18 January 2010. It is not clear if this vulnerability applies to other B-747
models -- such as Air Force One -- or other computer-controlled aircraft
not only those by Boeing and not only civilian versions. Or whether offensive
measures to exploit the weakness or defensive countermeasures have been
developed.
[Federal Register: January 15, 2010 (Volume 75, Number 10)]
[Rules and Regulations]
[Page 2433-2434]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr15ja10-1]
========================================================================
Rules and Regulations
Federal Register
________________________________________________________________________
This section of the FEDERAL REGISTER contains regulatory documents
having general applicability and legal effect, most of which are keyed
to and codified in the Code of Federal Regulations, which is published
under 50 titles pursuant to 44 U.S.C. 1510.
The Code of Federal Regulations is sold by the Superintendent of Documents.
Prices of new books are listed in the first FEDERAL REGISTER issue of each
week.
========================================================================
[[Page 2433]]
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 25
[Docket No. NM413; Special Conditions No. 25-401-SC]
Special Conditions: Boeing Model 747-8/-8F Airplanes, Systems and
Data Networks Security--Protection of Airplane Systems and Data
Networks From Unauthorized External Access
AGENCY: Federal Aviation Administration (FAA), DOT.
ACTION: Final special conditions.
-----------------------------------------------------------------------
SUMMARY: These special conditions are issued for the Boeing Model 747-
8/-8F airplane. This airplane will have novel or unusual design
features associated with the architecture and connectivity capabilities
of the airplane's computer systems and networks, which may allow access
to external computer systems and networks. Connectivity to external
systems and networks may result in security vulnerabilities to the
airplane's systems. The applicable airworthiness regulations do not
contain adequate or appropriate safety standards for these design
features. These special conditions contain the additional safety
standards that the Administrator considers necessary to establish a
level of safety equivalent to that established by the existing
airworthiness standards.
DATES: Effective Date: February 16, 2010.
FOR FURTHER INFORMATION CONTACT: Will Struck, FAA, Airplane and Flight
Crew Interface Branch, ANM-111, Transport Airplane Directorate, 1601
Lind Avenue, SW., Renton, Washington 98057-3356; telephone (425) 227-
2764; facsimile (425) 227-1149.
SUPPLEMENTARY INFORMATION:
Background
On November 4, 2005, The Boeing Company, P.O. Box 3707, Seattle, WA
98124, applied for an amendment to Type Certificate Number A20WE to
include the new Model 747-8 passenger airplane and the new Model 747-8F
freighter airplane. The Model 747-8 and the Model 747-8F are
derivatives of the 747-400 and the 747-400F, respectively. Both the
Model 747-8 and the Model 747-8F are four-engine jet transport
airplanes that will have a maximum takeoff weight of 975,000 pounds and
new General Electric GEnx-2B67 engines. The Model 747-8 will have two
flight crew and the capacity to carry 660 passengers. The Model 747-8F
will have two flight crew and a zero passenger capacity, although the
FAA has issued a partial grant of exemption to Boeing for the carriage
of up to six supernumeraries for the 747-8F.
Type Certification Basis
Under the provisions of Title 14, Code of Federal Regulations (14
CFR) 21.17, Boeing must show that the Model 747-8 and 747-8F (hereafter
referred as 747-8/-8F) meet the applicable provisions of part 25, as
amended by Amendments 25-1 through 25-120, except for Sec. Sec.
25.809(a) and 25.812, which will remain at Amendment 25-115. These
regulations will be incorporated into Type Certificate No. A20WE after
type certification approval of the 747-8/-8F.
In addition, the certification basis includes other regulations,
special conditions and exemptions that are not relevant to these
special conditions.
If the Administrator finds that the applicable airworthiness
regulations (i.e., 14 CFR part 25) do not contain adequate or
appropriate safety standards for the 747-8/-8F because of a novel or
unusual design feature, special conditions are prescribed under the
provisions of Sec. 21.16.
In addition to the applicable airworthiness regulations and special
conditions, the 747-8/-8F must comply with the fuel vent and exhaust
emission requirements of 14 CFR part 34 and the noise certification
requirements of 14 CFR part 36.
