Friday, January 11, 2008

Hackers in the sky

In my job, I learn a lot about how data communication is used on-board airplanes and ships. In a weekly AIAA newsletter, I picked up the story about the network on-board the Boeing 787.

In continuing coverage from yesterday's briefing, the AP (1/10, Gillespie) reports that Boeing "will have to prove that offering Internet access in the cabin" of its 787 Dreamliner "won't leave the flight controls vulnerable to hackers and hijackers." This stems from a "special condition" made by the FAA "requiring Boeing to show" that the Dreamliner's "new technology won't pose a safety threat." A BT Counterpane security services officer says that "[t]he odds of" Boeing's security measures "being perfect are zero," as no one has ever designed a completely secure Internet connection. Also, rival Airbus has argued that Boeing should "physically separate the passenger information and entertainment systems from all other systems on the plane." But the FAA "has been working closely with Boeing and is pleased so far," and Boeing also points out that the Dreamliner's "aviation electronics 'are not connected in any way to the Internet.'" The AP notes that "[s]pecial conditions are a normal part of the regulatory process" for aircraft certification."

This was also covered in an article in Wired magazine 'FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack '. It smells like a bad idea to have passenger and entertainment networks connected with other networks on-board and have them only separated by a firewall. Firewalls are not what dragons used to be at the entrance of a castle. Sure, ARINC 664 specification defines a networking standard for the aviation industry. I am far more suspicious of the implementation of such standard.

Will we soon have to leave our laptops with our pocket knives? What's the point of adding internet in the sky then?

No comments: