19 December 2013

FAA may impose “special conditions” for A350 Type Certification concerned about safety & maintenance protection: has the design of the A350-900 allow for too much connectivity between the aircraft control domain and other electronic systems onboard?

The Federal Aviation Administration is concerned that the design of the Airbus A350-900 airplane might allow for too much connectivity between the aircraft control domain and other electronic systems onboard the aircraft, which could result in the “intentional or unintentional destruction, disruption, degradation or exploitation of data, systems, and networks critical to the safety and maintenance of the airplane.”

Consequently, the FAA has announced that it may impose “special conditions” on that specific Airbus plane before issuing a “type certificate” that would allow the plane to fly commercially.
Those special conditions would require Airbus to “ensure airplane electronic system security protection from access to or by unauthorized sources external to the airplane,” that any threats are identified and assessed, that “electronic system security protection strategies are implemented,” and that procedures are put in place to ensure that continued airworthiness of the aircraft is maintained.

“These airplanes will have a novel or unusual design feature associated with electronic system security protection from unauthorized external access,” explains the FAA’s notice. “The applicable airworthiness regulations do not contain adequate or appropriate safety standards for this design feature.”

“Contemporary transport category airplanes have both safety-related and non-safety-related electronic system networks for many operational functions,” the FAA notice continues. “However, electronic system network security considerations and functions have played a relatively minor role in the certification of such systems because of the isolation, protection mechanisms, and limited connectivity between the different networks.”

Based on the article “FAA concerned about interconnectivity of electronic systems on Airbus A350-900 airplanes “ published in Government security news.


  1. Is this just another way for the US to prevent the A350 from being sold to American companies, ala, Concorde and early days of the A300?

  2. In my view, I think a350 is no that different to a380 or 787 in sw apects.

  3. I think that's the war Boeing vs airbus made by american authorities to slow down the certification. A organisation which was so weak with the problems with the lithium batteries of the 787 is not neutal, is totally unfair!

  4. Before the US vs EU conspiracy theories go completely wild: The FAA issued a similar notice for the 787. It does not prevent market introduction, it just requires Airbus to have certain safety procedures in place because, as the FAA says, the certification rules were written when there were a lot fewer embedded processors in aircraft.

    Does anyone know which "novel design feature" they talk about here? Could it be related to some of the Electronic Flight Bag functionality (which by nature requires cockpit systems to be networked together with ground systems)?

  5. Special condition does not forbid a manufacturer from selling its equipment to any one, it just points to a situation does could be compromised (which this been a passenger carrying aircraft you sure as hell would like not to happen) and as the poster above said, it was also issue for the B787. I don't know why it has to be a conspiracy or blame on the FAA. I'm sure EASA would be the front center on this directive and not actually the FAA.