US FAA warns of 747-8 vulnerability to hackers



Just as the US FAA is requiring Boeing to demonstrate that certain 787 flight critical domains cannot be tampered with by hackers, so too is the agency now demanding the same for the 747-8/-8F.

The FAA has issued special conditions for the new jumbo jet, saying the aircraft “will have novel or unusual design features associated with the architecture and connectivity capabilities of the airplane’s computer systems and networks, which may allow access to external computer systems and networks”.

Connectivity to external systems and networks, notes the FAA, “may result in security vulnerabilities to the airplane’s systems” and the current applicable airworthiness regulations “do not contain adequate or appropriate safety standards for these design features”.

The final special conditions are as follows:


    1. Boeing must ensure electronic system security protection for the aircraft control domain and airline information domain from access by unauthorized sources external to the airplane, including those possibly caused by maintenance activity.

    2. Boeing must ensure that electronic system security threats from external sources are identified and assessed, and that effective electronic system security protection strategies are implemented to protect the airplane from all adverse impacts on safety, functionality, and continued airworthiness.



Read the entire document at the Federal Register.

When the FAA first warned of the 787′s vulnerability to hackers, the press went wild. With the twinjet now being flight-tested, and the 747-8 poised to take to the skies in the coming weeks, Boeing will have a lot to prove to the FAA.

For example, what if hackers are not operating remotely? Aircraft across the globe are being fitted with larger pipes to support passenger connectivity. Boeing is currently studying its connectivity options as it mulls a standard solution for its aircraft. The airframer appears to be leaning towards Inmarsat SwiftBroadband-supported services.

It is entirely possible that hackers could use this connectivity to instigate an attack while on board the aircraft.

Keeping passenger communications separate from the cockpit is a crucial consideration for Boeing and the entire industry, says Vijay Takanti, vice-president security and collaboration for Exostar, which provides manufacturers and airlines with security collaboration solutions, and is owned in part by Boeing.

Key quote from Takanti:


“The passenger equipment, the equipment that is actually providing service in the cabin, is completely segregated from what is providing services in the cockpit. But there is some crossover and [the industry] is trying very hard to make sure the number of crossover points are very limited.”

, , , , , , , ,

8 Responses to US FAA warns of 747-8 vulnerability to hackers

  1. Marcelo January 19, 2010 at 2:01 pm #

    Question to RWG:

    Certification of modern and highly complex transport airplane systems are commonly addressed by SAE ARP 4754 & 4761, along with the related FAA Part 25 and Special conditions.

    Looking at the emerging IFEC Industry, is there any certification or regulation standard or discussion panel on the IFEC safety issue?

    Congrats for the blog! Really really nice! :)

  2. Paulo M January 19, 2010 at 2:22 pm #

    I would have thought tragic incidents like SwissAir Flight 111 would made the need to separate such systems pretty obvious. Now that the systems are even more complex and the need to separate them entirely for different reasons than Flight 111, wouldn’t you adjust the logic of separation to the new realities?

  3. Derbytims January 19, 2010 at 7:27 pm #

    So which Airbus Planes are subject to these conditions?

  4. Paulo M (Johannesburg, RSA) January 20, 2010 at 1:02 am #

    What should Airbus have to do with this?

    This isn’t about tit for tat.

    It’s for every manufacturer. Simple

  5. Mary Kirby January 20, 2010 at 5:55 am #

    Marcelo,

    Yes, there are some specifications and standards already in place (and others are being worked on).

    Arinc has played an integral role in many of these initiatives. See http://www.aviation-ia.com/aeec/projects/anfs/index.html

    However, as you can see, much more needs to be done. I intend to write a follow-up blog shortly, but there is already evidence of recent cross-over events.

    I hope that helps!

    Mary (RWG)

  6. Guru Josh January 22, 2010 at 5:14 pm #

    Mary,

    this was subject of a proposed rulemaking issued by the FAA in October 2009 or so. So no surprise here.

  7. Vivien Riscen December 16, 2010 at 7:12 pm #

    Hi! I just wanted to take some time to make a remark as well as say I’ve really appreciated reading through your blog. Thanks for those your projects.

  8. http://www.cornholeblog.com October 5, 2013 at 4:20 am #

    Great moment! may oughout could you help me to possess a ym detector scanning device? A person applied my acct and will detector scanning device diagnose if your online hackers in addition viewing our wife’s spy cams while we are going to communicating? thanks a lot!

Leave a Reply