Rather than a debunking, I see a denial. The FAA did not explain why the attack code would not work, they simply claimed it would not. In making that claim, the FAA does not explain why a system that accepts and executes unauthenticated messages should be considered secure.

All I read that I agree with us that the crew can intervene.