Special conditions, as defined in Sec. 11.19, are issued under
Sec. 11.38, and become part of the type certification basis under
Sec. 21.101.
Special conditions are initially applicable to the model for which
they are issued. Should the type certificate for that model be amended
later to include any other model that incorporates the same or similar
novel or unusual design feature, or should any other model already
included on the same type certificate be modified to incorporate the
same or similar novel or unusual design feature, the special conditions
would also apply to the other model under Sec. 21.101.
Novel or Unusual Design Features
The Boeing Model 747-8/-8F airplane will incorporate the following
novel or unusual design features: digital systems architecture composed
of several connected networks. The architecture and network
configuration may be used for, or interfaced with, a diverse set of
functions, including:
1. Flight-safety related control, communication, and navigation
systems (aircraft control domain),
2. Airline business and administrative support (airline information
domain),
3. Passenger information and entertainment systems (passenger
entertainment domain), and
4. The capability to allow access to or by external network
sources.
Discussion
The Model 747-8/-8F architecture and network configuration may
allow increased connectivity to and access from external network
sources and airline operations and maintenance networks to the aircraft
control domain and airline information domain. The aircraft control
domain and airline information domain perform functions required for
the safe operation and maintenance of the airplane. Previously these
domains had very limited connectivity with external network sources.
The architecture and network configuration may allow the
exploitation of network security vulnerabilities resulting in
intentional or unintentional destruction, disruption, degradation, or
exploitation of data, systems, and networks critical to the safety and
maintenance of the airplane.
The existing regulations and guidance material did not anticipate
these types of airplane system architectures. Furthermore, 14 CFR
regulations and current system safety assessment policy and techniques
do not address potential security vulnerabilities, which could be
exploited by unauthorized access to
[[Page 2434]]
airplane networks, data bases, and servers. Therefore, these special
conditions and a means of compliance are provided to ensure that the
security (i.e., confidentiality, integrity, and availability) of
airplane systems is not compromised by unauthorized wired or wireless
electronic connections.
Discussion of Comments
Notice of proposed special conditions No. 25-09-09-SC for the
Boeing Model 747-8/-8F airplanes was published in the Federal Register
on October 2, 2009 (74 FR 50926). No comments were received.
Applicability
As discussed above, these special conditions are applicable to
Boeing Model 747-8/-8F airplanes. Should Boeing apply at a later date
for a change to the type certificate to include another model
incorporating the same novel or unusual design features, these special
conditions would apply to that model as well under the provisions of
Sec. 21.101.
Conclusion
This action affects only certain novel or unusual design features
of the Boeing Model 747-8/-8F airplane. It is not a rule of general
applicability.
List of Subjects in 14 CFR Part 25
Aircraft, Aviation safety, Reporting and recordkeeping
requirements.
0
The authority citation for these special conditions is as follows:
Authority: 49 U.S.C. 106(g), 40113, 44701, 44702, 44704.
The Special Conditions
0
Accordingly, pursuant to the authority delegated to me by the
Administrator, the following special conditions are issued as part of
the type certification basis for the Boeing Model 747-8/-8F airplanes.
1. The applicant must ensure electronic system security protection
for the aircraft control domain and airline information domain from
access by unauthorized sources external to the airplane, including
those possibly caused by maintenance activity.
2. The applicant must ensure that electronic system security
threats from external sources are identified and assessed, and that
effective electronic system security protection strategies are
implemented to protect the airplane from all adverse impacts on safety,
functionality, and continued airworthiness.
Issued in Renton, Washington, on January 5, 2010.
Ali Bahrami,
Manager, Transport Airplane Directorate, Aircraft Certification
Service.
[FR Doc. 2010-661 Filed 1-14-10; 8:45 am]
BILLING CODE 4910-13-P
[Federal Register: October 2, 2009 (Volume 74, Number 190)]
[Proposed Rules]
[Page 50926-50928]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr02oc09-7]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 25
[Docket No. NM413 Special Conditions No. 25-09-09-SC]
Special Conditions: Boeing Model 747-8/-8F Airplanes, Systems and
Data Networks Security--Protection of Airplane Systems and Data
Networks From Unauthorized External Access
AGENCY: Federal Aviation Administration (FAA), DOT.
