Boeing just announced another delay for the 787, its second or third so far depending on who you believe, so I wanted to go back to a story Kim Zetter reported a few weeks ago on the Wired Threat Level blog:
Boeing’s new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane’s control systems, according to the U.S. Federal Aviation Administration.
The computer network in the Dreamliner’s passenger compartment, designed to give passengers in-flight internet access, is connected to the plane’s control, navigation and communication systems, an FAA report reveals.
Wow. This is a really basic mistake — and a great example of the kinds of risks we discuss in the National Academies/CSTB report Software for Dependable Systems: Sufficient Evidence? Of course one of the excellent things about the avionics certification process is that the FAA does an analysis of the “special conditions” for new designs and publishes its findings (in the Federal Register, no less; a good example of the transparency we call for). According to Kim’s article, they’ll deny certification to the 787 until this is fixed – and well they should.
Boeing’s response doesn’t seem to me like they’re acknowledging the problem:
Boeing spokeswoman Lori Gunter said the wording of the FAA document is misleading, and that the plane’s networks don’t completely connect.
Gunter wouldn’t go into detail about how Boeing is tackling the issue but says it is employing a combination of solutions that involves some physical separation of the networks, known as “air gaps,” and software firewalls. Gunter also mentioned other technical solutions, which she said are proprietary and didn’t want to discuss in public.
“There are places where the networks are not touching, and there are places where they are,” she said.
Sounds to me like they’re connected. In my opinion (and I’ve heard other security experts say the same), relying on software firewalls or even hardware firewalls for protection in a situation like this is appallingly insufficient. And yes, I do feel strongly about this.
How’d that get through QA?
Leave a Reply