[Federal Register Volume 79, Number 220 (Friday, November 14, 2014)]
[Rules and Regulations]
[Pages 68107-68108]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2014-26819]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 25
[Docket No. FAA-2014-0564; Special Conditions No. 25-XXX-SC]
Special Conditions: Dassault Model Falcon 900EX Airplane;
Electronic System-Security Protection From Unauthorized External Access
AGENCY: Federal Aviation Administration (FAA), DOT.
ACTION: Final special conditions, request for comments.
-----------------------------------------------------------------------
SUMMARY: These special conditions are issued for Dassault Model Falcon
900EX airplanes. These airplanes will have a novel or unusual design
feature associated with electronic system-security protection from
unauthorized external access. The applicable airworthiness regulations
do not contain adequate or appropriate safety standards for this design
feature. These special conditions contain the additional safety
standards that the Administrator considers necessary to establish a
level of safety equivalent to that established by the existing
airworthiness standards.
DATES: Effective December 15, 2014.
FOR FURTHER INFORMATION CONTACT: Varun Khanna, FAA, Airplane and
Flightcrew Interface Branch, ANM-111, Transport Airplane Directorate,
Aircraft Certification Service, 1601 Lind Avenue SW., Renton,
Washington, 98057-3356; telephone (425) 227-1298; facsimile (425) 227-
1320.
SUPPLEMENTARY INFORMATION:
Background
On March 20, 2013, Dassault Aircraft Services applied for a type
certificate for their new Model 900EX airplane.
The Dassault Falcon 900EX is a business jet with seating for up to
19 passengers. Three Allied Signal TFE 731-60-1C engines power the
airplane, which has a maximum takeoff weight of 49,000 pounds.
Contemporary transport-category airplanes have both safety-related
and non-safety-related electronic system networks for many operational
functions. However, electronic system-network-security considerations
and functions have played a relatively minor role in the certification
of such systems because of the isolation, protection mechanisms, and
limited connectivity between the different networks.
Comments Invited
We invite interested people to take part in this rulemaking by
sending
[[Page 68108]]
written comments, data, or views. The most helpful comments reference a
specific portion of the special conditions, explain the reason for any
recommended change, and include supporting data.
We will consider all comments we receive by the closing date for
comments. We may change these special conditions based on the comments
we receive.
Type Certification Basis
Under Title 14, Code of Federal Regulations (14 CFR) 21.17,
Dassault must show that the Model Falcon 900EX airplane meets the
applicable provisions of 14 CFR part 25, as amended by Amendments 25-1
through 25-129.
If the Administrator finds that the applicable airworthiness
regulations (i.e., 14 CFR part 25) do not contain adequate or
appropriate safety standards for the Model Falcon 900EX airplane
because of a novel or unusual design feature, special conditions are
prescribed under Sec. 21.16.
Special conditions are initially applicable to the model for which
they are issued. Should the type certificate for that model be amended
later to include any other model that incorporates the same novel or
unusual design feature, the special conditions would also apply to the
other model under Sec. 21.101.
In addition to the applicable airworthiness regulations and special
conditions, the Model Falcon 900EX airplane must comply with the fuel-
vent and exhaust-emission requirements of 14 CFR part 34, and the
noise-certification requirements of 14 CFR part 36. The FAA must issue
a finding of regulatory adequacy under section 611 of Public Law 92-
574, the ``Noise Control Act of 1972.''
The FAA issues special conditions, as defined in 14 CFR 11.19,
under Sec. 11.38, and they become part of the type-certification basis
under Sec. 21.17(a)(2).
Novel or Unusual Design Features
The Dassault Model Falcon 900EX airplane will incorporate the
following novel or unusual design feature:
The digital systems architecture for the Dassault Model Falcon
900EX airplane is composed of several connected networks. This network
architecture is used for a diverse set of functions, providing data
connectivity between systems, including:
1. Airplane control, communication, display, monitoring and
navigation systems,
2. Operator business and administrative support systems,
3. Passenger entertainment systems, and
4. Access by systems external to the airplane.
Discussion
The Dassault Model Falcon 900EX airplane network architecture and
configuration may allow increased connectivity to, and access from,
external network sources, and operator operations and maintenance
networks to the airplane control domain and operator-information-
services domain. The airplane-control domain and operator-information-
services domain perform functions required for the safe operation and
maintenance of the airplane. Previously, these domains had very limited
connectivity with external network sources. The network architecture
and configuration may allow the exploitation of network-security
vulnerabilities resulting in intentional or unintentional destruction,
disruption, degradation, or exploitation of data, systems, and networks
critical to the safety and maintenance of the airplane.
The existing regulations and guidance material did not anticipate
these types of airplane system architectures. Furthermore, 14 CFR
regulations and current system-safety assessment policy and techniques
do not address potential security vulnerabilities, which could be
exploited by unauthorized access to airplane networks, data buses, and
servers. Therefore, these special conditions are to ensure that
unauthorized wired or wireless electronic connections do not compromise
the security (i.e., confidentiality, integrity, and availability) of
airplane systems.
These special conditions contain the additional safety standards
that the Administrator considers necessary to establish a level of
safety equivalent to that established by the existing airworthiness
standards.
Applicability
As discussed above, these special conditions apply to the Dassault
Model Falcon 900EX airplane. Should Dassault apply later for a change
to the type certificate to include another model incorporating the same
novel or unusual design feature, the special conditions would apply to
that model as well.
Conclusion
This action affects only certain novel or unusual design features
on the Dassault Model Falcon 900EX airplane. It is not a rule of
general applicability.
List of Subjects in 14 CFR Part 25
Aircraft, Aviation safety, Reporting and recordkeeping
requirements.
The authority citation for these special conditions is as follows:
Authority: 49 U.S.C. 106(g), 40113, 44701, 44702, 44704.
The Special Conditions
Accordingly, pursuant to the authority delegated to me by the
Administrator, the following special conditions are issued as part of
the type-certification basis for Dassault Model Falcon 900EX airplanes.
1. The applicant must ensure airplane electronic system-security
protection from access by unauthorized sources external to the
airplane, including those possibly caused by maintenance activity.
2. The applicant must ensure that electronic system-security
threats are identified and assessed, and that effective electronic
system-security protection strategies are implemented to protect the
airplane from all adverse impacts on safety, functionality, and
continued airworthiness.
3. The applicant must establish appropriate procedures to allow the
operator to ensure that continued airworthiness of the airplane is
maintained, including all post-type-certification modifications that
may have an impact on the approved electronic system-security
safeguards.
Issued in Renton, Washington, on November 5, 2014.
Jeffrey E. Duven,
Manager, Transport Airplane Directorate, Aircraft Certification
Service.
[FR Doc. 2014-26819 Filed 11-13-14; 8:45 am]
BILLING CODE 4910-13-P