Today the DOT’s Federal Aviation Administration published two cybersecurity related special condition rules in the Federal Register for aircraft from Beechcraft (81 FR 56475-56477) and Bombardier (81 FR 56474-56475). These final special conditions are required because of novel or unusual design features that require special attention not outlined in normal airworthiness standards.
Beechcraft Special Conditions
This Special Condition applies to the Beechcraft Model 400A airplane. The Special Condition is required to allow installation of digital-systems network architecture, composed of several connected networks that may allow access to or by external computer systems and networks, in Beechcraft Model 400A airplanes. The applicable airworthiness regulations do not contain adequate or appropriate safety standards for this design feature. The FAA notes that:
“The existing regulations and guidance material did not anticipate this type of system architecture, or external wired and wireless electronic access to airplane electronic systems. Furthermore, regulations, and current system safety-assessment policy and techniques, do not address potential security vulnerabilities that could be caused by unauthorized access to airplane electronic systems and networks.”
The Special Conditions require that:
“1. The applicant must ensure that the airplane electronic systems are protected from access by unauthorized sources external to the airplane, including those possibly caused by maintenance activity.
“2. The applicant must ensure that electronic system-security threats are identified and assessed, and that effective electronic system-security protection strategies are implemented to protect the airplane from all adverse impacts on safety, functionality, and continued airworthiness.
“3. The applicant must establish appropriate procedures to allow the operator to ensure that continued airworthiness of the airplane is maintained, including all post-type-certification modifications that may have an impact on the approved electronic system-security safeguards.”
Bombardier Special Conditions
The Special Condition applies to the new Bombardier Model BD-700-2A12 and BD-700-2A13 airplanes. The Special Condition is required because the aircraft will contain a digital system architecture that contains multiple, interconnected domains, including:
• Flight-safety-related control, communication, and navigation systems (airplane-control domain);
• Operation and administrative support (operator-information-services domain); and
• Passenger information and entertainment systems (passenger-entertainment domain).
Additionally, this digital systems architecture will have the capability to allow access to or by external network sources.
The Special Conditions require that:
1. The applicant must ensure that the design provides isolation from, or airplane electronic system security protection against, access by unauthorized sources internal to the airplane. The design must prevent inadvertent and malicious changes to, and all adverse impacts upon, airplane equipment, systems, networks, or other assets required for safe flight and operations.
2. The applicant must establish appropriate procedures to allow the operator to ensure that continued airworthiness of the airplane is maintained, including all post type certification modifications that may have an impact on the approved electronic system security safeguards.
The FAA is soliciting public comments on these special conditions. Written comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Beechcraft Docket #FAA-2016-8029; Bombardier Docket #FAA-2015-6359). Comments should be submitted by October 6th, 2016.
The FAA continues to address aircraft cybersecurity issues on a case by case basis. This is almost certainly due to the fact that most aircraft being certified do not have digital control systems with the potential for outside access that could affect safety of flight issues. That is obviously changing.
These special conditions are written in broad enough language that each manufacturer and aircraft operator is being given a wide degree of latitude in how they accomplish the requirements set forth in the Special Conditions. And it must be remembered that each applicable solution still has to be specifically certified by the manufacturer and/or the operator.
Two questions remain. First, does the FAA have enough adequately trained cybersecurity personnel to do the evaluation necessary to complete the certification process? Second, does the FAA have a vulnerability disclosure process in place to allow third party cybersecurity researchers to notify the FAA of newly discovered vulnerabilities in these flight control systems? I do not have an answer to these questions, but I do not get a warm and fuzzy feeling when contemplating the probable answers.