[Federal Register Volume 81, Number 136 (Friday, July 15, 2016)]
[Rules and Regulations]
[Pages 45968-45969]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-16638]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

14 CFR Part 25

[Docket No. FAA-2016-4237; Special Conditions No. 25-619-SC]


Special Conditions: Gulfstream Aerospace Corporation Model GVII-
G500 Airplanes; Isolation or Protection of Airplane Electrical-System 
Security From Unauthorized Internal Access

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Final special conditions; request for comments.

-----------------------------------------------------------------------

SUMMARY: These special conditions are issued for the Gulfstream 
Aerospace Corporation (Gulfstream) Model GVII-G500 airplane. This 
airplane will have a novel or unusual design feature when compared to 
the state of technology envisioned in the airworthiness standards for 
transport-category airplanes. This design feature is a digital systems 
architecture requiring isolation or protection from unauthorized 
internal access. The applicable airworthiness regulations do not 
contain adequate or appropriate safety standards for this design 
feature. These special conditions contain the additional safety 
standards that the Administrator considers necessary to establish a 
level of safety equivalent to that established by the existing 
airworthiness standards.

DATES: This action is effective on Gulfstream on July 15, 2016. We must 
receive your comments by August 29, 2016.

ADDRESSES: Send comments identified by docket number FAA-2016-4237 
using any of the following methods:
     Federal eRegulations Portal: Go to http://www.regulations.gov/ and follow the online instructions for sending 
your comments electronically.
     Mail: Send comments to Docket Operations, M-30, U.S. 
Department of Transportation (DOT), 1200 New Jersey Avenue SE., Room 
W12-140, West Building Ground Floor, Washington, DC 20590-0001.
     Hand Delivery or Courier: Take comments to Docket 
Operations in Room W12-140 of the West Building Ground Floor at 1200 
New Jersey Avenue SE., Washington, DC, between 9 a.m. and 5 p.m., 
Monday through Friday, except Federal holidays.
     Fax: Fax comments to Docket Operations at 202-493-2251.
    Privacy: The FAA will post all comments it receives, without 
change, to http://www.regulations.gov/, including any personal 
information the commenter provides. Using the search function of the 
docket Web site, anyone can find and read the electronic form of all 
comments received into any FAA docket, including the name of the 
individual sending the comment (or signing the comment for an 
association, business, labor union, etc.). DOT's complete Privacy Act 
Statement can be found in the Federal Register published on April 11, 
2000 (65 FR 19477-19478), as well as at http://DocketsInfo.dot.gov/.
    Docket: Background documents or comments received may be read at 
http://www.regulations.gov/ at any time. Follow the online instructions 
for accessing the docket or go to Docket Operations in Room W12-140 of 
the West Building Ground Floor at 1200 New Jersey Avenue SE., 
Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, 
except Federal holidays.

FOR FURTHER INFORMATION CONTACT: Varun Khanna, FAA, Airplane and 
Flightcrew Interface Branch, ANM-111, Transport Airplane Directorate, 
Aircraft Certification Service, 1601 Lind Avenue SW., Renton, 
Washington 98057-3356; telephone 425-227-1298; facsimile 425-227-1320.

SUPPLEMENTARY INFORMATION: The FAA has determined that notice of, and 
opportunity for prior public comment on, these special conditions is 
unnecessary because the substance of these special conditions has been 
subject to the public comment process in several prior instances with 
no substantive comments received. The FAA therefore finds that good 
cause exists for making these special conditions effective upon 
publication in the Federal Register.

Comments Invited

    We invite interested people to take part in this rulemaking by 
sending written comments, data, or views. The most helpful comments 
reference a specific portion of the special conditions, explain the 
reason for any recommended change, and include supporting data.
    We will consider all comments we receive by the closing date for 
comments. We may change these special conditions based on the comments 
we receive.

Background

    On March 29, 2012, Gulfstream Aerospace Corporation applied for a 
type certificate for their new Model GVII-G500 airplane. The Model 
GVII-G500 airplane will be a business jet capable of accommodating up 
to 19 passengers. It will incorporate a low, swept-wing design with 
winglets and a T-tail. The powerplant will consist of two aft-fuselage-
mounted Pratt & Whitney turbofan engines.

Type Certification Basis

    Under Title 14, Code of Federal Regulations (14 CFR) 21.17, 
Gulfstream must show that the Model GVII-G500 airplane meets the 
applicable provisions of 14 CFR part 25, as amended by Amendments 25-1 
through 25-129.
    If the Administrator finds that the applicable airworthiness 
regulations (i.e., part 25) do not contain adequate or appropriate 
safety standards for the Model GVII-G500 airplane because of a novel or 
unusual design feature, special conditions are prescribed under the 
provisions of Sec.  21.16.
    Special conditions are initially applicable to the model for which 
they are issued. Should the type certificate for that model be amended 
later to include any other model that incorporates the same or similar 
novel or unusual design feature, the special conditions would also 
apply to the other model under Sec.  21.101.
    In addition to the applicable airworthiness regulations and special 
conditions, Model GVII-G500 airplanes must comply with the fuel-vent 
and exhaust-emission requirements of 14 CFR part 34, and the noise-
certification requirements of 14 CFR part 36. The FAA must issue a 
finding of regulatory adequacy under Sec.  611 of Public Law 92-574, 
the ``Noise Control Act of 1972.''
    The FAA issues special conditions, as defined in 14 CFR 11.19, in 
accordance with Sec.  11.38, and they become part of the type 
certification basis under Sec.  21.17(a)(2).

