23 June 2011. Two notices.

Aircraft Protection Against Electronic Hi-jack

	    
[Federal Register Volume 76, Number 121 (Thursday, June 23, 2011)]
[Rules and Regulations]
[Pages 36861-36862]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2011-15705]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

14 CFR Part 25

[Docket No. NM447; Special Conditions No. 25-436-SC]


Special Conditions: Gulfstream Model GVI Airplane; Electronic 
Systems Security Isolation or Protection From Unauthorized Passenger 
Systems Access

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Final special conditions.

-----------------------------------------------------------------------

SUMMARY: These special conditions are issued for the Gulfstream GVI 
airplane. This airplane will have novel or unusual design features 
associated with connectivity of the passenger domain computer systems 
to the airplane

[[Page 36862]]

critical systems and data networks. The applicable airworthiness 
regulations do not contain adequate or appropriate safety standards for 
these design features. These special conditions contain the additional 
safety standards that the Administrator considers necessary to 
establish a level of safety equivalent to that established by the 
existing airworthiness standards.

DATES: Effective Date: July 25, 2011.

FOR FURTHER INFORMATION CONTACT: Will Struck, FAA, Airplane and Flight 
Crew Interface Branch, ANM-111, Transport Standards Staff, Transport 
Airplane Directorate, Aircraft Certification Service, 1601 Lind Avenue, 
SW., Renton, Washington 98055-4056; telephone (425) 227-2764; facsimile 
(425) 227-1320.

SUPPLEMENTARY INFORMATION:

Background

    On March 29, 2005, Gulfstream Aerospace Corporation (hereafter 
referred to as ``Gulfstream'') applied for an FAA type certificate for 
its new Gulfstream Model GVI passenger airplane. Gulfstream later 
applied for, and was granted, an extension of time for the type 
certificate, which changed the effective application date to September 
28, 2006. The Gulfstream Model GVI airplane will be an all-new, two-
engine jet transport airplane. The maximum takeoff weight will be 
99,600 pounds, with a maximum passenger count of 19 passengers.

Type Certification Basis

    Under provisions of Title 14, Code of Federal Regulations (14 CFR) 
21.17, Gulfstream must show that the Gulfstream Model GVI airplane 
(hereafter referred to as ``the GVI'') meets the applicable provisions 
of 14 CFR part 25, as amended by Amendments 25-1 through 25-119, 25-
122, and 25-124. If the Administrator finds that the applicable 
airworthiness regulations (i.e., 14 CFR part 25) do not contain 
adequate or appropriate safety standards for the GVI because of a novel 
or unusual design feature, special conditions are prescribed under the 
provisions of Sec.  21.16.
    Special conditions are initially applicable to the model for which 
they are issued. Should the type certificate for that model be amended 
later to include any other model that incorporates the same novel or 
unusual design features, the special conditions would also apply to the 
other model under provisions of Sec.  21.101.
    In addition to complying with the applicable airworthiness 
regulations and special conditions, the GVI must comply with the fuel 
vent and exhaust emission requirements of 14 CFR part 34 and the noise 
certification requirements of 14 CFR part 36. The FAA must also issue a 
finding of regulatory adequacy pursuant to section 611 of Public Law 
92-574, the ``Noise Control Act of 1972.''
    The FAA issues special conditions, as defined in 14 CFR 11.19, in 
accordance with Sec.  11.38, and they become part of the type 
certification basis under Sec.  21.17(a)(2).

Novel or Unusual Design Features

    The Gulfstream Model GVI airplane will incorporate the following 
novel or unusual design features: Digital systems architecture composed 
of several connected networks. The proposed architecture and network 
configuration may be used for, or interfaced with, a diverse set of 
functions, including:
    1. Flight-safety related control, communication, and navigation 
systems (aircraft control domain),
    2. Airline business and administrative support (airline information 
domain),
    3. Passenger information and entertainment systems (passenger 
entertainment domain), and
    4. The capability to allow access to or by external sources.

Discussion

    The GVI integrated network configuration may allow increased 
connectivity with external network sources and will have more 
interconnected networks and systems, such as passenger entertainment 
and information services, than previous Gulfstream airplane models. 
This may allow the exploitation of network security vulnerabilities and 
increase risks potentially resulting in unsafe conditions for the 
airplane and its occupants.
    This potential exploitation of security vulnerabilities may result 
in intentional or unintentional destruction, disruption, degradation, 
or exploitation of data and systems critical to the safety and 
maintenance of the airplane. The existing regulations and guidance 
material did not anticipate these types of system architectures. 
Furthermore, 14 CFR regulations and current system safety assessment 
policy and techniques do not address potential security vulnerabilities 
which could be exploited by unauthorized access to airplane networks 
and servers. Therefore, these special conditions and a means of 
compliance are being issued to ensure that the security (i.e., 
confidentiality, integrity, and availability) of airplane systems is 
not compromised by unauthorized wired or wireless electronic 
connections between airplane systems and networks and the passenger 
entertainment domain.

