Earlier this month Rep. Schuster (R,PA) introduced HR 4, the
FAA Reauthorization Act of 2018. The bill includes a number of provisions that
address unmanned aircraft system (UAS) operations and aviation cybersecurity.
UAS Provisions
The bill addresses UAS issues in two separate sub-titles;
Sub-Title B of Title 3 and Sub-Title C of Title 7. Between these two sub-titles
there are 17 separate sections addressing a wide variety of UAS topics. Of
those, the following may be of specific interest to readers of this blog:
§337. Evaluation of aircraft
registration for small unmanned aircraft;
§338. Study on roles of governments
relating to low-altitude operation of small unmanned aircraft;
§341. Cooperation related to
certain counter-UAS technology.
Section 337 of the bill requires FAA to “develop and track
metrics to assess compliance with and effectiveness of the registration of
small unmanned aircraft systems” {
§337(a)}
required by the
interim
final rule published in December of 2015. It would also require the DOT Inspector
General to report to Congress on both the metric development required and the
overall “reliability, effectiveness, and efficiency of the Administration’s
registration program for small unmanned aircraft” {
§337(b)(2)}.
Section 338 of the bill requires the DOT Inspector General
to begin a study of the “the regulation and oversight of the low-altitude
operations of small unmanned aircraft and small unmanned aircraft systems” {§338(a)(1)} and the
appropriate roles of Federal, State, local, and Tribal governments in regulating
UAS operations below 400 ft above ground level (AGL). An obligatory report to
Congress is required.
Section 341 of the bill would require DOT to consult with
DOD about efforts to streamline the deployment of systems “in the national
airspace system intended to mitigate threats posed by errant or hostile
unmanned aircraft system operations”.
Cybersecurity Provisions
The cybersecurity sub-title includes six sections. Of these,
the following three sections may be of specific interest to readers of this
blog:
§732. Cabin communications, entertainment,
and information technology systems cybersecurity vulnerabilities.
§733. Cybersecurity threat
modeling.
§736. Cybersecurity research and
development program.
Section 732 would require the FAA to “determine the research
and development needs associated with cybersecurity vulnerabilities of cabin
communications, entertainment, and information technology systems on civil
passenger aircraft” {§732(a)}.
Those R&D needs would include an assessment of:
• Technical risks and
vulnerabilities;
• Potential impacts on the national
airspace and public safety; and
• Identification of deficiencies in cabin-based
cybersecurity.
Section 733 would require the FAA, in consultation with the
National Institute of Standards and Technology, to “develop an internal FAA cybersecurity
threat modeling program to detect cybersecurity vulnerabilities, track how
those vulnerabilities might be exploited, and assess the magnitude of harm that
could be caused by the exploitation of those vulnerabilities” {§733(a)(1)}.
Section 736 would require the FAA to “establish a research
and development program to improve the cybersecurity of civil aircraft and the
national airspace system” {§737(a)}.
In support of that program the FAA would be required to establish a plan to
implement that program. The plan would include objectives, proposed tasks,
milestones, and a 5-year budgetary profile. The FAA would also be required to
commission a National Academies study of that plan.
Moving Forward
This bill is scheduled to be considered by the House this
week. The House Rules Committee will hold a hearing on Tuesday to prepare the
rule for the consideration of the bill. There have been 231 proposed amendments
to the bill submitted to the Committee for consideration. These amendments
include a number that address either UAS or cybersecurity provisions.
I suspect that we will have a managed rule for this bill that
will include a relatively small number of those amendments. I suspect that the
bill will pass with at least some bipartisan support. This is one of those ‘must
pass’ bills that Congress has to deal with every year. We have not yet seen a
Senate version of the bill, but the Senate will take up their own version of
the bill which typically means that a conference committee will have to be
convened to work out the differences between the two versions.
Commentary
I am more than a little concerned that this bill addresses (§341) the deployment of weapon
systems to mitigate the threat of UAS systems without addressing the legal
issues associated with interfering with the operation of aircraft. While the
bill does not specifically mention weapons the vague use of the phrase “systems
in the national airspace system intended to mitigate threats” can only be
considered weapons. Whether those weapons conduct physical attacks to destroy
the UAS or electronic attacks to cause the UAS to crash (any landing outside of
the control of the pilot/operator is a crash; controlled or otherwise) still
mean that the systems employed are weapons.
See my
discussion
of HR 5366 to see the extent of the legal complications that are apparently
being ignored in this section.