Novel or Unusual Design Features

    The Model GVII-G500 airplane will incorporate the following novel 
or unusual design feature: A digital

[[Page 45969]]

systems architecture requiring isolation or protection from 
unauthorized internal access.

Discussion

    Networks, both in safety-related and non-safety-related 
applications, have been implemented in existing commercial-production 
airplanes. However, network security considerations and functions have 
played a relatively minor role in the certification of such systems 
because of the isolation, protection mechanisms, and limited 
connectivity between these networks.
    To provide an understanding of the airplane electronic equipment, 
systems, and assets, these special conditions use the concept of 
domains. However, this does not prescribe any particular architecture.
    The aircraft-control domain consists of the airplane electronic 
systems, equipment, instruments, networks, servers, software and 
hardware components, databases, etc., which are part of the type design 
of the airplane and are installed in the airplane to enable the safe 
operation of the airplane. These can also be referred to as flight-
safety-related systems, and include flight controls, communication, 
display, monitoring, navigation, and related systems.
    The airline-information-services domain generally consists of 
functions that the airplane operator manages or controls, such as 
administrative functions, cabin-support functions, etc.
    The passenger-information-services domain consists of all functions 
required to provide the passengers with information.
    The Gulfstream Model GVII-G500 airplane design introduces the 
potential for access to aircraft-control domain and airline-
information-services domain by unauthorized persons through the 
passenger-information-services domain; and the security vulnerabilities 
related to the introduction of viruses, worms, user mistakes, and 
intentional sabotage of airplane networks, systems, and databases.
    For electronic systems-and-assets security in these domains, the 
level of protection provided against security threats should be based 
on a security-risk assessment, noting that the level of protection 
could differ between domains and within domains, depending on the 
security threat. For each security vulnerability and airplane 
electronic asset, Gulfstream should identify in which domain the asset 
will be addressed.
    In addition, the operating systems for current airplane systems are 
usually and historically proprietary. Therefore, they are not as 
susceptible to corruption from worms, viruses, and other malicious 
actions as are more-widely used commercial operating systems, such as 
Microsoft Windows NT, because access to the design details of these 
proprietary operating systems is limited to the system developer and 
airplane integrator. Some systems installed on the Gulfstream Model 
GVII-500 will use operating systems that are widely used and 
commercially available from third-party software suppliers. The 
security vulnerabilities of these operating systems may be more widely 
known than are the vulnerabilities of proprietary operating systems 
that the avionics manufacturers currently use.

Applicability

    As discussed above, these special conditions are applicable to the 
Gulfstream Model GVII-G500 airplane. Should Gulfstream apply at a later 
date for a change to the type certificate to include another model 
incorporating the same novel or unusual design feature, these special 
conditions would apply to that model as well.

Conclusion

    This action affects only a certain novel or unusual design feature 
on one model series of airplanes. It is not a rule of general 
applicability.
    The substance of these special conditions has been subjected to the 
notice and comment period in several prior instances and has been 
derived without substantive change from those previously issued. It is 
unlikely that prior public comment would result in a significant change 
from the substance contained herein. Therefore, the FAA has determined 
that prior public notice and comment are unnecessary, and good cause 
exists for adopting these special conditions upon publication in the 
Federal Register.
    The FAA is requesting comments to allow interested persons to 
submit views that may not have been submitted in response to the prior 
opportunities for comment described above.

List of Subjects in 14 CFR Part 25

    Aircraft, Aviation safety, Reporting and recordkeeping 
requirements.

    The authority citation for these special conditions is as follows:

    Authority:  49 U.S.C. 106(g), 40113, 44701, 44702, 44704.

The Special Conditions

    Accordingly, pursuant to the authority delegated to me by the 
Administrator, the following special conditions are issued as part of 
the type certification basis for Gulfstream Model GVII-G500 airplane.

Isolation or Security Protection of the Aircraft Control Domain and the 
Airline Information Services Domain From the Passenger Services Domain

    1. Gulfstream must ensure that the Model GVII-G500 series airplane 
design provides isolation from, or airplane electronic-system security 
protection against, access by unauthorized sources internal to the 
airplane. The design must prevent inadvertent and malicious changes to, 
and all adverse impacts upon, airplane equipment, systems, networks, or 
other assets required for safe flight and operations.
    2. Gulfstream must establish appropriate procedures to allow the 
operator to ensure that continued airworthiness of the Model GVII-G500 
series airplane is maintained, including all post-type-certification 
modifications that may have an impact on the approved electronic-system 
security safeguards.

    Issued in Renton, Washington, on July 7, 2016.
Michael Kaszycki,
Assistant Manager, Transport Airplane Directorate, Aircraft 
Certification Service.
[FR Doc. 2016-16638 Filed 7-14-16; 8:45 am]
 BILLING CODE 4910-13-P