Cybersecurity as Airworthiness
40 Pages Posted: 12 Sep 2017
Date Written: September 7, 2017
Abstract
The foundational Act in United States aviation regulation directed the Secretary of Commerce to “foster air commerce” and develop safety regulations in the process. The Federal Aviation Administration (“FAA”)’s modern duties include “assigning and maintaining safety as the highest priority in air commerce” and “encouraging and developing civil aeronautics, including new aviation technology.” These mandates are not always in tension, but at times they can be downright contradictory. The enormous commercial potential and safety risks posed by unmanned aircraft systems (drones) in the early twenty-first century paralyzed the FAA until Congress gave it an ultimatum: determine “which types of unmanned aircraft systems, if any…do not create a hazard” and whether the FAA should require an airworthiness certificate (or other authorization) in order to operate them. This article explores the history of airworthiness regulation in the United States, the Congressional ultimatum, and the FAA’s response through the lens of the main security challenge threatening this technology: cybersecurity. While the FAA left little room in Part 107 for cybersecurity, it did retain its ability to require cybersecurity measures for higher risk operations. In this way, it embodied the overall shift in information security from prevention to risk management models, and assured its ability to require meaningful cybersecurity in high-risk operations for years to come.
Keywords: Cybersecurity, Airworthiness, Aviation, UAS, UAV, Drones, Robotics, Security, Information Security, FAA, Part 107, Federal Modernization and Reform Act
JEL Classification: K23, N42, N72, O33
Suggested Citation: Suggested Citation