FAA Proposes New Cybersecurity Standards for Aircraft

The proposed rules would tackle cybersecurity threats for transport category aircraft, engines, and propellers.

Under the FAA’s proposed rules, any aircraft with more than 19 passenger seats or a maximum takeoff weight exceeding 19,000 pounds will be required to undergo a cyber security risk assessment. [Credit: Shutterstock]

The FAA introduced changes to its cybersecurity standards for new aircraft and equipment in a notice of proposed rulemaking (NPRM) issued Wednesday.

According to the agency, the proposed rules would tackle cybersecurity threats for transport category aircraft, engines, and propellers. The goal is to standardize the FAA’s cybersecurity criteria, which would help lower certification costs and time while maintaining the current safety levels.

Under the proposed rules, any aircraft with more than 19 passenger seats or a maximum takeoff weight exceeding 19,000 pounds will be required to undergo a cyber security risk assessment. Manufacturers will then need to address any vulnerabilities.

The FAA noted that the new mandates were introduced as flight equipment has become more connected to internal and external data networks and services—including satellite communications and internet-connected devices.

The agency is accepting comments and feedback on the proposed rules until October 1.


Editor’s Note: This article first appeared on AVweb.

Amelia Walsh
Amelia WalshContributor
Amelia Walsh is a private pilot who enjoys flying her family’s Columbia 350. She is based in Colorado and loves all things outdoors including skiing, hiking, and camping.

Sign-up for newsletters & special offers!

Get the latest FLYING stories & special offers delivered directly to your inbox