"FAA Admits Gaps in Aircraft Cybersecurity Rules: New Regulation Proposed"
New cybersecurity rules have been proposed by the Federal Aviation Administration (FAA) to mitigate vulnerabilities caused by the interconnectedness of modern aircraft. The proposal, published in the Federal Register on August 21, highlighted the current trend in aircraft design of increased integration of airplane, engine, and propeller systems with internal or external data networks and services. The FAA warned that these designs are leading to vulnerabilities from sources such as maintenance laptops, public networks, wireless aircraft sensors, satellite communications, and portable electronic devices, potentially affecting the safe operation of aircraft. The FAA acknowledged that current regulations do not adequately address cyber risks caused by the increased interconnectivity of these critical systems. The FAA’s proposed rules will require aircraft manufacturers to demonstrate that their design both protects against unauthorized access from inside or outside of the airplane and prevents malicious changes to, and adverse impacts on, the airplane equipment, systems, and networks required for safe operation. Manufacturers will be required to conduct a security risk analysis to identify all security risks posed by intentional unauthorized electronic interactions (IUEI) and mitigate those risks as necessary for safety, functionality, and continued airworthiness. The FAA noted that the proposed rule applies to any engine and propeller systems installed in airplanes, equipment, and networks that are susceptible to IUEI.