems (passenger 
entertainment domain).
    In addition, the operating systems (OS) for current aircraft 
systems are usually and historically proprietary. Therefore, they are 
not as susceptible to corruption from worms, viruses, and other 
malicious actions as more widely used commercial operating systems, 
because access to the design details of these proprietary OS is limited 
to the system developer and aircraft integrator. Some systems installed 
on the Cessna Model 680 series airplanes will use operating systems 
that are widely used and commercially available from third party 
software suppliers. The security vulnerabilities of these operating 
systems may be more widely known than proprietary operating systems 
currently used by avionics manufacturers.

Discussion

    The integrated network configurations in the Cessna Model 680 
series airplanes may allow increased connectivity with external network 
sources and will have more interconnected networks and systems, such as 
passenger entertainment and information services than previous airplane 
models. This may allow the exploitation of network security 
vulnerabilities and increased risks potentially resulting in unsafe 
conditions for the airplanes and occupants. This potential exploitation 
of security vulnerabilities may result in intentional or unintentional 
destruction, disruption, degradation, or exploitation of data and 
systems critical to the safety and maintenance of the airplane.
    Cessna Aircraft Company should develop instructions for the 
operators to maintain the built-in security safeguards after the 
airplane enters commercial service. The instructions should address 
physical security, operational security, audit and monitoring of the 
effectiveness of security safeguards and key management procedures. A 
test plan should also be developed and implemented to insure that 
security requirements are met and there is no inadvertent or malicious 
change to any system, software or data.
    The existing regulations and guidance material did not anticipate 
these types of system architectures. Furthermore, 14 CFR regulations 
and current system safety assessment policy and techniques do not 
address potential security vulnerabilities which could be exploited by 
unauthorized access to airplane networks and servers.
    Therefore, these special conditions are being issued to ensure that 
the security (i.e., confidentiality, integrity, and availability) of 
airplane systems is not compromised by unauthorized wired or wireless 
electronic connections between airplane systems and the passenger 
entertainment services.
    For the reasons discussed above, these special conditions contain 
the additional safety standards that the Administrator considers 
necessary to establish a level of safety equivalent to that established 
by the existing airworthiness standards.

Applicability

    As discussed above, these special conditions are applicable to the 
Cessna Model 680 series airplanes. Should Cessna apply at a later date 
for a change to the type certificate to include another model 
incorporating the same novel or unusual design feature, the special 
conditions would apply to that model as well.

Conclusion

    This action affects only certain novel or unusual design features 
on one model series of airplanes. It is not a rule of general 
applicability.
    The substance of these special conditions has been subjected to the 
notice and comment period in several prior instances and has been 
derived without substantive change from those previously issued. It is 
unlikely that prior public comment would result in a significant change 
from the substance contained herein. Therefore, because a delay would 
significantly affect the certification of the airplane, which is 
imminent, the FAA has determined that prior public notice and comment 
are unnecessary and impracticable, and good cause exists for adopting 
these special conditions upon publication in the Federal Register. The 
FAA is requesting comments to allow interested persons to submit views 
that may not have been submitted in response to the prior opportunities 
for comment described above.

List of Subjects in 14 CFR Part 25

    Aircraft, Aviation safety, Reporting and recordkeeping 
requirements.

    The authority citation for these special conditions is as follows:

    Authority:  49 U.S.C. 106(g), 40113, 44701, 44702, 44704.

The Special Conditions

    Accordingly, pursuant to the authority delegated to me by the

[[Page 73997]]

Administrator, the following special conditions are issued as part of 
the type certification basis for Cessna Model 680 series airplanes.

Isolation or Security Protection of the Aircraft Control Domain and the 
Information Services Domain From the Passenger Services Domain

    1. The applicant must ensure that the design provides isolation 
from, or airplane electronic system security protection against, access 
by unauthorized sources internal to the airplane. The design must 
prevent inadvertent and malicious changes to, and all adverse impacts 
upon, airplane equipment, systems, networks, or other assets required 
for safe flight and operations.
    2. The applicant must establish appropriate procedures to allow the 
operator to ensure that continued airworthiness of the aircraft is 
maintained, including all post-type-certification modifications that 
may have an impact on the approved electronic system security 
safeguards.

    Issued in Renton, Washington, on December 4, 2013.
Jeffrey E. Duven,
Manager, Transport Airplane Directorate, Aircraft Certification 
Service.
[FR Doc. 2013-29377 Filed 12-9-13; 8:45 am]
BILLING CODE 4910-13-P