[Federal Register Volume 86, Number 207 (Friday, October 29, 2021)]
[Rules and Regulations]
[Pages 59839-59840]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-23552]
�========================================================================
�Rules and Regulations
� Federal Register
�________________________________________________________________________
�
�This section of the FEDERAL REGISTER contains regulatory documents
�having general applicability and legal effect, most of which are keyed
�to and codified in the Code of Federal Regulations, which is published
�under 50 titles pursuant to 44 U.S.C. 1510.
�
�The Code of Federal Regulations is sold by the Superintendent of Documents.
�
�========================================================================
�
��Federal Register / Vol. 86, No. 207 / Friday, October 29, 2021 /
Rules and Regulations��
[[Page 59839]]
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 25
[Docket No. FAA-2021-0906; Special Conditions No. 25-792-SC]
Special Conditions: Honeywell, Bombardier Model BD-100-1A10
Airplane; Electronic System Security Protection From Unauthorized
External Access
AGENCY: Federal Aviation Administration (FAA), Department of
Transportation (DOT).
ACTION: Final special conditions; request for comments.
-----------------------------------------------------------------------
SUMMARY: These special conditions are issued for the Bombardier Model
BD-100-1A10 airplane. This airplane, as modified by Honeywell, will
have a novel or unusual design feature when compared to the state of
technology envisioned in the airworthiness standards for transport
category airplanes. This design feature is the installation of a system
that provides wireless data download capability from the engine
electronic control unit to Honeywell cloud-based storage. The
applicable airworthiness regulations do not contain adequate or
appropriate safety standards for this design feature. These special
conditions contain the additional safety standards that the
Administrator considers necessary to establish a level of safety
equivalent to that established by the existing airworthiness standards.
DATES: This action is effective on Honeywell on October 29, 2021. Send
comments on or before December 13, 2021.
ADDRESSES: Send comments identified by Docket No. FAA-2021-0906 using
any of the following methods:
Federal eRegulations Portal: Go to https://www.regulations.gov/ and follow the online instructions for sending
your comments electronically.
Mail: Send comments to Docket Operations, M-30, U.S.
Department of Transportation (DOT), 1200 New Jersey Avenue SE, Room
W12-140, West Building Ground Floor, Washington, DC 20590-0001.
Hand Delivery or Courier: Take comments to Docket
Operations in Room W12-140 of the West Building Ground Floor at 1200
New Jersey Avenue SE, Washington, DC, between 9 a.m. and 5 p.m., Monday
through Friday, except Federal holidays.
Fax: Fax comments to Docket Operations at 202-493-2251.
Privacy: Except for Confidential Business Information (CBI) as
described in the following paragraph, and other information as
described in 14 CFR 11.35, the FAA will post all comments received
without change to https://www.regulations.gov/, including any personal
information you provide. The FAA will also post a report summarizing
each substantive verbal contact received about these special
conditions.
Confidential Business Information: Confidential Business
Information (CBI) is commercial or financial information that is both
customarily and actually treated as private by its owner. Under the
Freedom of Information Act (FOIA) (5 U.S.C. 552), CBI is exempt from
public disclosure. If your comments responsive to these special
conditions contain commercial or financial information that is
customarily treated as private, that you actually treat as private, and
that is relevant or responsive to these special conditions, it is
important that you clearly designate the submitted comments as CBI.
Please mark each page of your submission containing CBI as ``PROPIN.''
The FAA will treat such marked submissions as confidential under the
FOIA, and the indicated comments will not be placed in the public
docket of these special conditions. Send submissions containing CBI to
the Information Contact below. Comments the FAA receives, which are not
specifically designated as CBI, will be placed in the public docket for
these special conditions.
Docket: Background documents or comments received may be read at
https://www.regulations.gov/ at any time. Follow the online
instructions for accessing the docket or go to Docket Operations in
Room W12-140 of the West Building Ground Floor at 1200 New Jersey
Avenue SE, Washington, DC, between 9 a.m. and 5 p.m., Monday through
Friday, except Federal holidays.
FOR FURTHER INFORMATION CONTACT: Varun Khanna, Aircraft Information
Systems, AIR-622, Technical Innovation Policy Branch, Policy and
Innovation Division, Aircraft Certification Service, Federal Aviation
Administration, 2200 South 216th Street, Des Moines, Washington 98198;
telephone and fax 206-231-3159; email [email protected].
SUPPLEMENTARY INFORMATION: The substance of these special conditions
has been published in the Federal Register for public comment in
several prior instances with no substantive comments received.
Therefore, the FAA has determined that prior public notice and comment
are unnecessary, and finds that, for the same reason, good cause exists
for adopting these special conditions upon publication in the Federal
Register.
Comments Invited
The FAA invites interested people to take part in this rulemaking
by sending written comments, data, or views. The most helpful comments
reference a specific portion of the special conditions, explain the
reason for any recommended change, and include supporting data.
The FAA will consider all comments received by the closing date for
comments. The FAA may change these special conditions based on the
comments received.
Background
On February 24, 2020, Honeywell applied for a supplemental type
certificate for installation of the Honeywell Connected Engine Data
Access System (CEDAS) in the Bombardier Model BD-100-1A10 airplane,
requiring security protection from unauthorized external access. The
Bombardier Model BD-100-1A10 airplane is a twin-engine business jet
with a passenger capacity of 16 and a maximum takeoff weight of 40,600
pounds.
