Networking

Airlines have to brace up network security onboard

As on-board connectivity catches on in airlines, attention has to be given to separating the critical navigational and communication functionality from the general network.

As on-board connectivity catches on in airlines, attention has to be given to separating the critical navigational and communication functionality from the general network.

An excerpt from Wired:

The computer network in the Dreamliner's passenger compartment, designed to give passengers in-flight Internet access, is connected to the plane's control, navigation, and communication systems, an FAA report reveals.

The revelation is causing concern in security circles because the physical connection of the networks makes the plane's control systems vulnerable to hackers. A more secure design would physically separate the two computer networks. Boeing said it's aware of the issue and has designed a solution it will test shortly.

When it comes to networking, more attention is given to incorporating functionality than evaluating the complete security scenario. Security needs more focus when it comes to incorporating networks into critical control systems.

13 comments
dsimp
dsimp

I agree it is hard to believe that for a company that can make such sophisticated aircraft they could make such an error. Of course the flight systems should be completely separate. My cousin (who is not a geek), is a commercial pilot, and he mentioned to me that he understood the A380 Airbus was in a similar situation!? I don't know if that is true but the mind boggles at the possibilities.

JohnMcGrew
JohnMcGrew

You mean that if I fire up my copy of Microsoft Flight Simulator, I can take over the plane? But seriously, I suspect that this is likely some tidbit of fact misinterpreted and blown out of proportion by someone in the media with very little knowledge of aviation, IT, or both. Believe me, it's not like they've got Microsoft Windows running the avionics on those things. The aerospace industry takes the concept of "fault tolerant" far more seriously than Microsoft does.

Tig2
Tig2

I have no clue what idiot thought this was a good thing. I hope whoever it is finds him or herself working for the local Mc Donalds. All I have to do to insure total destruction is to secrete a viral file on my HDD and plug my pc into the on board network. And then launch my virus. At this rate, I could likely insure the total destruction of the aircraft with a total or near total loss of life. And no way to really know if I did the deed or not, or if I did so with or without malice. This is easily the dumbest thing I have ever heard of.

Michael Jay
Michael Jay

"The computer network in the Dreamliner's passenger compartment, designed to give passengers in-flight internet access, is connected to the plane's control, navigation and communication systems, an FAA report reveals." That is just "plane" nutz..

NickNielsen
NickNielsen

I strongly suspect that the physical connection and any shared resources were driven by "That will cost too much" and not by "what's the best way to do this without compromising flight safety?" If that's not the case...well, then, what senseless id10t designed a fly-by-wire system with a physical connection to the passengers' in-cabin network?

Peconet Tietokoneet-217038187993258194678069903632
Peconet Tietokoneet-217038187993258194678069903632

I would like to see every electric appliance switched off when flying. Would you like to listen to different music from different appliancies onboard a aircraft when this is approved?, i would not like it one bit. Please keep it the way it is. Or is it just me. Peace is very hard to come by now-a-days. When you fly you should have the peace and very little noise that you require, NOT more noise. If this does pass i will travel by ship in the future at least you can walk away from the noise if you need peace.

Ron_007
Ron_007

no, flight simulator won't do it, but a determined "terrorist" might be able to. One of the commenters in the link below pointed out that aircraft controls used a different network protocol. But obscurity only protects from kiddie scripters. A determined attacker would learn what they needed about the obscure technologies. I first read about it early today in this article: http://www.wired.com/politics/security/news/2008/01/dreamliner_security They provide a little more info, including a statement that indicates there is a protected physical connection between the passenger and flight control networks. The article also contains a link to a copy of the FAA document. http://cryptome.org/faa010208.htm There are a couple of interesting comments and responses in it. ie: (snip) FAA Response: We agree that Airbus's interpretation of zero allowance for any ``inadvertent or malicious changes to, and all adverse impacts'' to airplane systems, networks, hardware, software, and data is correct. (/snip) The FAA says they want to have 0 defects in the security software. The only place I've heard that approached 0 defect software on the "first try" was the software written for the NASA space effort. They had 2 advantages over Boeing. First, money was not an object, I read that they spent $1000 per line of code on all of the testing and validation. Second, the programs were comparatively tiny. Those spacecraft worked with KB of RAM (I think it was 16KB, at most 64KB), it did lots of memory swapping. Current code is positively bloated by comparison. The Discovery Channel has an interesting show that talks about various air crashes, one episode talks about a specific 747 defect. A baggage compartment door blew open due to a defective design on the lock. 15 years later 2 more aircraft crash for the same reason. The FAA knew about the problem but did nothing until they were hounded into it by the parents of one of the victims. The fix cost only a few thousand dollars to implement. But the FAA thought that the few hours additional down time to make the change would cost the airlines too much lost revenue. The FAA has a divided mandate, promote air travel and protect passengers. Too bad they seem to be more interested in protecting the interests of the airlines. Aircraft design takes compromise to level of an artform. Do they add a triply redundant safety feature, or do they skip it and allow the aircraft to carry more fuel or payload? But I'm really surprised that the FAA, Boeing and Homeland "Security" (why not homeland sec, they've got their fingers into everything else...) haven't figured out that it is false economy to design and build with a shared network. Sooner or later some bright boy will provide a proof of concept and then they will have to spend buckets of money on retrofits (but only after a several hundred people die), if they are even able to. In other shows (on the Discovery Channel), they pointed out cases where the FAA knew about electrical wiring insulation that was prone to defects and flamable insulation materials. But it was too expensive to fix the problems so the FAA just let them go. The passengers had to take the risk.

HAL 9000
HAL 9000

Carried over to different industries? We all want functionality and Bugger the Security implications. Just like everything related to Windows if it makes using it easier for untrained people well it's got to be a good idea. I'm just waiting for the day that the people in charge of these Aircraft no longer need to be Pilots. I'm not sure where I can then live in Safety but I'll start looking long before that day arrives. Anyway who needs Security with Aircraft? No one could possibly do anything with an Aircraft could they? :D Col

Michael Kassner
Michael Kassner

I really have to shake my head if the guest network on an airplane is even physically on the same network that has airplane controls, let alone just separated by VLANs or some virtual isolation method. I hope the article was looking for sensationalism as everyone should know better than that.

pr.arun
pr.arun

The point is relevant but perhaps airlines would like to market the above point as a great boost.

pr.arun
pr.arun

It does appear that the network has certain physical points of connectivity as well...