The problem is actually more profound and deeper. Clearly; separating Flight Critical and IFE systems is required, but even with an airgap there is still a substantial attack vector. Nav Databases, FMC Software loads et al are delivered on media that can be compromised. The good news; because aircraft computer systems don't run commercial, off the shelf software, and are written & compiled in very low level real time code there's a very limited skillset at risk. I wouldn't be at all surprised if the Performance Management laptops on the FD are infected with some form of malware already; but it can't affect the Aircraft Systems. Bad guys have much easier ways to cause mischief than messing around with this stuff; but regulators & operators should be cognizant of the potential risks.