Your 787 controlled from seat 34G?
Thread Starter
Join Date: Jul 2005
Location: SoCal
Posts: 1,929
Likes: 0
Received 0 Likes
on
0 Posts
Your 787 controlled from seat 34G?
Have a look at this
In short, it appears that the FAA are concerned about a linkage between the pax computer network (presumably the entertainment stuff) and the a/c systems computers.
Why would Boeing mix the two ??
In short, it appears that the FAA are concerned about a linkage between the pax computer network (presumably the entertainment stuff) and the a/c systems computers.
Why would Boeing mix the two ??
Join Date: May 2005
Location: Abroad
Posts: 1,172
Likes: 0
Received 0 Likes
on
0 Posts
The link that appears towards the end of the Wired article is a much better source of information, assuming it is an accurate copy of the Federal Register.
That is explained in the link above.
Why would Boeing mix the two ?
assuming it is an accurate copy of the Federal Register.
http://regulations.justia.com/view/98960/
PersonalTitle to help support PPRuNe against legal bullying.
Join Date: Sep 2005
Location: France
Posts: 134
Likes: 0
Received 0 Likes
on
0 Posts
Technology exists which allows sharing of resources without allowing unauthorized access and inappropriate actions to systems and data
For example, why not state things such as: "Events from the pax systems domain must not be observable by any of the components in the aircraft control system domain"? Hardly rocket science, yet the sort of rule that will stand the test of time.
To just leave it up to the manufacturer is absurd. I hope there is much more to this story; background info that would make that report seem much less naîve. Perhaps the responsible person was out of his depth in this subject but senior in his poistion in the FAA?
Consider:
The applicant is responsible for the design of the airplane network and systems architecture and for ensuring that potential security vulnerabilities of providing passenger access to airplane networks and systems are mitigated to an appropriate level of assurance, depending on the potential risk to the airplane and occupant safety
There has to be more to this, that puts this report in context and gives it more credibility. Stand-alone, this report reads as absurd.
Join Date: Aug 2003
Location: FR
Posts: 234
Likes: 0
Received 0 Likes
on
0 Posts
Although this particular combination does not appear explicitely in the Federal Register, the possibility of "wired connection" between "passenger Internet services" and flight systems is really scary! No sane person would implement this.
Join Date: Dec 2001
Location: England
Posts: 1,389
Likes: 0
Received 0 Likes
on
0 Posts
This link seems to verify the accuracy...
http://regulations.justia.com/view/98960/
http://regulations.justia.com/view/98960/
Airbus appear to want the FAA to promote physical isolation...
"The only possible solution to such a requirement would be to physically segregate the Passenger Information and Entertainment Domain from the other domains."
Whereas the FAA appear to want to allow design flexibility and put the responsibility on the manufacturers...
"We agree that Airbus's interpretation of zero allowance for any ``inadvertent or malicious changes to, and all adverse impacts'' to airplane systems, networks, hardware, software, and data is correct. However, this does not prevent allowing appropriate access if the design incorporates robust security protection means and procedures to prevent inadvertent and intentional actions that could adversely impact airplane systems, functionality, and airworthiness."
and
"The applicant is responsible for developing a design compliant with these special conditions and other applicable regulations. The design may include specific technology and architecture features, as well as operator requirements, operational procedures and security measures, and maintenance procedures and requirements, to ensure an appropriate implementation that can be properly used and maintained to ensure safe operations and continued operational safety."
None but a blockhead
Join Date: Nov 1999
Location: London, UK
Posts: 535
Likes: 0
Received 0 Likes
on
0 Posts
From reading that, the only reason for linking pax and avionics domains is to share satcomms (I exclude unidirectional stuff like nav feeds to skymaps, etc, which already exist and can be made arbitrarily secure). Have I got that right? If so, then it's not as nasty as it sounds.
R
R
Join Date: Dec 2001
Location: England
Posts: 1,389
Likes: 0
Received 0 Likes
on
0 Posts
I'm sure it isn't as easy to hack as this makes it sound...
http://www.aviationtoday.com/av/cate...rcial/932.html
Data Loading
Data loading and configuration management are separate functions provided by the maintenance system. The data loader supports the insertion of data loads (operational software) into the appropriate avionics systems. "If you wanted to load a new piece of flight management software, it would come through this function," Morrow explains.
<snip>
.. this is the first time a maintenance technician with a wireless laptop (equipped with a Wi-Fi card) can walk up to the aircraft and get maintenance info on and off the airplane," Boeing's Sinnett says. "
http://www.aviationtoday.com/av/cate...rcial/932.html
Data Loading
Data loading and configuration management are separate functions provided by the maintenance system. The data loader supports the insertion of data loads (operational software) into the appropriate avionics systems. "If you wanted to load a new piece of flight management software, it would come through this function," Morrow explains.
