FAA Proposed New Cybersecurity Rules Addressing Threats To Airplanes

Amidst the rising security threats for the aviation industry, the Federal Aviation Authority (FAA) proposed new cybersecurity rules for airplanes, governing their certifications and the security of networks associated with airplane components.

FAA Proposed Standardization Of Cybersecurity Rules For Airplanes

The FAA has put forward new cybersecurity rules for airplanes, addressing different aspects of the airplanes’ functioning in the industry.

Presently, the FAA issues separate “special conditions” for airplanes on a “case-by-case” basis, predominantly relying on the aircraft type, engine, or propeller design. However, with the rising number of cybersecurity incidents, the FAA has noticed an increase in issuing such “special conditions.” Hence, the authority now aims to standardize these rules for all airplanes to ensure a prompt and simplified certification process with reduced costs.

As stated in the proposal from Wesley L. Mooty, Acting Executive Director of the Aircraft Certification Service,

These changes would introduce type certification and continued airworthiness requirements to protect the equipment, systems, and networks of transport category airplanes, engines, and propellers against intentional unauthorized electronic interactions (IUEI)1 that could create safety hazards.

Elaborating more on this move, the FAA stated that the increased connectivity of airplane, engine, and propeller systems with internal/external data networks has widened the cybersecurity threat landscape for aviation, requiring a prompt and proactive monitoring of the threat environment from the industry.

The aviation industry is now vulnerable to various threats arising from “Field Loadable Software, maintenance laptops, airport or airline gate link networks, public networks (Internet), USB devices, wireless aircraft sensors and sensor networks, cellular networks, satellite communications, portable electronic devices and portable electronic flight bags (EFBs), and GPS and satellite-based augmentation system digital data.”

Since the existing cybersecurity regulations are ineffective in adequately addressing these contemporary vulnerabilities, the FAA intends to address the gap with the newly proposed rules, which it has already applied in various special cases.

Besides simplifying and standardizing the certification process, the FAA also aims to align with the global civil aviation standards with the latest rules.

Let us know your thoughts in the comments.

source: https://therecord.media/faa-new-cybersecurity-rules-airplanes

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients