Summary: S.2764 — 114th Congress (2015-2016)All Information (Except Text)

There is one summary for S.2764. Bill summaries are authored by CRS.

Shown Here:
Introduced in Senate (04/07/2016)

Cybersecurity Standards for Aircraft to Improve Resilience Act of 2016 or the Cyber AIR Act

This bill directs the Department of Transportation (DOT) to require domestic or foreign air carriers and manufacturers of aircraft or electronic control, communications, maintenance, or ground support systems for aircraft to disclose to the Federal Aviation Administration (FAA) any attempted or successful cyberattack against any system on board an aircraft or against any maintenance or ground support system for aircraft.

The FAA shall use the information obtained through such disclosures to: (1) improve the regulations (to be prescribed by DOT) to incorporate requirements relating to cybersecurity into the requirements for obtaining an air carrier operating certificate or a production certificate; and (2) notify air carriers, aircraft manufacturers, and other federal agencies of cybersecurity vulnerabilities in systems on board an aircraft or maintenance or ground support systems for aircraft.

In prescribing such regulations, DOT must require: (1) all entry points to the electronic systems of each aircraft operating in U.S. airspace and maintenance or ground support systems for such aircraft to be equipped with reasonable measures to protect against cyberattacks; and (2) the periodic evaluation of, and updates to, such measures for security vulnerabilities using best security practices.

The FAA must report to Congress annually on attempted and successful cyberattacks against any system on board an aircraft and against maintenance or ground support systems for aircraft.

The Commercial Aviation Communications Safety and Security Leadership Group shall: (1) be responsible for evaluating the cybersecurity vulnerabilities of certain broadband wireless communications equipment designed for consumer use on board aircraft; and (2) require the implementation by air carriers, manufacturers, and communications service providers of technical and operational security measures it deems necessary to prevent cyberattacks that exploit such equipment.