HR 4 Introduced – FAA Reauthorization

Earlier this month Rep. Schuster (R,PA) introduced HR 4, the FAA Reauthorization Act of 2018. The bill includes a number of provisions that address unmanned aircraft system (UAS) operations and aviation cybersecurity.

UAS Provisions

The bill addresses UAS issues in two separate sub-titles; Sub-Title B of Title 3 and Sub-Title C of Title 7. Between these two sub-titles there are 17 separate sections addressing a wide variety of UAS topics. Of those, the following may be of specific interest to readers of this blog:

§337. Evaluation of aircraft registration for small unmanned aircraft;

§338. Study on roles of governments relating to low-altitude operation of small unmanned aircraft;

§341. Cooperation related to certain counter-UAS technology.

Section 337 of the bill requires FAA to “develop and track metrics to assess compliance with and effectiveness of the registration of small unmanned aircraft systems” {§337(a)} required by the interim final rule published in December of 2015. It would also require the DOT Inspector General to report to Congress on both the metric development required and the overall “reliability, effectiveness, and efficiency of the Administration’s registration program for small unmanned aircraft” {§337(b)(2)}.

Section 338 of the bill requires the DOT Inspector General to begin a study of the “the regulation and oversight of the low-altitude operations of small unmanned aircraft and small unmanned aircraft systems” {§338(a)(1)} and the appropriate roles of Federal, State, local, and Tribal governments in regulating UAS operations below 400 ft above ground level (AGL). An obligatory report to Congress is required.

Section 341 of the bill would require DOT to consult with DOD about efforts to streamline the deployment of systems “in the national airspace system intended to mitigate threats posed by errant or hostile unmanned aircraft system operations”.

Cybersecurity Provisions

The cybersecurity sub-title includes six sections. Of these, the following three sections may be of specific interest to readers of this blog:

§732. Cabin communications, entertainment, and information technology systems cybersecurity vulnerabilities.

§733. Cybersecurity threat modeling.

§736. Cybersecurity research and development program.

Section 732 would require the FAA to “determine the research and development needs associated with cybersecurity vulnerabilities of cabin communications, entertainment, and information technology systems on civil passenger aircraft” {§732(a)}. Those R&D needs would include an assessment of:

• Technical risks and vulnerabilities;

• Potential impacts on the national airspace and public safety; and

• Identification of deficiencies in cabin-based cybersecurity.

Section 733 would require the FAA, in consultation with the National Institute of Standards and Technology, to “develop an internal FAA cybersecurity threat modeling program to detect cybersecurity vulnerabilities, track how those vulnerabilities might be exploited, and assess the magnitude of harm that could be caused by the exploitation of those vulnerabilities” {§733(a)(1)}.

Section 736 would require the FAA to “establish a research and development program to improve the cybersecurity of civil aircraft and the national airspace system” {§737(a)}. In support of that program the FAA would be required to establish a plan to implement that program. The plan would include objectives, proposed tasks, milestones, and a 5-year budgetary profile. The FAA would also be required to commission a National Academies study of that plan.

Moving Forward

This bill is scheduled to be considered by the House this week. The House Rules Committee will hold a hearing on Tuesday to prepare the rule for the consideration of the bill. There have been 231 proposed amendments to the bill submitted to the Committee for consideration. These amendments include a number that address either UAS or cybersecurity provisions.

I suspect that we will have a managed rule for this bill that will include a relatively small number of those amendments. I suspect that the bill will pass with at least some bipartisan support. This is one of those ‘must pass’ bills that Congress has to deal with every year. We have not yet seen a Senate version of the bill, but the Senate will take up their own version of the bill which typically means that a conference committee will have to be convened to work out the differences between the two versions.

Commentary

I am more than a little concerned that this bill addresses (§341) the deployment of weapon systems to mitigate the threat of UAS systems without addressing the legal issues associated with interfering with the operation of aircraft. While the bill does not specifically mention weapons the vague use of the phrase “systems in the national airspace system intended to mitigate threats” can only be considered weapons. Whether those weapons conduct physical attacks to destroy the UAS or electronic attacks to cause the UAS to crash (any landing outside of the control of the pilot/operator is a crash; controlled or otherwise) still mean that the systems employed are weapons.

See my discussion of HR 5366 to see the extent of the legal complications that are apparently being ignored in this section.