Today the FAA published a final special condition standard for Airbus Model A350-900 airplanes in the Federal Register (79 FR 53128-53129) concerned with electronic system-security protection from unauthorized external access. The effective date for this action is today.
The FAA notes in their background discussion to this action that “electronic system-network-security considerations and functions have played a relatively minor role in the certification of such systems because of the isolation, protection mechanisms, and limited connectivity between the different network”. On this aircraft type, however, the Administrator found that:
“The airplane-control domain and operator-information-services domain perform functions required for the safe operation and maintenance of the airplane. Previously, these domains had very limited connectivity with external network sources. The network architecture and configuration may allow the exploitation of network-security vulnerabilities resulting in intentional or unintentional destruction, disruption, degradation, or exploitation of data, systems, and networks critical to the safety and maintenance of the airplane.”
Furthermore, the preamble acknowledges that:
“The existing regulations and guidance material did not anticipate these types of airplane system architectures. Furthermore, 14 CFR regulations and current system-safety assessment policy and techniques do not address potential security vulnerabilities, which could be exploited by unauthorized access to airplane networks, data buses, and servers. “
The Special Conditions outline the following three control system security requirements:
1. The applicant must ensure airplane electronic system-security protection from access by unauthorized sources external to the airplane, including those possibly caused by maintenance activity.
2. The applicant must ensure that electronic system-security threats are identified and assessed, and that effective electronic system-security protection strategies are implemented to protect the airplane from all adverse impacts on safety, functionality, and continued airworthiness.
3. The applicant must establish appropriate procedures to allow the operator to ensure that continued airworthiness of the airplane is maintained, including all post-type-certification modifications that may have an impact on the approved electronic system-security safeguards.
At this time these requirements are only required for Airbus Model A350-900 airplanes.