[Federal Register Volume 84, Number 160 (Monday, August 19, 2019)]
[Rules and Regulations]
[Pages 42804-42805]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-17695]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

14 CFR Part 25

[Docket No. FAA-2019-0312; Special Conditions No. 25-755-SC]


Special Conditions: Mitsubishi Aircraft Corporation Model MRJ-200 
Airplane; Airplane Electronic-System Security Protection From 
Unauthorized Internal and External Access

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Final special conditions; request for comments.

-----------------------------------------------------------------------

SUMMARY: These special conditions are issued for the Mitsubishi 
Aircraft Corporation (Mitsubishi) Model MRJ-200 airplane. This airplane 
will have a novel or unusual design feature when compared to the state 
of technology envisioned in the airworthiness standards for transport 
category airplanes. This design feature is avionics that allow internal 
and external connection to previously isolated data networks, which are 
connected to systems that perform functions required for the safe 
operation of the airplane. This feature creates a potential for 
unauthorized persons to access the aircraft-control domain and airline 
information-services domain, and presents security vulnerabilities 
related to the introduction of computer viruses and worms, user errors, 
and intentional sabotage of airplane electronic assets (networks, 
systems, and databases). The applicable airworthiness regulations do 
not contain adequate or appropriate safety standards for this design 
feature. These special conditions contain the additional safety 
standards that the Administrator considers necessary to establish a 
level of safety equivalent to that established by the existing 
airworthiness standards.

DATES: This action is effective on Mitsubishi on August 19, 2019. Send 
comments on or before October 3, 2019.

ADDRESSES: Send comments identified by Docket No. FAA-2019-0312 using 
any of the following methods:
     Federal eRegulations Portal: Go to http://www.regulations.gov/ and follow the online instructions for sending 
your comments electronically.
     Mail: Send comments to Docket Operations, M-30, U.S. 
Department of Transportation (DOT), 1200 New Jersey Avenue SE, Room 
W12-140, West Building Ground Floor, Washington, DC 20590-0001.
     Hand Delivery or Courier: Take comments to Docket 
Operations in Room W12-140 of the West Building Ground Floor at 1200 
New Jersey Avenue SE, Washington, DC, between 9 a.m. and 5 p.m., Monday 
through Friday, except Federal holidays.
     Fax: Fax comments to Docket Operations at 202-493-2251.
    Privacy: The FAA will post all comments it receives, without 
change, to http://www.regulations.gov/, including any personal 
information the commenter provides. Using the search function of the 
docket website, anyone can find and read the electronic form of all 
comments received into any FAA docket, including the name of the 
individual sending the comment (or signing the comment for an 
association, business, labor union, etc.). DOT's complete Privacy Act 
Statement can be found in the Federal Register published on April 11, 
2000 (65 FR 19477-19478).
    Docket: Background documents or comments received may be read at 
http://www.regulations.gov/ at any time. Follow the online instructions 
for accessing the docket or go to Docket Operations in Room W12-140 of 
the West Building Ground Floor at 1200 New Jersey Avenue SE, 
Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, 
except Federal holidays.

FOR FURTHER INFORMATION CONTACT: Varun Khanna, Airplane and Flight Crew 
Interface Section, AIR-671, Transport Standards Branch, Policy and 
Innovation Division, Aircraft Certification Service, Federal Aviation 
Administration, 2200 South 216th Street, Des Moines, Washington 98198; 
telephone and fax 206-231-3159; email [email protected].

SUPPLEMENTARY INFORMATION: 
    The substance of these special conditions previously has been 
published in the Federal Register for public comment. These special 
conditions have been derived without substantive change from those 
previously issued. It is unlikely that prior public comment would 
result in a significant change from the substance contained herein. 
Therefore, the FAA has determined that prior public notice and comment 
are unnecessary, and finds that, for the same reason, good cause exists 
for adopting these special conditions upon publication in the Federal 
Register.

Comments Invited

    We invite interested people to take part in this rulemaking by 
sending written comments, data, or views. The most helpful comments 
reference a specific portion of the special conditions, explain the 
reason for any recommended change, and include supporting data.
    We will consider all comments we receive by the closing date for 
comments. We may change these special conditions based on the comments 
we receive.

Background

    On August 19, 2009, Mitsubishi applied for a type certificate for 
their new Model MRJ-200 airplane. This airplane is a twin-engine, 
transport category airplane with a passenger-seating capacity of 92 and 
a maximum takeoff weight of 98,767 pounds.

Type Certification Basis

    Under the provisions of title 14, Code of Federal Regulations (14 
CFR) 21.17,

[[Page 42805]]

Mitsubishi must show that the Model MRJ-200 airplane meets the 
applicable provisions of part 25, as amended by amendments 25-1 through 
25-141.
    If the Administrator finds that the applicable airworthiness 
regulations (i.e., 14 CFR part 25) do not contain adequate or 
appropriate safety standards for the Mitsubishi Model MRJ-200 airplane 
because of a novel or unusual design feature, special conditions are 
prescribed under the provisions of Sec.  21.16.
    Special conditions are initially applicable to the model for which 
they are issued. Should the type certificate for that model be amended 
later to include any other model that incorporates the same novel or 
unusual design feature, these special conditions would also apply to 
the other model under Sec.  21.101.
    In addition to the applicable airworthiness regulations and special 
conditions, the Mitsubishi Model MRJ-200 airplane must comply with the 
fuel-vent and exhaust-emission requirements of 14 CFR part 34, and the 
noise-certification requirements of 14 CFR part 36.
    The FAA issues special conditions, as defined in 14 CFR 11.19, in 
accordance with Sec.  11.38, and they become part of the type 
certification basis under Sec.  21.17(a)(2).

