Boeing 787 to link flight systems and passenger data networks!!
 

From the venerable Risks Digest....

The FAA has issued "special conditions" for certification of the Boeing 787.
(mirrored at http://cryptome.org/faa010208.htm).


In part, these state:


"Novel or Unusual Design Features


The digital systems architecture for the 787 consists of several
networks connected by electronics and embedded software. This proposed
network architecture is used for a diverse set of functions, including the
following: 1. Flight-safety-related control and navigation and required
systems (Aircraft Control Domain). 2. Airline business and administrative
support (Airline Information Domain). 3. Passenger entertainment,
information, and Internet services (Passenger Information and Entertainment
Domain). The proposed architecture of the 787 is different from that of
existing production (and retrofitted) airplanes. It allows new kinds of
passenger connectivity to previously isolated data networks connected to
systems that perform functions required for the safe operation of the
airplane. Because of this new passenger connectivity, the proposed data
network design and integration may result in security vulnerabilities from
intentional or unintentional corruption of data and systems critical to the
safety and maintenance of the airplane. The existing regulations and
guidance material did not anticipate this type of system architecture or
electronic access to aircraft systems that provide flight critical
functions. Furthermore, 14 CFR regulations and current system safety
assessment policy and techniques do not address potential security
vulnerabilities that could be caused by unauthorized access to aircraft data
buses and servers. Therefore, special conditions are imposed to ensure that
security, integrity, and availability of the aircraft systems and data
networks are not compromised by certain wired or wireless electronic
connections between airplane data buses and networks."


According the the story in Wired
(http://www.wired.com/politics/securi...liner_security)


"Boeing spokeswoman Lori Gunter said the wording of the FAA document is
misleading, and that the plane's networks don't completely connect. Gunter
wouldn't go into detail about how Boeing is tackling the issue but says it
is employing a combination of solutions that involves some physical
separation of the networks, known as "air gaps," and software
firewalls. Gunter also mentioned other technical solutions, which she said
are proprietary and didn't want to discuss in public. "There are places
where the networks are not touching, and there are places where they are,"
she said. Gunter added that although data can pass between the networks,
"there are protections in place" to ensure that the passenger Internet
service doesn't access the maintenance data or the navigation system "under
any circumstance." She said the safeguards protect the critical networks
from unauthorized access, but the company still needs to conduct lab and
in-flight testing to ensure that they work. This will occur in March when
the first Dreamliner is ready for a test flight."


So that's all right, then. After all, no security problem has ever shown up
after testing, has it?


[The planned test flight should be interesting. Where can you get a
plane-load of suicide hackers at short notice? MT]

Even the BBC has picked this up!

http://news.bbc.co.uk/2/hi/business/7179823.stm

This is really scary!

I'm only a software (not hardware) engineer, but if I were to design such a system, I would ensure that there is absolutely no connection between the plane's network and any network that passengers have access to. I don't trust software firewalls (there's always a way around them) or other "proprietary technical solutions" that haven't stood the test of time.

If Boeing really wants to ensure that the passenger Internet service doesn't access the maintenance data or the navigation system "under
any circumstance," then they should keep the systems separate!

I have a relative who described their early internet connection in the office as being totally safe from infecting other computers because they used an airwall not a firewall. When someone asked what an airwall was (assuming they'd heard of a firewall) he would elaborate further.

And this is scary, I can well imagine some bored teenager figureing out how to bypass stuff to pass the flight time.:eek:

This is such a dumb move by Boeing. Why in the world would they connect the two systems?

It's cheaper

I really hope the PR person was misinformed
 

and that the only "connections" between the flight critical networks and the passenger-accessible ones are that some hardware components of each may share common POWER sources.

But having spent 20 years (d**n I'm getting old) doing networking and computer security for a living, I'd never design it this way, and I'd be VERY nervous of flying on a plane set up this way.

Hopefully this idea (if accurate) will go away when Boeing finalizes FIPS or Common Criteria certification for the flight critical network and realizes that they REALLY don't want to spend the $$$ to get FIPS ratings for the in-flight entertainment servers.

Bob

even if its reasonably secured, doesnt it just add more potential sources for flight systems malfunctions/failures...?

ssh root@cockpit
#:

probably for the same reason they'd build a plastic plane

I'm willing to bet this was just more sloppy technical "reporting", and if we were privy to the details it's not a big deal at all. There's just too many people (smart people at that) who would raise a hand if it were anything like "Oh, the whole plane is on the same subnet" or the like.

For all we know the connection is something as simple as a box that's monitoring stats on all network traffic (packet counts, etc.) which then sends that down to the maint boxes; someone then sees a connection between all three, and the sky's a-falling.

I'm pretty certain Boeing will end up airgapping the two networks, per los federales.

And per federal government instructions, they'll cost 14 times as much and be the wrong size.

Yeah the CFR will state airgap of 2mm and Boeing will make it 1.5mm to save money :D