Discussion of Comments

    Notice of proposed special conditions No. 25-11-06-SC for 
Gulfstream GVI airplanes was published in the Federal Register on 
February 25, 2011 (76 FR 10528). Only one comment was received, which 
was supportive, so these special conditions are adopted as proposed.

Applicability

    As discussed above, these special conditions are applicable to the 
Gulfstream Model GVI airplane. Should Gulfstream apply at a later date 
for a change to the type certificate to include another model 
incorporating the same novel or unusual design features, these special 
conditions would apply to that model as well.

Conclusion

    This action affects only certain novel or unusual design features 
of the GVI. It is not a rule of general applicability.

List of Subjects in 14 CFR Part 25

    Aircraft, Aviation safety, Reporting and recordkeeping 
requirements.

    The authority citation for these special conditions is as follows:

    Authority:  49 U.S.C. 106(g), 40113, 44701, 44702, 44704.

The Special Condition

    Accordingly, pursuant to the authority delegated to me by the 
Administrator, the following special condition is issued as part of the 
type certification basis for Gulfstream GVI airplanes.

    The design must isolate or provide protection from any 
inadvertent or malicious change to, and any adverse effect on any 
systems, software, or data in the aircraft control domain or airline 
information domain from any point within the passenger entertainment 
domain.

    Issued in Renton, Washington, on June 13, 2011.
Ali Bahrami,
Manager, Transport Airplane Directorate, Aircraft Certification 
Service.
[FR Doc. 2011-15705 Filed 6-22-11; 8:45 am]
BILLING CODE 4910-13-P



[Federal Register Volume 76, Number 121 (Thursday, June 23, 2011)]
[Rules and Regulations]
[Pages 36863-36864]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2011-15706]



[[Page 36863]]

-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

14 CFR Part 25

[Docket No. NM448; Special Conditions No. 25-437-SC]


Special Conditions: Gulfstream Model GVI Airplane; Electronic 
Systems Security Protection From Unauthorized External Access

AGENCY: Federal Aviation Administration (FAA), DOT.

ACTION: Final special conditions.

-----------------------------------------------------------------------

SUMMARY: These special conditions are issued for the Gulfstream GVI 
airplane. This airplane will have novel or unusual design features 
associated with the architecture and connectivity capabilities of the 
airplane's computer systems and networks, which may allow access by 
external computer systems and networks. Connectivity by external 
systems and networks may result in security vulnerabilities to the 
airplane's systems. The applicable airworthiness regulations do not 
contain adequate or appropriate safety standards for these design 
features. These special conditions contain the additional safety 
standards that the Administrator considers necessary to establish a 
level of safety equivalent to that established by the existing 
airworthiness standards.

DATES: Effective Date: July 25, 2011.

FOR FURTHER INFORMATION CONTACT: Will Struck, FAA, Airplane and Flight 
Crew Interface Branch, ANM-111, Transport Standards Staff, Transport 
Airplane Directorate, Aircraft Certification Service, 1601 Lind Avenue, 
SW., Renton, Washington 98055-4056; telephone (425) 227-2764; facsimile 
(425) 227-1320.

SUPPLEMENTARY INFORMATION:

Background

    On March 29, 2005, Gulfstream Aerospace Corporation (hereafter 
referred to as ``Gulfstream'') applied for an FAA type certificate for 
its new Gulfstream Model GVI passenger airplane. Gulfstream later 
applied for, and was granted, an extension of time for the type 
certificate, which changed the effective application date to September 
28, 2006. The Gulfstream Model GVI airplane will be an all-new, two-
engine jet transport airplane. The maximum takeoff weight will be 
99,600 pounds, with a maximum passenger count of 19 passengers.