<snip>
.. this is the first time a maintenance technician with a wireless laptop (equipped with a Wi-Fi card) can walk up to the aircraft and get maintenance info on and off the airplane," Boeing's Sinnett says. "
Join Date: Mar 2002
Location: Ireland
Posts: 39
Likes: 0
Received 0 Likes
on
0 Posts
Before you react to this topic, I would caution anybody whose knowledge of computer networks and the capabilities of 'hackers' is largely derived from the media and entertainment industries that they present the 'facts' with as much care and accuracy as they treat aviation!
For those with a working IT knowledge, feel free to tear the FAA a new one as you see fit
For those with a working IT knowledge, feel free to tear the FAA a new one as you see fit
I positioned in First class a few months ago. The American lady sitting the other side of the aisle was suprised to see two pilots in uniform sitting in the cabin. She was even more suprised when we convinced her we were flying the aircraft from those seats using the screen and the IFE controller. We managed to keep straight faces all the way down the approach, landing and while 'vacating' the runway - then we had to come clean!
She was blonde too!
She was blonde too!
- sigh -
Sometimes I think if atoms had ethernet in them IT people would think they're all smarter than Einstein.
The best explanation on the net so far: a system totally unrelated to anything seriously important can communicate with the passenger network. Not a great idea, but no hacking the altimeter.
Sometimes I think if atoms had ethernet in them IT people would think they're all smarter than Einstein.
The best explanation on the net so far: a system totally unrelated to anything seriously important can communicate with the passenger network. Not a great idea, but no hacking the altimeter.
34K
With all due respect to your collective intelligence and despite my vivid interest to the aviation I still consider 34G to be more important in another sense.
Sorry for the drift but I could not resist.
Rwy in Sight
Sorry for the drift but I could not resist.
Rwy in Sight
Paxing All Over The World
One physical network for the PAX and one for the A/c. No physical link between means that there is no electronic link between. It really is that simple.
Should any crew member need access to the PAX system, then they cross plug their terminal/PC into it. The PAX never need to go the other way.
After 27+ years in telecommunications, I can say that the only way to prevent any networking accident is to not have a network. If you have vital data, then do not provide network connectivity - irrespective of the firewalls in place. Simple. The FAA just need to state that there is no physical link on pain of death and they have proved that they understand the risk and have protected the pax. Job done.
Should any crew member need access to the PAX system, then they cross plug their terminal/PC into it. The PAX never need to go the other way.
After 27+ years in telecommunications, I can say that the only way to prevent any networking accident is to not have a network. If you have vital data, then do not provide network connectivity - irrespective of the firewalls in place. Simple. The FAA just need to state that there is no physical link on pain of death and they have proved that they understand the risk and have protected the pax. Job done.
Using VPN's networks can be isolated on the same media.
Even classified information is transferred this way over the Internet by Governments when the National Networks are unavailable or cannot reach certain areas.
However, the Internet is rarely if ever compromised at a major data pipe and this cannot be said for any LAN.
FADEC failure anyone
Even classified information is transferred this way over the Internet by Governments when the National Networks are unavailable or cannot reach certain areas.
However, the Internet is rarely if ever compromised at a major data pipe and this cannot be said for any LAN.
FADEC failure anyone
Join Date: Aug 2006
Location: Newcastle
Posts: 2
Likes: 0
Received 0 Likes
on
0 Posts
Using VPN's networks can be isolated on the same media.
Even classified information is transferred this way over the Internet by Governments when the National Networks are unavailable or cannot reach certain areas.
Even classified information is transferred this way over the Internet by Governments when the National Networks are unavailable or cannot reach certain areas.
But note that all but the lowest level "classified" data CANNOT be shared on the same cabling backbone - they must be physically separated. In fact standard ethernet cable is in most cases not good enough due to possibilities of wire taps and signal leakage - fibre optic is therefore the defacto standard. And "classified" data is not transferred over the Internet as a rule. Low level data may be securely transferred if heavily encrypted, but anything more restricted cannot go via the Internet at all.
The simple fact is, if two networks are sharing the same backbone, there is a real risk of comprising the security separating the two. The only accepted way to guarantee proper segregation is physical separation.
The articles don't really elaborate on the extent of the cross connection - I'd certainly hope the fly-by-wire system is independant! - but surely with a blank paper design, building in a real risk that the passenger network may affect any part of the flight system network is unacceptable.
Join Date: Dec 2006
Location: canberra
Posts: 11
Likes: 0
Received 0 Likes
on
0 Posts
There is also the possibility of "Denial of Service" problems. If the communications channel becomes constantly "busy" through failure of part of a system, or through malicious intent, then legitimate traffic has no way to travel through the channel and has to wait, or -worse- it may be lost completely.
Hippopotomonstrosesquipidelian title
Join Date: Oct 2006
Location: is everything
Posts: 1,826
Likes: 0
Received 0 Likes
on
0 Posts
There is also the possibility of "Denial of Service" problems