[Federal Register Volume 78, Number 239 (Thursday, December 12, 2013)]
[Rules and Regulations]
[Pages 75453-75454]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2013-29683]



[[Page 75453]]

-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

14 CFR Part 25

[Docket No. FAA-2013-1037; Special Conditions No. 25-509-SC]


Special Conditions: Cessna Model 750 Series Airplanes; Aircraft 
Electronic System Security Isolation or Protection From Internal Access

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Final special condition; request for comments.

-----------------------------------------------------------------------

SUMMARY: These special conditions are issued for the Cessna Model 750 
series airplanes. These airplanes will have novel or unusual design 
features associated with connectivity of the passenger service computer 
systems to the airplane critical systems and data networks.

DATES: The effective date of these special conditions is December 12, 
2013. We must receive your comments by January 27, 2014.

ADDRESSES: Send comments identified by docket number FAA-XXXX-XXXX 
using any of the following methods:
     Federal eRegulations Portal: Go to http://www.regulations.gov/ and follow the online instructions for sending 
your comments electronically.
    Mail: Send comments to Docket Operations, M-30, U.S. Department of 
Transportation (DOT), 1200 New Jersey Avenue SE., Room W12-140, West 
Building Ground Floor, Washington, DC, 20590-0001.
    Hand Delivery or Courier: Take comments to Docket Operations in 
Room W12-140 of the West Building Ground Floor at 1200 New Jersey 
Avenue SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through 
Friday, except federal holidays.
    Fax: Fax comments to Docket Operations at 202-493-2251.
    Privacy: The FAA will post all comments it receives, without 
change, to http://www.regulations.gov/, including any personal 
information the commenter provides. Using the search function of the 
docket Web site, anyone can find and read the electronic form of all 
comments received into any FAA docket, including the name of the 
individual sending the comment (or signing the comment for an 
association, business, labor union, etc.). DOT's complete Privacy Act 
Statement can be found in the Federal Register published on April 11, 
2000 (65 FR 19477-19478), as well as at http://DocketsInfo.dot.gov/.
    Docket: Background documents or comments received may be read at  
http://www.regulations.gov/ at any time. Follow the online instructions 
for accessing the docket or go to the Docket Operations in Room W12-140 
of the West Building Ground Floor at 1200 New Jersey Avenue SE., 
Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, 
except federal holidays.

FOR FURTHER INFORMATION CONTACT: Varun Khanna, FAA, Airplane and Flight 
Crew Interface Branch, ANM-111, Transport Airplane Directorate, 
Aircraft Certification Service, 1601 Lind Avenue SW., Renton, 
Washington 98057-3356; telephone 425-227-1298; facsimile 425-227-1149.

SUPPLEMENTARY INFORMATION: The network architecture is composed of 
several connected networks including the following:
    1. Flight-safety related control and navigation systems,
    2. Operator business and administrative support, and
    3. Passenger entertainment.
    The applicable airworthiness regulations do not contain adequate or 
appropriate safety standards for this design feature. These special 
conditions contain the additional safety standards that the 
Administrator considers necessary to establish a level of safety 
equivalent to that established by the existing airworthiness standards.
    The FAA has determined that notice of, and opportunity for prior 
public comment on, these special conditions are impracticable because 
these procedures would significantly delay issuance of the design 
approval and thus delivery of the affected aircraft. In addition, the 
substance of these special conditions has been subject to the public 
comment process in several prior instances with no substantive comments 
received. The FAA therefore finds that good cause exists for making 
these special conditions effective upon publication in the Federal 
Register.

Comments Invited

    We invite interested people to take part in this rulemaking by 
sending written comments, data, or views. The most helpful comments 
reference a specific portion of the special conditions, explain the 
reason for any recommended change, and include supporting data.
    We will consider all comments we receive by the closing date for 
comments. We may change these special conditions based on the comments 
we receive.

Background

    On September 10, 2010, Cessna applied for a change to Type 
Certificate No. T00007WI in the digital systems architecture in the 
Cessna Model 750 series airplanes.
    The Model 750 is a twin-engine pressurized executive jet airplane 
with standard seating provisions for 14 passenger/crew. This airplane 
will have a maximum takeoff weight of 36,600 pounds with a wingspan of 
69.2 feet, a maximum operating altitude of 51,000 feet, and will have 
two aft-mounted Rolls-Royce AE3007C2 engines.
    The proposed Cessna Model 750 architecture is novel or unsual for 
executive jet airplanes by allowing connection to previously isolated 
data networks connected to systems that perform functions required for 
the safe operation of the airplane. This proposed data network and 
design integration may result in security vulnerabilities from 
intentional or unintentional corruption of data and systems critical to 
the safety and maintenance of the airplane. The existing regulations 
and guidance material did not anticipate this type of system 
architecture or electronic access to aircraft systems. Furthermore, 
regulations and current system safety assessment policy and techniques 
do not address potential security vulnerabilities, which could be 
caused by unauthorized access to aircraft data buses and servers. The 
intent of these special conditions is to ensure that security, 
integrity, and availability of aircraft systems are not compromised by 
certain wired or wireless electronic connections between airplane data 
busses and networks. A separate Cessna Model 750 project special 
condition addresses aircraft electronic system security protection from 
unauthorized external access.