Type Certification Basis

    Under provisions of Title 14, Code of Federal Regulations (14 CFR) 
21.17, Gulfstream must show that the Gulfstream Model GVI airplane 
(hereafter referred to as ``the GVI'') meets the applicable provisions 
of 14 CFR part 25, as amended by Amendments 25-1 through 25-119, 25-
122, and 25-124. If the Administrator finds that the applicable 
airworthiness regulations (i.e., 14 CFR part 25) do not contain 
adequate or appropriate safety standards for the GVI because of a novel 
or unusual design feature, special conditions are prescribed under the 
provisions of Sec.  21.16.
    Special conditions are initially applicable to the model for which 
they are issued. Should the type certificate for that model be amended 
later to include any other model that incorporates the same novel or 
unusual design features, the special conditions would also apply to the 
other model under provisions of Sec.  21.101.
    In addition to complying with the applicable airworthiness 
regulations and special conditions, the GVI must comply with the fuel 
vent and exhaust emission requirements of 14 CFR part 34 and the noise 
certification requirements of 14 CFR part 36. The FAA must also issue a 
finding of regulatory adequacy pursuant to section 611 of Public Law 
92-574, the ``Noise Control Act of 1972.''
    The FAA issues special conditions, as defined in 14 CFR 11.19, in 
accordance with Sec.  11.38, and they become part of the type 
certification basis under Sec.  21.17(a)(2).

Novel or Unusual Design Features

    The Gulfstream Model GVI airplane will incorporate the following 
novel or unusual design features: Digital systems architecture composed 
of several connected networks. The proposed architecture and network 
configuration may be used for, or interfaced with, a diverse set of 
functions, including:
    1. Flight-safety related control, communication, and navigation 
systems (aircraft control domain),
    2. Airline business and administrative support (airline information 
domain),
    3. Passenger information and entertainment systems (passenger 
entertainment domain), and
    4. The capability to allow access to or by external sources.

Discussion

    The proposed Model GVI architecture and network configuration may 
allow increased connectivity to and access by external airplane sources 
and airline operations and maintenance systems to the aircraft control 
domain and airline information domain. The aircraft control domain and 
airline information domain perform functions required for the safe 
operation and maintenance of the airplane. Previously these domains had 
very limited connectivity with external sources.
    The architecture and network configuration may allow the 
exploitation of network security vulnerabilities resulting in 
intentional or unintentional destruction, disruption, degradation, or 
exploitation of data, systems, and networks critical to the safety and 
maintenance of the airplane.
    The existing regulations and guidance material did not anticipate 
these types of airplane system architectures. Furthermore, 14 CFR 
regulations and current system safety assessment policy and techniques 
do not address potential security vulnerabilities, which could be 
exploited by unauthorized access to airplane systems, data buses, and 
servers. Therefore, these special conditions and a means of compliance 
are issued to ensure that the security (i.e., confidentiality, 
integrity, and availability) of airplane systems is not compromised by 
unauthorized wired or wireless electronic connections.

Discussion of Comments

    Notice of proposed special conditions No. 25-11-05-SC for 
Gulfstream GVI airplanes was published in the Federal Register on 
February 25, 2011 (76 FR 10529). Only one comment was received, which 
was supportive, so this special condition is adopted as proposed.

Applicability

    As discussed above, these special conditions are applicable to the 
Gulfstream Model GVI airplane. Should Gulfstream apply at a later date 
for a change to the type certificate to include another model 
incorporating the same novel or unusual design features, these special 
conditions would apply to that model as well.

Conclusion

    This action affects only certain novel or unusual design features 
of the GVI. It is not a rule of general applicability.

List of Subjects in 14 CFR Part 25

    Aircraft, Aviation safety, Reporting and recordkeeping 
requirements.

    The authority citation for these special conditions is as follows:

    Authority: 49 U.S.C. 106(g), 40113, 44701, 44702, 44704.

The Special Condition

    Accordingly, pursuant to the authority delegated to me by the 
Administrator, the following special condition is issued as part of the 
type

[[Page 36864]]

certification basis for Gulfstream GVI airplanes.
    1. The applicant must ensure electronic system security protection 
for the aircraft control domain and airline information domain from 
access by unauthorized sources external to the airplane, including 
those possibly caused by maintenance activity.
    2. The applicant must ensure that electronic system security 
threats from external sources are identified and assessed, and that 
effective electronic system security protection strategies are 
implemented to protect the airplane from all adverse impacts on safety, 
functionality, and continued airworthiness.

    Issued in Renton, Washington, on June 13, 2011.
Ali Bahrami,
Manager, Transport Airplane Directorate, Aircraft Certification 
Service.
[FR Doc. 2011-15706 Filed 6-22-11; 8:45 am]
BILLING CODE 4910-13-P