According to FAA and experts we interviewed, modern communications
technologies, including IP connectivity, are increasingly used in aircraft
systems, creating the possibility that unauthorized individuals might
access and compromise aircraft avionics systems. Aircraft information
systems consist of avionics systems used for flight and in-flight
entertainment (see fig. 4 below). Historically, aircraft in flight and their
avionics systems used for flight guidance and control functioned as
isolated and self-contained units, which protected their avionics systems
from remote attack. However, according to FAA and experts we spoke to,
IP networking may allow an attacker to gain remote access to avionics
systems and compromise them—as shown in figure 4 (below). Firewalls
protect avionics systems located in the cockpit from intrusion by cabinsystem
users, such as passengers who use in-flight entertainment
services onboard. Four cybersecurity experts with whom we spoke
discussed firewall vulnerabilities, and all four said that because firewalls
are software components, they could be hacked like any other software
and circumvented. The experts said that if the cabin systems connect to
the cockpit avionics systems (e.g., share the same physical wiring
harness or router) and use the same networking platform, in this case IP,
a user could subvert the firewall and access the cockpit avionics system
from the cabin. An FAA official said that additional security controls
implemented onboard could strengthen the system.