172driver

Have a look at this

In short, it appears that the FAA are concerned about a linkage between the pax computer network (presumably the entertainment stuff) and the a/c systems computers.

Why would Boeing mix the two ??

LH2

The link that appears towards the end of the Wired article is a much better source of information, assuming it is an accurate copy of the Federal Register.

That is explained in the link above.

PJ2

This link seems to verify the accuracy...

http://regulations.justia.com/view/98960/

BahrainLad

Doesn't the A380 have the same setup - all aircraft data goes around on an ethernet bus, with ops and pax data separated by a firewall?

tallsandwich

Whoever wrote that is having a laugh, right? Pretty much every technology which exists for this purpose is quickly broken or compromised in a way that was not foreseen; thus creating a new degraded security scenario that was not in the original design reveiwer's scope. I am not impressed with the FAA's response in this report; they could have easily done more.

For example, why not state things such as: "Events from the pax systems domain must not be observable by any of the components in the aircraft control system domain"? Hardly rocket science, yet the sort of rule that will stand the test of time.

To just leave it up to the manufacturer is absurd. I hope there is much more to this story; background info that would make that report seem much less naîve. Perhaps the responsible person was out of his depth in this subject but senior in his poistion in the FAA?

Consider:

So, the design authority is also the reviewer and certification authority of this architecture design? If it wasn't serious this would be comical. They haven't even made any reference to documents that might specify the scope of the threats that should be considered, nor have they given a ballpark indication of what "appropriate level of assurance" might mean. If the subject area was stress tests we would be swamped with details. Does this mean the FAA are not up to date enough to regulate this technology effectively?

There has to be more to this, that puts this report in context and gives it more credibility. Stand-alone, this report reads as absurd.

pax2908

Although this particular combination does not appear explicitely in the Federal Register, the possibility of "wired connection" between "passenger Internet services" and flight systems is really scary! No sane person would implement this.

cwatters

Very interesting reading.

Airbus appear to want the FAA to promote physical isolation...
"The only possible solution to such a requirement would be to physically segregate the Passenger Information and Entertainment Domain from the other domains."

Whereas the FAA appear to want to allow design flexibility and put the responsibility on the manufacturers...

"We agree that Airbus's interpretation of zero allowance for any ``inadvertent or malicious changes to, and all adverse impacts'' to airplane systems, networks, hardware, software, and data is correct. However, this does not prevent allowing appropriate access if the design incorporates robust security protection means and procedures to prevent inadvertent and intentional actions that could adversely impact airplane systems, functionality, and airworthiness."

and

"The applicant is responsible for developing a design compliant with these special conditions and other applicable regulations. The design may include specific technology and architecture features, as well as operator requirements, operational procedures and security measures, and maintenance procedures and requirements, to ensure an appropriate implementation that can be properly used and maintained to ensure safe operations and continued operational safety."

Self Loading Freight

From reading that, the only reason for linking pax and avionics domains is to share satcomms (I exclude unidirectional stuff like nav feeds to skymaps, etc, which already exist and can be made arbitrarily secure). Have I got that right? If so, then it's not as nasty as it sounds.

R

cwatters

I'm sure it isn't as easy to hack as this makes it sound...

http://www.aviationtoday.com/av/cate...rcial/932.html

Data Loading

Data loading and configuration management are separate functions provided by the maintenance system. The data loader supports the insertion of data loads (operational software) into the appropriate avionics systems. "If you wanted to load a new piece of flight management software, it would come through this function," Morrow explains.

<snip>

.. this is the first time a maintenance technician with a wireless laptop (equipped with a Wi-Fi card) can walk up to the aircraft and get maintenance info on and off the airplane," Boeing's Sinnett says. "

cormacshaw

Before you react to this topic, I would caution anybody whose knowledge of computer networks and the capabilities of 'hackers' is largely derived from the media and entertainment industries that they present the 'facts' with as much care and accuracy as they treat aviation!
For those with a working IT knowledge, feel free to tear the FAA a new one as you see fit

Dan Winterland

I positioned in First class a few months ago. The American lady sitting the other side of the aisle was suprised to see two pilots in uniform sitting in the cabin. She was even more suprised when we convinced her we were flying the aircraft from those seats using the screen and the IFE controller. We managed to keep straight faces all the way down the approach, landing and while 'vacating' the runway - then we had to come clean!

She was blonde too!

FakePilot

- sigh -

Sometimes I think if atoms had ethernet in them IT people would think they're all smarter than Einstein.

The best explanation on the net so far: a system totally unrelated to anything seriously important can communicate with the passenger network. Not a great idea, but no hacking the altimeter.

Capt. Inop

Rwy in Sight

With all due respect to your collective intelligence and despite my vivid interest to the aviation I still consider 34G to be more important in another sense.

Sorry for the drift but I could not resist.

Rwy in Sight

PAXboy

One physical network for the PAX and one for the A/c. No physical link between means that there is no electronic link between. It really is that simple.

Should any crew member need access to the PAX system, then they cross plug their terminal/PC into it. The PAX never need to go the other way.

After 27+ years in telecommunications, I can say that the only way to prevent any networking accident is to not have a network. If you have vital data, then do not provide network connectivity - irrespective of the firewalls in place. Simple. The FAA just need to state that there is no physical link on pain of death and they have proved that they understand the risk and have protected the pax. Job done.

flash8

Using VPN's networks can be isolated on the same media.

Even classified information is transferred this way over the Internet by Governments when the National Networks are unavailable or cannot reach certain areas.

However, the Internet is rarely if ever compromised at a major data pipe and this cannot be said for any LAN.

FADEC failure anyone

ChristiaanJ

Especially with the FADEC "integrated" in the CCS (or whatever?).

EspritS3

VLANs, together with firewalls, can indeed be used to segrate multiple network on the same cabling media, and this is more than enough for most company networks and low level "classified" data.

But note that all but the lowest level "classified" data CANNOT be shared on the same cabling backbone - they must be physically separated. In fact standard ethernet cable is in most cases not good enough due to possibilities of wire taps and signal leakage - fibre optic is therefore the defacto standard. And "classified" data is not transferred over the Internet as a rule. Low level data may be securely transferred if heavily encrypted, but anything more restricted cannot go via the Internet at all.

The simple fact is, if two networks are sharing the same backbone, there is a real risk of comprising the security separating the two. The only accepted way to guarantee proper segregation is physical separation.

The articles don't really elaborate on the extent of the cross connection - I'd certainly hope the fly-by-wire system is independant! - but surely with a blank paper design, building in a real risk that the passenger network may affect any part of the flight system network is unacceptable.

blakkekatte

There is also the possibility of "Denial of Service" problems. If the communications channel becomes constantly "busy" through failure of part of a system, or through malicious intent, then legitimate traffic has no way to travel through the channel and has to wait, or -worse- it may be lost completely.

Bushfiva

Exactly. Any time there's a bit of wire between two computing devices, someone, somewhere, has the skill to use one device to access the other, overload the other, corrupt it or otherwise compromise or render it incapable of providing the service it is supposed to provide. You've got to be barking mad to have a wired link between 400 people with their entertainment systems and randomly-hosed PCs, and bits of the aircraft that are trying to do something important. Does make me want to fire up Ethereal and friends the next time I'm on a flight.