A bit of background A couple weeks ago, a particular FAA warning notice surfaced on the Internet. The warning was sent to Boeing to put them on notice to ensureand Im not making this upthat they build a software protection mechanism so that passenger data wont make its way onto the aircrafts flight control networks.
You read that correctly: the in-flight passenger data network is connected to the network that carries flight control data. It seems that the interconnection was found during a design review by the FAA and others, including Boeings archrival, Airbus. (Good of Airbus, dont you think?)
Of course, I applaud the FAA for doing an architectural risk analysis of the system; Ive done hundreds of these and firmly believe theyre time well spent. But what could possibly have lead Boeings engineers to think it would be a good idea to have an interconnection between the passengers and the flight controls? Without a doubt, none of us need to be reminded of the risks involved.
Oh, and it gets worse. The FAA warning didnt instruct Boeing how to ensure separation between passenger and flight control data. Instead, theyre leaving it up to the same people who came up with the flawed design in the first place to come up with a fix. Great.
Security and the Politics of Fear
Norton Internet Security 2008: Faster, Stronger
Microsoft's New Patent: The Dark Side of SaaS
Google's Android vs. Apple's iPhone: Which is More Secure?|
Now, lets consider this a little deeper. If the design review findings are correct and there really is a potentially dangerous connection between the two worlds that absolutely must be kept apart, then it is likely to have been a conscious decision. I cant imagine an information security professional who wouldnt have counseled against such a thing.
As I said, the only rationale Ive been able to come up with are that they were either ignorant or, even worse, guilty of unparalleled hubris.
If they were ignorant, shame on them. Shame on them for putting passenger lives at risk in this way. Shame on them for not adequately doing a domain analysis to explore things like the threats, attack surfaces, and potential technological weak points. Shame on them for designing a data system without any understanding of how data systems can be attacked. With luck, though, the FAA warning will have jolted them into an acceptable level of awareness.
If they did understand all of these things and they did it anyway, then things are far worse. There is then an implicit assumption that they could build some form of software firewall that would do the job perfectlybecause the public will no doubt expect and accept nothing short of perfection.
Will it be built on existing building blocks? Open source? Proprietary firewall technologies? How will the system adapt to new attacks as they are discovered? Will each 787 do a Windows Update (or equivalent) just before it takes to the skies? Heaven forbid.