01-08-2008, 08:42 PM
Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration.
First, there isn't enough information in the FAA document (I read it, in its entirety this evening.) to know the actual extent of the vulnerability, and I sincerely doubt we will ever know the precise details, because that could help computer experts to hack the system. I know I would certainly advise Boeing and the FAA to not release the information.
That being said, from the description, it would appear that the connection between the plane control/navigation/maintenance systems with the passenger internet/entertainment system is through a common communications server, via a firewall system. We see in many firewalls, both software and hardware, (I hope I'm making this clear to all. I don't know how to state it more clearly.) a secure area, and an open area, known as the DMZ, which is used in such situations.
In a DMZ configuration, most computers (plane control/navigation/maintenance computers) on the LAN run behind a firewall connected to a public network like the Internet. One or more computers (passenger internet/entertainment computers) run outside the firewall, in the DMZ.
Traditionally, DMZs allow computers behind the firewall to initiate requests outbound to the DMZ. Computers in the DMZ in turn can respond, forward or re-issue requests out to the Internet, but cannot initiate requests to computers behind the firewall.
Systems like this allow for economic use of a common communication medium (the internet) without permitting inbound communication from computers outside the DMZ.
I have great concerns about the Boeing computer systems, but according to the hardware involved, the "air gaps" used, and the hardware and software firewalls employed, securing the plane's systems, in my professional opinion, is doable. Even so, I would prefer it, if Boeing would design separate communication paths, however, that would introduce significant additional costs.