ACTION: Notice of proposed special conditions.
-----------------------------------------------------------------------
SUMMARY: This action proposes special conditions for the Boeing Model
747-8/-8F airplane. This airplane will have novel or unusual design
features associated with the architecture and connectivity capabilities
of the airplane's computer systems and networks, which may allow access
to external computer systems and networks. Connectivity to external
systems and networks may result in security vulnerabilities to the
airplane's systems. The applicable airworthiness regulations do not
contain adequate or appropriate safety standards for these design
features. These proposed special conditions contain the additional
safety standards that the Administrator
[[Page 50927]]
considers necessary to establish a level of safety equivalent to that
established by the existing airworthiness standards.
DATES: Comments must be received on or before November 2, 2009.
ADDRESSES: Comments on this proposal may be mailed in duplicate to:
Federal Aviation Administration, Transport Airplane Directorate,
Attention: Rules Docket (ANM-113), Docket No. NM413, 1601 Lind Avenue,
SW., Renton, Washington 98057-3356; or delivered in duplicate to the
Transport Airplane Directorate at the above address. All comments must
be marked Docket No. NM413. Comments may be inspected in the Rules
Docket weekdays, except Federal holidays, between 7:30 a.m. and 4 p.m.
FOR FURTHER INFORMATION CONTACT: Will Struck, FAA, Airplane and Flight
Crew Interface Branch, ANM-111, Transport Airplane Directorate, 1601
Lind Avenue, SW., Renton, Washington 98057-3356; telephone (425) 227-
2764; facsimile (425) 227-1149.
SUPPLEMENTARY INFORMATION:
Comments Invited
The FAA invites interested persons to participate in this
rulemaking by submitting written comments, data, or views. The most
helpful comments reference a specific portion of the special
conditions, explain the reason for any recommended change, and include
supporting data. We ask that you send us two copies of written
comments.
We will file in the docket all comments we receive as well as a
report summarizing each substantive public contact with FAA personnel
concerning these proposed special conditions. The docket is available
for public inspection before and after the comment closing date. If you
wish to review the docket in person, go to the address in the ADDRESSES
section of this notice between 7:30 a.m. and 4 p.m., Monday through
Friday, except Federal holidays.
We will consider all comments we receive on or before the closing
date for comments. We will consider comments filed late if it is
possible to do so without incurring expense or delay. We may change the
proposed special conditions based on comments we receive.
If you want the FAA to acknowledge receipt of your comments on this
proposal, include with your comments a pre-addressed, stamped postcard
on which the docket number appears. We will stamp the date on the
postcard and mail it back to you.
Background
On November 4, 2005, The Boeing Company, P.O. Box 3707, Seattle, WA
98124, applied for an amendment to Type Certificate Number A20WE to
include the new Model 747-8 passenger airplane and the new Model 747-8F
freighter airplane. The Model 747-8 and the Model 747-8F are
derivatives of the 747-400 and the 747-400F, respectively. Both the
Model 747-8 and the Model 747-8F are four-engine jet transport
airplanes that will have a maximum takeoff weight of 975,000 pounds and
new General Electric GEnx -2B67 engines. The Model 747-8 will have 2
flight crews and the capacity to carry 660 passengers. The Model 747-8F
will have 2 flight crews and a zero passenger capacity, although Boeing
has submitted a petition for exemption to allow the carriage of
supernumeraries. The maximum takeoff weight will be 975,000 with up to
eight supernumeraries for the 747-8F.
Type Certification Basis
Under the provisions of Title 14, Code of Federal Regulations (14
CFR) 21.17, Boeing must show that the Model 747-8 and 747-8F (hereafter
referred as 747-8/-8F) meet the applicable provisions of part 25, as
amended by Amendments 25-1 through 25-120, except for Sec. Sec.
25.809(a) and 25.812, which will remain at Amendment 25-115. These
regulations will be incorporated into Type Certificate No. A20WE after
type certification approval of the 747-8/-8F.
