Fending off a jumbo hack

Graham Titterington/Ovum
10 Jan 2008

The US Federal Aviation Authority has raised concerns that hackers may be able to access flight and management systems on the new Boeing Dreamliner jet, the 787-8, which is scheduled to make its maiden flight in March.

The risk is that users of the "passenger domain" network that gives access to the Internet may be able to access the flight management network, as these are physically interconnected. Tentatively admitting that there is a problem, Boeing has said it will test its fix in March.

Points of interconnection between networks are a security risk for all IT administrators.

The highest levels of access control are needed, but are rarely totally effective. We have seen problems in the telecommunications sector, where public networks connect to the telco's management, control and billing systems. Similar problems exist in most enterprise networks.

A particular concern exists with real-time control networks where devices are increasingly internet-connected.

Obviously the stakes are much higher when we are dealing with 'fly-by-wire' systems on planes. If such a network interconnect vulnerability exists on the 787 it could be exploited by anyone on the Internet, and not just by passengers on the plane. At least this particular issue has been raised in good time.

It is more disconcerting that such a design error has got this far through the process without being detected.

The history of mainstream software security shows that fixing one bug in buggy software leads to the later discovery of more bugs post-deployment. Boeing should be re-examining why, and to what extent, flight systems need to be connected to the Internet and to public user networks.

Graham Titterington is a principal analyst at Ovum, specialising in IT security and business continuity.

Related content

No Comments Yet! Be the first to share what you think!