Type Certification Basis

    Under Title 14, Code of Federal Regulations (14 CFR) 21.17, Cessna 
must show that the Model 45 series meets the applicable provisions of 
14 CFR part 25, as amended by Amendments 25-1 through 25-128.
    If the Administrator finds that the applicable airworthiness 
regulations (i.e., 14 CFR part 25) do not contain adequate or 
appropriate safety standards for the Model 45 series because of a novel 
or unusual design feature, special conditions are prescribed under 
Sec.  21.16.
    Special conditions are initially applicable to the model for which 
they are issued. Should the type certificate for that model be amended 
later to include any other model that incorporates the same novel or 
unusual

[[Page 75454]]

design feature, the proposed special conditions would also apply to the 
other model under Sec.  21.101.
    In addition to the applicable airworthiness regulations and 
proposed special conditions, the Cessna Model 750 series airplane must 
comply with the fuel vent and exhaust emission requirements of 14 CFR 
part 34 and the noise certification requirements of 14 CFR part 36 and 
the FAA must issue a finding of regulatory adequacy under Sec.  611 of 
Public Law 92-574, the ``Noise Control Act of 1972.''
    The FAA issues special conditions, as defined in 14 CFR 11.19, 
under Sec.  11.38, and they become part of the type-certification basis 
under Sec.  21.17(a)(2).

Novel or Unusual Design Features

    The Cessna Model 750 will incorporate the following novel or 
unusual design features.
    The proposed architecture and network configuration may be used 
for, or interfaced with, a diverse set of functions, including:
    1. Flight-safety related control, communication, and navigation 
systems (aircraft control domain);
    2. Operator business and administrative support (operator 
information domain); and
    3. Passenger information and entertainment systems (passenger 
entertainment domain).
    In addition, the operating systems (OS) for current aircraft 
systems are usually and historically proprietary. Therefore, they are 
not as susceptible to corruption from worms, viruses, and other 
malicious actions as more widely used commercial operating systems 
because access to the design details of these proprietary OS is limited 
to the system developer and aircraft integrator. Some systems installed 
on the Cessna Model 750 series airplanes will use operating systems 
that are widely used and commercially available from third party 
software suppliers. The security vulnerabilities of these operating 
systems may be more widely known than proprietary operating systems 
currently used by avionics manufacturers.

Discussion

    The integrated network configurations in the Cessna Model 750 
series airplanes may allow increased connectivity with external network 
sources and will have more interconnected networks and systems, such as 
passenger entertainment and information services than previous airplane 
models. This may allow the exploitation of network security 
vulnerabilities and increased risks potentially resulting in unsafe 
conditions for the airplanes and occupants. This potential exploitation 
of security vulnerabilities may result in intentional or unintentional 
destruction, disruption, degradation, or exploitation of data and 
systems critical to the safety and maintenance of the airplane.
    Cessna Aircraft Company should develop instructions for the 
operators to maintain the built-in security safeguards after the 
airplane enters commercial service. The instructions should address 
physical security, operational security, audit and monitoring of the 
effectiveness of security safeguards and key management procedures. A 
test plan should also be developed and implemented to insure that 
security requirements are met and there is no inadvertent or malicious 
change to any system, software or data.
    The existing regulations and guidance material did not anticipate 
these types of system architectures. Furthermore, 14 CFR regulations 
and current system safety assessment policy and techniques do not 
address potential security vulnerabilities which could be exploited by 
unauthorized access to airplane networks and servers. Therefore, these 
special conditions are being issued to ensure that the security (i.e., 
confidentiality, integrity, and availability) of airplane systems is 
not compromised by unauthorized wired or wireless electronic 
connections between airplane systems and the passenger entertainment 
services.
    For the reasons discussed above, these special conditions contain 
the additional safety standards that the Administrator considers 
necessary to establish a level of safety equivalent to that established 
by the existing airworthiness standards.

Applicability

    As discussed above, these special conditions are applicable to the 
Cessna Model 750 series airplanes. Should Cessna apply at a later date 
for a change to the type certificate to include another model 
incorporating the same novel or unusual design feature, the special 
conditions would apply to that model as well.

Conclusion

    This action affects only certain novel or unusual design features 
on one model series of airplanes. It is not a rule of general 
applicability.
    The substance of these special conditions has been subjected to the 
notice and comment period in several prior instances and has been 
derived without substantive change from those previously issued. It is 
unlikely that prior public comment would result in a significant change 
from the substance contained herein. Therefore, because a delay would 
significantly affect the certification of the airplane, which is 
imminent, the FAA has determined that prior public notice and comment 
are unnecessary and impracticable, and good cause exists for adopting 
these special conditions upon publication in the Federal Register. The 
FAA is requesting comments to allow interested persons to submit views 
that may not have been submitted in response to the prior opportunities 
for comment described above.

List of Subjects in 14 CFR Part 25

    Aircraft, Aviation safety, Reporting and recordkeeping 
requirements.

    The authority citation for these special conditions is as follows:

    Authority: 49 U.S.C. 106(g), 40113, 44701, 44702, 44704.

The Special Conditions

    Accordingly, pursuant to the authority delegated to me by the 
Administrator, the following special conditions are issued as part of 
the type certification basis for Cessna Model 750 series airplanes.

Isolation or Security Protection of the Aircraft Control Domain and the 
Information Services Domain From the Passenger Services Domain

    1. The applicant must ensure that the design provides isolation 
from, or airplane electronic system security protection against, access 
by unauthorized sources internal to the airplane. The design must 
prevent inadvertent and malicious changes to, and all adverse impacts 
upon, airplane equipment, systems, networks, or other assets required 
for safe flight and operations.
    2. The applicant must establish appropriate procedures to allow the 
operator to ensure that continued airworthiness of the aircraft is 
maintained, including all post-type-certification modifications that 
may have an impact on the approved electronic system security 
safeguards.

    Issued in Renton, Washington, on December 4, 2013.
John P. Piccola, Jr.,
Acting Manager, Transport Airplane Directorate, Aircraft Certification 
Service.
[FR Doc. 2013-29683 Filed 12-11-13; 8:45 am]
BILLING CODE 4910-13-P