Novel or Unusual Design Features

    The Mitsubishi Model MRJ-200 airplane will incorporate the 
following novel or unusual design feature:
    The installation and activation of electronic network system 
architecture equipment that allows access from internal and external 
sources (e.g., wireless devices, internet connectivity) to the 
airplane's internal electronic components.

Discussion

    Current aircraft communication designs are beginning to adopt 
Ethernet switch technology and Avionics Full-Duplex switched Ethernet 
(AFDX) data networking using commercial products. Transmission Control 
Protocol/Internet Protocol (TCP/IP) is an industry-standard platform 
used for passenger flight information and in-flight entertainment 
systems in a way that is separated physically and logically from 
flight-critical systems. However, a gateway technology that can connect 
networks with different communication standards allows connection 
between avionics assets (such as functions or items) with passenger 
flight information and in-flight entertainment systems. These systems 
may also be connected to the ground worldwide internet through a 
satellite-communication service provider.
    Additionally, for the purpose of data uploading for aircraft 
avionics systems, networks, and maintenance operations, external access 
is possible from the operator's and airplane manufacturer's servers 
through a cellular radio network.
    The Japan Civil Aviation Bureau (JCAB) is the certificating 
authority for the Mitsubishi Model MRJ-200 airplane, and the FAA is the 
validating authority. Typically, the FAA issues separate special 
conditions for ``Airplane Electronic-System Security Protection from 
Unauthorized Internal Access'' and ``Electronic-System Security 
Protection from Unauthorized External Access.'' In special conditions 
written for the Mitsubishi Model MRJ-200 airplane, the JCAB addresses, 
in one special conditions document, both internal and external 
electronic-system security protection for these novel airplane-digital-
network design features. The FAA reviewed the proposed JCAB special 
conditions and determined that they are equivalent in all material 
respects to the separate internal and external electronic-system 
security protection special conditions the FAA typically issues, and 
has issued, to applicants. Therefore, in these special conditions, the 
FAA also is issuing one special conditions document, for both internal 
and external electronic-system security protection, to harmonize the 
FAA special conditions to the JCAB-issued special conditions, thereby 
minimizing differences between the certificating authority and the 
validating authority certification bases. The resultant combination of 
internal and external electronic-system security protection special 
conditions in this document are identical in all material respects to 
FAA special conditions issued for the same separate topics.
    The existing regulations and guidance material did not anticipate 
these types of airplane electronic-system architectures. Furthermore, 
14 CFR regulations, and the current electronic-system safety assessment 
policy and techniques, do not address potential security 
vulnerabilities, which could be exploited by unauthorized access to 
airplane networks, data buses, and servers. Therefore, these special 
conditions ensure that the security (i.e., confidentiality, integrity, 
and availability) of airplane systems is not compromised by 
unauthorized wired or wireless electronic connections.
    These special conditions contain the additional safety standards 
that the Administrator considers necessary to establish a level of 
safety equivalent to that established by the existing airworthiness 
standards.

Applicability

    As discussed above, these special conditions are applicable to the 
Mitsubishi Model MRJ-200 airplane. Should Mitsubishi apply at a later 
date for a change to the type certificate to include another model 
incorporating the same novel or unusual design feature, these special 
conditions would apply to that model as well.

Conclusion

    This action affects only a certain novel or unusual design feature 
on one model of airplane. It is not a rule of general applicability.

List of Subjects in 14 CFR Part 25

    Aircraft, Aviation safety, Reporting and recordkeeping 
requirements.

Authority Citation

    The authority citation for these special conditions is as follows:

    Authority: 49 U.S.C. 106(f), 106(g), 40113, 44701, 44702, 44704.

The Special Conditions

    Accordingly, pursuant to the authority delegated to me by the 
Administrator, the following special conditions are issued as part of 
the type certification basis for Mitsubishi Model MRJ-200 airplanes.
    1. The applicant shall ensure security protection of the systems 
and networks of the aircraft from access by unauthorized sources, both 
internal and external, if the systems' corruption (including hardware, 
software, and data) by an inadvertent or intentional attack would 
impair safety.
    2. The applicant shall ensure that the security threats to the 
aircraft, including those possibly caused by maintenance activity or 
any unprotected connecting equipment and devices, or from the on-board 
passengers, are identified and assessed, and risk-mitigation strategies 
are implemented to protect the aircraft systems and networks from all 
adverse impacts on safety.
    3. The applicant shall establish appropriate procedures for 
security measures against aircraft systems and networks to be 
maintained following changes to the type certificated design.

    Issued in Des Moines, Washington, on August 13, 2019.
Mary A. Schooley,
Acting Manager, Transport Standards Branch, Policy and Innovation 
Division, Aircraft Certification Service.
[FR Doc. 2019-17695 Filed 8-16-19; 8:45 am]
BILLING CODE 4910-13-P