Just as the US FAA is requiring Boeing to demonstrate that certain 787 flight critical domains cannot be tampered with by hackers, so too is the agency now demanding the same for the 747-8/-8F.
The FAA has issued special conditions for the new jumbo jet, saying the aircraft “will have novel or unusual design features associated with the architecture and connectivity capabilities of the airplane’s computer systems and networks, which may allow access to external computer systems and networks”.
Connectivity to external systems and networks, notes the FAA, “may result in security vulnerabilities to the airplane’s systems” and the current applicable airworthiness regulations “do not contain adequate or appropriate safety standards for these design features”.
The final special conditions are as follows:
1. Boeing must ensure electronic system security protection for the aircraft control domain and airline information domain from access by unauthorized sources external to the airplane, including those possibly caused by maintenance activity.
2. Boeing must ensure that electronic system security threats from external sources are identified and assessed, and that effective electronic system security protection strategies are implemented to protect the airplane from all adverse impacts on safety, functionality, and continued airworthiness.
Read the entire document at the Federal Register.
When the FAA first warned of the 787′s vulnerability to hackers, the press went wild. With the twinjet now being flight-tested, and the 747-8 poised to take to the skies in the coming weeks, Boeing will have a lot to prove to the FAA.
For example, what if hackers are not operating remotely? Aircraft across the globe are being fitted with larger pipes to support passenger connectivity. Boeing is currently studying its connectivity options as it mulls a standard solution for its aircraft. The airframer appears to be leaning towards Inmarsat SwiftBroadband-supported services.
It is entirely possible that hackers could use this connectivity to instigate an attack while on board the aircraft.
Keeping passenger communications separate from the cockpit is a crucial consideration for Boeing and the entire industry, says Vijay Takanti, vice-president security and collaboration for Exostar, which provides manufacturers and airlines with security collaboration solutions, and is owned in part by Boeing.
Key quote from Takanti:
“The passenger equipment, the equipment that is actually providing service in the cabin, is completely segregated from what is providing services in the cockpit. But there is some crossover and [the industry] is trying very hard to make sure the number of crossover points are very limited.”