As a proof of how pervasive the issue of security is in modern life, a recent Federal Aviation Administration report (mirrored at cryptome.org) alerts about the possibility that data on the flight computer on the new Boeing 787 Dreamliner could be compromised.
The proposed architecture of the 787 is different from that of existing production (and retrofitted) airplanes. It allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane. Because of this new passenger connectivity, the proposed data network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate this type of system architecture or electronic access to aircraft systems that provide flight critical functions. Furthermore, 14 CFR regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities that could be caused by unauthorized access to aircraft data buses and servers. Therefore, special conditions are imposed to ensure that security, integrity, and availability of the aircraft systems and data networks are not compromised by certain wired or wireless electronic connections between airplane data buses and networks.
Wired magazine also reports the comments of Boeing spokeswoman Lori Gunter and Mark Loveless, a network security analyst with Autonomic Networks.
Gunter said the FAA and Boeing have already agreed on the tests that the plane manufacturer will have to do to demonstrate that it has addressed the FAA’s security concerns.
“It will all be done before the first airplane is delivered,” she said.
Loveless said he’s glad the FAA and Boeing are addressing the issue, but without knowing specifically what Boeing is doing, it is impossible to say whether the proposed solution will work as intended. Loveless said software firewalls offer some protection, but are not bulletproof, and he noted that the FAA has previously overlooked serious onboard-security issues.
What would airport security do after the first successful hack attack?
Filed under: InSecurity, in the News