In addition, the certification basis includes other regulations,
special conditions and exemptions that are not relevant to these
proposed special conditions.
If the Administrator finds that the applicable airworthiness
regulations (i.e., 14 CFR part 25) do not contain adequate or
appropriate safety standards for the 747-8/-8F because of a novel or
unusual design feature, special conditions are prescribed under the
provisions of Sec. 21.16.
In addition to the applicable airworthiness regulations and special
conditions, the 747-8/-8F must comply with the fuel vent and exhaust
emission requirements of 14 CFR part 34 and the noise certification
requirements of 14 CFR part 36.
Special conditions, as defined in Sec. 11.19, are issued under
Sec. 11.38, and become part of the type certification basis under
Sec. 21.101.
Special conditions are initially applicable to the model for which
they are issued. Should the type certificate for that model be amended
later to include any other model that incorporates the same or similar
novel or unusual design feature, or should any other model already
included on the same type certificate be modified to incorporate the
same or similar novel or unusual design feature, the special conditions
would also apply to the other model under Sec. 21.101.
Novel or Unusual Design Features
The Boeing Model 747-8/-8F airplane will incorporate the following
novel or unusual design features: Digital systems architecture composed
of several connected networks. The proposed architecture and network
configuration may be used for, or interfaced with, a diverse set of
functions, including:
1. Flight-safety related control, communication, and navigation
systems (aircraft control domain),
2. Airline business and administrative support (airline information
domain),
3. Passenger information and entertainment systems (passenger
entertainment domain), and
4. The capability to allow access to or by external network
sources.
Discussion
The proposed Model 747-8/-8F architecture and network configuration
may allow increased connectivity to and access from external network
sources and airline operations and maintenance networks to the aircraft
control domain and airline information domain. The aircraft control
domain and airline information domain perform functions required for
the safe operation and maintenance of the airplane. Previously these
domains had very limited connectivity with external network sources.
The architecture and network configuration may allow the
exploitation of network security vulnerabilities resulting in
intentional or unintentional destruction, disruption, degradation, or
exploitation of data, systems, and networks critical to the safety and
maintenance of the airplane.
The existing regulations and guidance material did not anticipate
these types of airplane system architectures. Furthermore, 14 CFR
regulations and current system safety assessment policy and techniques
do not address potential security vulnerabilities, which could be
exploited by unauthorized access to airplane networks, data buses, and
servers. Therefore, these special conditions and a means of compliance
are proposed to ensure that the security (i.e., confidentiality,
integrity, and availability) of airplane systems is not compromised by
unauthorized wired or wireless electronic connections.
[[Page 50928]]
Applicability
As discussed above, these proposed special conditions are
applicable to Boeing Model 747-8/-8F airplanes. Should Boeing apply at
a later date for a change to the type certificate to include another
model incorporating the same novel or unusual design features, these
proposed special conditions would apply to that model as well under the
provisions of Sec. 21.101.
Conclusion
This action affects only certain novel or unusual design features
of the Boeing Model 747-8/-8F airplane. It is not a rule of general
applicability.
List of Subjects in 14 CFR Part 25
Aircraft, Aviation safety, Reporting and recordkeeping
requirements.
The authority citation for these Special Conditions is as follows:
Authority: 49 U.S.C. 106(g), 40113, 44701, 44702, 44704.
The Proposed Special Conditions
Accordingly, the Federal Aviation Administration (FAA) proposes the
following special conditions as part of the type certification basis
for the Boeing Model 747-8/-8F airplane.
1. The applicant must ensure electronic system security protection
for the aircraft control domain and airline information domain from
access by unauthorized sources external to the airplane, including
those possibly caused by maintenance activity.
2. The applicant must ensure that electronic system security
threats from external sources are identified and assessed, and that
effective electronic system security protection strategies are
implemented to protect the airplane from all adverse impacts on safety,
functionality, and continued airworthiness.
Issued in Renton, Washington, on September 23, 2009.
Jeffrey E. Duven,
Acting Manager, Transport Airplane Directorate, Aircraft Certification
Service.
[FR Doc. E9-23753 Filed 10-1-09; 8:45 am]
BILLING CODE 4910-13-P
|