Type Certification Basis
Under the provisions of title 14 Code of Federal Regulations (14
CFR) 21.101, Honeywell must show that the Bombardier Model BD-100-1A10
[[Page 59840]]
airplane, as changed, continues to meet the applicable provisions of
the regulations listed in Type Certificate No. T00005NY, or the
applicable regulations in effect on the date of application for the
change, except for earlier amendments as agreed upon by the FAA.
If the Administrator finds that the applicable airworthiness
regulations (e.g., 14 CFR part 25) do not contain adequate or
appropriate safety standards for the Bombardier Model BD-100-1A10
airplane because of a novel or unusual design feature, special
conditions are prescribed under the provisions of Sec. 21.16.
Special conditions are initially applicable to the model for which
they are issued. Should the applicant apply for a supplemental type
certificate to modify any other model included on the same type
certificate to incorporate the same novel or unusual design feature,
these special conditions would also apply to the other model under
Sec. 21.101.
In addition to the applicable airworthiness regulations and special
conditions, the Bombardier Model BD-100-1A10 airplane must comply with
the fuel vent and exhaust emission requirements of 14 CFR part 34 and
the noise certification requirements of 14 CFR part 36.
The FAA issues special conditions, as defined in 14 CFR 11.19, in
accordance with Sec. 11.38, and they become part of the type
certification basis under Sec. 21.101.
Novel or Unusual Design Feature
The Bombardier Model BD-100-1A10 airplane, as modified by
Honeywell, will incorporate the following novel or unusual design
feature:
Installation of the Honeywell Connected Engine Data Access System
(CEDAS) which provides wireless data download capability from the
engine's electronic control unit (ECU) to Honeywell cloud-based
storage. CEDAS allows maintenance personnel to wirelessly connect to
the ECUs and allows autonomous engine data uploads to cloud data
services over WiFi.
Discussion
The Honeywell supplemental type certificate for the Bombardier
Model BD-100-1A10 airplane design adds the Connected Engine Data Access
System (CEDAS) architecture which is novel for commercial transport
category airplanes. CEDAS allows connection to airplane electronic
systems and networks, and access from aircraft external sources (e.g.,
operator networks, wireless devices, internet connectivity, service
provider satellite communications, electronic flight bags, etc.) to the
previously isolated airplane electronic assets (networks, systems, and
databases). The installation of CEDAS may result in network security
vulnerabilities from intentional or unintentional corruption of data
and systems required for the operations and maintenance of the
airplane.
The existing FAA regulations did not anticipate these networked
airplane system architectures. Furthermore, these regulations and the
current guidance material do not address potential security
vulnerabilities, which could be exploited by unauthorized access to
airplane networks, data buses, and servers. Therefore, these special
conditions ensure that the security (i.e., confidentiality, integrity,
and availability) of airplane systems is not compromised by
unauthorized wired or wireless electronic connections. This includes
ensuring that the security of the airplane's systems is not compromised
during maintenance of the airplane's electronic systems. These special
conditions also require the applicant to provide appropriate
instructions to the operator to maintain all electronic system
safeguards that have been implemented as part of the original network
design so that this feature does not allow or reintroduce security
threats.
These special conditions contain the additional safety standards
that the Administrator considers necessary to establish a level of
safety equivalent to that established by the existing airworthiness
standards.
Applicability
As discussed above, these special conditions are applicable to the
Bombardier Model BD-100-1A10 airplane. Should Honeywell apply at a
later date for a supplemental type certificate to modify any other
model included on Type Certificate No. T00005NY to incorporate the same
novel or unusual design feature, these special conditions would apply
to that model as well.
Conclusion
This action affects only a certain novel or unusual design feature
on one model of airplane, as modified by Honeywell. It is not a rule of
general applicability and affects only the applicant.
List of Subjects in 14 CFR Part 25
Aircraft, Aviation safety, Reporting and recordkeeping
requirements.
Authority Citation
The authority citation for these special conditions is as follows:
Authority: 49 U.S.C. 106(f), 106(g), 40113, 44701, 44702, 44704.
The Special Conditions
Accordingly, pursuant to the authority delegated to me by the
Administrator, the following special conditions are issued as part of
the type certification basis for the Bombardier Model BD-100-1A10
airplane, as modified by Honeywell, for airplane electronic system
security protection from unauthorized external access.
1. The applicant must ensure airplane electronic system security
protection from access by unauthorized sources external to the
airplane, including those possibly caused by maintenance activity.
2. The applicant must ensure that electronic system security
threats are identified and assessed, and that effective electronic
system security protection strategies are implemented to protect the
airplane from all adverse impacts on safety, functionality, and
continued airworthiness.
3. The applicant must establish appropriate procedures to allow the
operator to ensure that continued airworthiness of the airplane is
maintained, including all post type certification modifications that
may have an impact on the approved electronic system security
safeguards.
Issued in Kansas City, Missouri, on October 25, 2021.
Patrick R. Mullen,
Manager, Technical Innovation Policy Branch, Policy and Innovation
Division, Aircraft Certification Service.
[FR Doc. 2021-23552 Filed 10-28-21; 8:45 am]
BILLING CODE 4910-13-P