Sec. 574. Civil aviation cybersecurity rulemaking committee
919 words·~4 min read·
/bill/118/hr/3935/rh/section-574A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 1 year after the date of enactment of this Act, the Administrator of the Federal Aviation Administration shall convene an aviation rulemaking committee on civil aircraft cybersecurity to conduct a review and develop findings and recommendations on cybersecurity standards for civil aircraft, aircraft ground support information systems, airports, air traffic control mission systems, and aeronautical products and articles. The Administrator shall— not later than 2 years after the date of enactment of this Act, submit to the Committee on Transportation and Infrastructure of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a report based on the findings of the aviation rulemaking committee convened under subsection (a); and not later than 180 days after the date of submission of the report under paragraph
(1)and, in consultation with other agencies as the Administrator determines necessary, for consensus recommendations reached by such aviation rulemaking committee— undertake a rulemaking, if appropriate, based on such recommendations; and submit to the Committee on Transportation and Infrastructure of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a supplemental report with explanations for each consensus recommendation not addressed, if applicable, by a rulemaking under subparagraph (A). The aviation rulemaking committee convened under subsection
(a)shall consist of members appointed by the Administrator, including representatives of— aircraft manufacturers, to include at least 1 manufacturer of transport category aircraft; air carriers; unmanned aircraft system stakeholders, including operators, service suppliers, and manufacturers of hardware components and software applications; manufacturers of powered-lift aircraft; airports; original equipment manufacturers of ground and space based aviation infrastructure; aviation safety experts with specific knowledge of aircraft cybersecurity; and a non-profit which operates 1 or more federally funded research and development centers with specific knowledge of aviation and cybersecurity. Prior to a member’s appointment under subsection (c), the Administrator shall determine if there is cause for such member to be restricted from possessing sensitive security information. Upon a determination of no cause being found regarding the member, and upon the member voluntarily signing a nondisclosure agreement, the member may be granted access to sensitive security information that is relevant to the member’s duties on the aviation rulemaking committee. The member shall protect the sensitive security information in accordance with part 1520 of title 49, Code of Federal Regulations. The members of the aviation rulemaking committee convened under subsection
(a)shall not receive pay, allowances, or benefits from the Government by reason of their service on such committee. The Administrator shall direct such committee to consider— existing cybersecurity standards, regulations, policies, and guidance, including those from other Federal agencies; threat- and risk-based security approaches used by the aviation industry, including the assessment of the potential costs and benefits of cybersecurity actions; data gathered from cybersecurity reporting; data gathered from safety reporting; the diversity of operations and systems on aircraft and amongst air carriers; security of design data; the need to harmonize or deconflict proposed and existing standards, regulations, policies, and guidance with other Federal standards, regulations, policies, and guidance; design approval holder aircraft network security guidance for operators; the need for such standards, regulations, policies, and guidance as applied to civil aircraft information, data, networks, systems, services, operations, and technology; Federal Aviation Administration services, aviation industry services, and aircraft use of positioning, navigation, and timing data in the context of Executive Order 13905, as in effect on the date of enactment of this Act; updates needed to airworthiness regulations and systems safety assessment methods used to show compliance with airworthiness requirements for design, function, installation, and certification of civil aircraft, aeronautical products and articles, and aircraft networks; updates needed to air carrier operating and maintenance regulations to ensure continued adherence with processes and procedures established in airworthiness regulations to provide cybersecurity protections for aircraft systems, including for continued airworthiness; policies and procedures to coordinate with other Federal agencies, including intelligence agencies, and the aviation industry in sharing information and analyses related to cyber threats to civil aircraft information, data, networks, systems, services, operations, and technology and aeronautical products and articles; the response of the Administrator and aviation industry to, and recovery from, cyber incidents, including by coordinating with other Federal agencies, including intelligence agencies; processes for members of the aviation industry to voluntarily report to the Federal Aviation Administration cyber incidents that may affect aviation safety in a manner that protects trade secrets and confidential business information; the unique nature of the aviation industry, including aircraft networks, aircraft systems, and aeronautical products, and the interconnectedness of cybersecurity and aviation safety; appropriate cybersecurity controls for aircraft networks, aircraft systems, and aeronautical products and articles to protect aviation safety, including airworthiness; appropriate cybersecurity controls for airports relative to the size and nature of airside operations of such airports to ensure aviation safety; minimum standards for protecting civil aircraft, aeronautical products and articles, aviation networks, aviation systems, services, and operations from cyber threats and cyber incidents; international collaboration, where appropriate and consistent with the interests of aviation safety in air commerce and national security, with other civil aviation authorities, international aviation and standards organizations, and any other appropriate entities to protect civil aviation from cyber incidents and cyber threats; the recommendations and implementation of the Aircraft System Information Security/Protection report of the aviation rulemaking advisory committee submitted on August 22, 2016; and any other matter the Administrator determines appropriate. The definitions set forth in section 40132 of title 49, United States Code (as added by this subtitle), shall apply to this section.
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 574
Civil aviation cybersecurity rulemaking committee
Cites 1Cited by 0 across 0 sources