FAA Proposes New Cybersecurity Standards For Aircraft

The Federal Aviation Administration introduced changes to its cybersecurity standards for new aircraft and equipment in a Notice of Proposed Rulemaking (NPRM) issued Wednesday.

According to the agency, the proposed rules would tackle cybersecurity threats for transport category aircraft, engines and propellers. The goal is to standardize the FAA’s cybersecurity criteria, which would help lower certification costs and time while maintaining the current safety levels.

Under the proposed rules, any aircraft with more than 19 passenger seats or a maximum takeoff weight exceeding 19,000 pounds will be required to undergo a cybersecurity risk assessment. Manufacturers will then need to address any vulnerabilities.

The FAA noted that the new mandates were introduced as flight equipment has become more connected to internal and external data networks and services—including satellite communications and internet-connected devices.

The agency is accepting comments and feedback on the proposed rules until Oct. 21.