Saturday, September 3, 2022

Review - FAA Cybersecurity Special Provisions – Internal vs External Electronic Access

The DOT’s Federal Aviation Administration (FAA) has published two Special Conditions notices in Tuesday’s (available on line today) Federal Register ((87 FR 54349-54351 and 87 FR 54351-54353), both for Bombardier Model BD-700-1A10 and BD-700-1A11 Airplanes as modified by L2 Consulting Services. The two notices deal with electronic systems added to the Bombardier aircraft that are not adequately dealt with by current airworthiness regulations. Accordingly, these “special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing airworthiness standards.”

Each notice applies to the same base aircraft: “The Bombardier Model BD-700-1A10 and BD-700-1A11 airplanes are twin-engine, transport category airplanes, executive-interior business jets with a maximum takeoff weight of 93,500 pounds (42,410 Kg) and a maximum seating capacity of seventeen passengers and two crew members.”


While these two sets of special condition requirements are worded differently than three other instances of aircraft cybersecurity special conditions that I have covered previously in my blog Chemical Facility Security New (here, here and here), the FAA continues to write broadly worded, performance-oriented cybersecurity standards for these aircraft. What is not publicly provided here is the guidance provided to FAA inspectors for processes by which those inspectors will evaluate how well the aircraft implement these special conditions in the type approval process.

For more details about the requirements of these special conditions, see my article at CFSN Detailed Analysis - - subscription required.

No comments:

/* Use this with templates/template-twocol.html */