And so is the A380, and the Boeing 747, and the A320, and….well, you get the idea. Everyone is suddenly interested in this question because of articles like this one on Associated Press which were sparked by this FAA regulatory filing. Some pretty staggering nonsense has been written about the issue since, including by people who should know better. There has also been the occasional sensible comment.Readers of this blog, being mostly sensible aviation folks, will appreciate that the FAA has not only just become aware of the network architecture of the 787 a few months before first flight (although most of the authors of the stuff being written elsewhere do seem to think that.) In fairness, I don’t know myself what drives the publication date for the special conditions – but the fact is that the FAA (and EASA and several related bodies) have been studying the questions raised for several years.
There exist epic documents laying out the nature of the security challenge and how the FAA would like – generically at least – to see it addressed. Conspiracy theorists will be alarmed to learn that Boeing produced much of this literature for the FAA under contract. But that’s down to the wider issue that has existed ever since the dawn of heavily digital aircraft systems – the reality is that only the designers truly understand how they work. That’s why so much certification work is effectively undertaken by Boeing and Airbus themselves. Governments simply cannot go around employing the small pool of people who have that capability, or else there’d be nobody left to build the aircraft (or nuclear power stations, or submarines, or whatever.)
So what does the FAA think, and why doesn’t it simply insist on what those in the field call an “air gap” between critical and non-critical networks in the aircraft (and which lots of commenters on the issue are now saying should be there.)?
Well, let’s address the air-gap question first. The simple fact is that having an air-gap makes precious little difference to the security of the aircraft. And the problem that it does fix – the stuff about the passenger system being sort-of, kind-of linked to the cockpit system link – is not the matter of greatest concern. It is almost certainly possible to make that link so difficult to traverse by a malicious passenger that it shrinks to near insignificance. (And it’s not a link – it’s several links in series between highly secured network areas protected in different ways.)
The real issue is that on the 787, and to varying extents on most modern aircraft, there is now a river of data flowing into it from assorted sources. Connexion by Boeing may not be running for now, but internet access will soon be back, and that’s on top of IFE content being streamed onto aircraft and any amount of operational data. But even that’s only the half of it – we now have electronic flight bags with zillions of disks sloshing around the world containing gigabytes of safety-critical navigation and performance data. And, at the airlines’ insistence, all sorts of so-called field-loaded software used by maintenance engineers to upgrade avionics.
Much of that is safety-critical and goes straight into the cockpit. If it’s even slightly incorrect or corrupt then aircraft are at risk of flying into mountains or going off the end of runways. These things have happened due to human error, they could most certainly happen due to malicious action.
Security experts today spend most of their time worrying about what they call client-side attacks – ie people with scrupulous security clearance to enter data (like you and me) who unknowingly are entering corrupt or malicious data – and, perhaps even more, social attacks in which the same people are somehow inveigled into giving out security credentials to the bad guys.
Tucked away in the FAA literature is the statement: “Entities within networks that are directly or indirectly connected to the Internet may possibly be accessible by attackers located elsewhere in the Internet, despite the presence of intervening security firewalls. This implies that more than one billion people may (theoretically) potentially have access to aircraft.”
That was in the specific context of aircraft internet connectivity, but the point is a wider one. There really is a risk. Should we be worried about it – well, frankly yes. Is it any worse on the 787 than any other aircraft – actually I think it’s less, because I reckon that the security advances that have gone into it outweigh the potential vulnerabilities of the design. But can you fly the 787 from seat 34G? No, you can’t.