Feds fear Boeing 787 poses hacker risks
Jan 11, 2008
Boeing’s soon-to-be-deployed 787 “Dreamliner” will, among other state-of-the-art features, keep passengers jacked-in to the Web so they can keep up with email and other Internet-enabled pursuits. This new level of connectivity, however, has Federal Aviation Administration officials worrying that the 787′s control systems could become a target for hackers.
Specifically, in the FAA issued a memo on Dec. 28, 2007 addressing the 787′s “Systems and Data Networks Security-Protection of Airplane Systems and Data Networks from Unauthorized External Access.”
Boeing’s 787 “Dreamliner”
Quoting from the FAA’s memo…
“This airplane will have novel or unusual design features when compared to the state of technology envisioned in the airworthiness standards for transport category airplanes. The architecture of the Boeing Model 787-8 computer systems and networks may allow access to external systems and networks, such as wireless airline operations and maintenance systems, satellite communications, electronic mail, the Internet, etc. On-board wired and wireless devices may also have access to parts of the airplane’s digital systems that provide flight critical functions. These new connectivity capabilities may result in security vulnerabilities to the airplane’s critical systems. For these design features, the applicable airworthiness regulations do not contain adequate or appropriate safety standards for protection and security of airplane systems and data networks against unauthorized access. These special conditions contain the additional safety standards that the Administrator considers necessary to establish a level of safety equivalent to that established by the existing standards. Additional special conditions will be issued for other novel or unusual design features of the Boeing Model 787-8 airplanes.”
The 787 on Boeing’s production line
The 787′s first flight is expected to take place toward the end of the first quarter of 2008. First customer deliveries are planned for later in the year.
Boeing describes the 787 as a “super-efficient” airplane that “brings big-jet ranges to mid-size airplanes.” The company says the 787 will use 20 percent less fuel than current similarly-sized airplanes, but “will travel at speeds similar to today’s fastest wide bodies, Mach 0.85.” It will carrier between 210 and 330 passengers, depending on model.
The complete text of the FAA’s Dec. 28, 2007 memo on 787 security issues is available here. Lots of information about the new 787 Dreamliner is available on the Boeing’s website.
Why are they so concerned the plane’s computer and the passengers’ network should not be on the same network to begin with, that would be plain stupid.
I read this article thinking that no responsible systems design, management, or engineering team would be stupid enough to have survival-critical control systems in any way dependent on transient control or access entities outside of the control system. Both Boeing’s and the FAA’s concern over a hackable system should be causing a much larger concern that the flight control system has any external control dependency at all. Critical systems like these in any process control application are normally self-contained and hard-isolated from outside control or circumstantial factors when in operation. Why is this feature available? Is the 787 intended to be remotely piloted? Remote piloting of manned aircraft has been available for decades and unimplemented for decades out of sustained good judgement. I can accept telemetry and it’s decades of good application, but any telecommand access, particularly prioritized telecommand, for a normally manned vehicle demonstrates extremely poor design judgement and conspicuous disregard for the occupants of the plane.
The big problem with the flight controls on these new planes is that they are NOT isloated from everything else. These planes are completely able to be remotely piloted, as mandated by post-9/11 paranoia. Quite a few commercial airliner models already have remote-access systems for flight override control. By law, civilian aircraft must have the remote pilot still located on-board the aircraft, but doesn’t exclude external control, and you know how well government agencies care about following the law.
The 787 system is just a little too close to exposed for the FAA’s comfort level.
Give it time, someone might actually reverse engineer the system.
Maybe they want to make a hackable remotely-controlled 787 so the govt can run them into buildings or stadiums or nuclear power plants or whatever else they can dream up the next time they want to orchestrate another 9-11-type event (like the one they did on 9-11-01) so they can justify future wars (like Iraq) and taking away more of our civil liberties (like the Orwellianly-titled “Patriot Act”).
ijnhunvinbhhbhjyhkjgvjg;h,kybnews,kn pofrkimfk787