HR 7045 Introduced – Avionics Cybersecurity

Earlier this month Rep. Meng (D,NY) introduced HR 7045, the Aircraft Avionics Systems Cybersecurity Act. The bill would require the FAA to revise airworthiness certification regulations to “address cybersecurity for avionics systems, including software components” {§2(a)(1)}.

Cybersecurity Requirements

Section 2(a) of the bill would require the FAA to revise airworthiness certification regulations “to require that aircraft avionics systems used for flight guidance or aircraft control be secured against unauthorized access via passenger inflight entertainment systems through such means as the Administrator determines appropriate to protect the avionics systems from unauthorized external and internal access” {§2(a)(2)}.

Section 2(b) of the bill would require the FAA in revising the regulations to take into account the recommendations of the Aircraft Systems Information Security Protection Working Group required by §2111(a)(2)(A)(iii)(I) of the FAA Extension Safety and Security Act of 2016 (PL 114-190, 130 STAT. 625). Those recommendations were published in August 2016.

Moving Forward

Meng is not a member of the House Transportation and Infrastructure Committee to which the bill was assigned for consideration, so it is unlikely that she has the influence necessary to have the bill considered in Committee. This is especially true so late in the session.

It is not clear what sort of support would be available for this bill. While it would require the FAA to establish new regulations (which would draw at least some sort of opposition from industry) the requirements for those regulations are extremely vague and broadly drawn. This bill could receive some bipartisan support because it would allow Congress to look like it was taking action without making any controversial decisions.