Your 787 controlled from seat 34G?
 

Have a look at this

In short, it appears that the FAA are concerned about a linkage between the pax computer network (presumably the entertainment stuff) and the a/c systems computers.

Why would Boeing mix the two ?? :confused:

The link that appears towards the end of the Wired article is a much better source of information, assuming it is an accurate copy of the Federal Register.

That is explained in the link above.

This link seems to verify the accuracy...

http://regulations.justia.com/view/98960/

Doesn't the A380 have the same setup - all aircraft data goes around on an ethernet bus, with ops and pax data separated by a firewall?

Whoever wrote that is having a laugh, right? Pretty much every technology which exists for this purpose is quickly broken or compromised in a way that was not foreseen; thus creating a new degraded security scenario that was not in the original design reveiwer's scope. I am not impressed with the FAA's response in this report; they could have easily done more.

For example, why not state things such as: "Events from the pax systems domain must not be observable by any of the components in the aircraft control system domain"? Hardly rocket science, yet the sort of rule that will stand the test of time.

To just leave it up to the manufacturer is absurd. I hope there is much more to this story; background info that would make that report seem much less naîve. Perhaps the responsible person was out of his depth in this subject but senior in his poistion in the FAA?

Consider:

So, the design authority is also the reviewer and certification authority of this architecture design? If it wasn't serious this would be comical. They haven't even made any reference to documents that might specify the scope of the threats that should be considered, nor have they given a ballpark indication of what "appropriate level of assurance" might mean. If the subject area was stress tests we would be swamped with details. Does this mean the FAA are not up to date enough to regulate this technology effectively?

There has to be more to this, that puts this report in context and gives it more credibility. Stand-alone, this report reads as absurd.

Although this particular combination does not appear explicitely in the Federal Register, the possibility of "wired connection" between "passenger Internet services" and flight systems is really scary! No sane person would implement this.

Very interesting reading.

Airbus appear to want the FAA to promote physical isolation...
"The only possible solution to such a requirement would be to physically segregate the Passenger Information and Entertainment Domain from the other domains."

Whereas the FAA appear to want to allow design flexibility and put the responsibility on the manufacturers...

"We agree that Airbus's interpretation of zero allowance for any ``inadvertent or malicious changes to, and all adverse impacts'' to airplane systems, networks, hardware, software, and data is correct. However, this does not prevent allowing appropriate access if the design incorporates robust security protection means and procedures to prevent inadvertent and intentional actions that could adversely impact airplane systems, functionality, and airworthiness."

and

"The applicant is responsible for developing a design compliant with these special conditions and other applicable regulations. The design may include specific technology and architecture features, as well as operator requirements, operational procedures and security measures, and maintenance procedures and requirements, to ensure an appropriate implementation that can be properly used and maintained to ensure safe operations and continued operational safety."

From reading that, the only reason for linking pax and avionics domains is to share satcomms (I exclude unidirectional stuff like nav feeds to skymaps, etc, which already exist and can be made arbitrarily secure). Have I got that right? If so, then it's not as nasty as it sounds.

R

I'm sure it isn't as easy to hack as this makes it sound...

http://www.aviationtoday.com/av/cate...rcial/932.html

Data Loading

Data loading and configuration management are separate functions provided by the maintenance system. The data loader supports the insertion of data loads (operational software) into the appropriate avionics systems. "If you wanted to load a new piece of flight management software, it would come through this function," Morrow explains.

<snip>

.. this is the first time a maintenance technician with a wireless laptop (equipped with a Wi-Fi card) can walk up to the aircraft and get maintenance info on and off the airplane," Boeing's Sinnett says. "

Before you react to this topic, I would caution anybody whose knowledge of computer networks and the capabilities of 'hackers' is largely derived from the media and entertainment industries that they present the 'facts' with as much care and accuracy as they treat aviation!
For those with a working IT knowledge, feel free to tear the FAA a new one as you see fit :}

I positioned in First class a few months ago. The American lady sitting the other side of the aisle was suprised to see two pilots in uniform sitting in the cabin. She was even more suprised when we convinced her we were flying the aircraft from those seats using the screen and the IFE controller. We managed to keep straight faces all the way down the approach, landing and while 'vacating' the runway - then we had to come clean!

She was blonde too! :rolleyes:

- sigh -

Sometimes I think if atoms had ethernet in them IT people would think they're all smarter than Einstein.

The best explanation on the net so far: a system totally unrelated to anything seriously important can communicate with the passenger network. Not a great idea, but no hacking the altimeter.

http://www.heise.de/ct/schlagseite/03/01/gross.jpg :p

34K
 

With all due respect to your collective intelligence and despite my vivid interest to the aviation I still consider 34G to be more important in another sense.

Sorry for the drift but I could not resist.

Rwy in Sight

One physical network for the PAX and one for the A/c. No physical link between means that there is no electronic link between. It really is that simple.

Should any crew member need access to the PAX system, then they cross plug their terminal/PC into it. The PAX never need to go the other way.

After 27+ years in telecommunications, I can say that the only way to prevent any networking accident is to not have a network. If you have vital data, then do not provide network connectivity - irrespective of the firewalls in place. Simple. The FAA just need to state that there is no physical link on pain of death and they have proved that they understand the risk and have protected the pax. Job done.

Using VPN's networks can be isolated on the same media.

Even classified information is transferred this way over the Internet by Governments when the National Networks are unavailable or cannot reach certain areas.

However, the Internet is rarely if ever compromised at a major data pipe and this cannot be said for any LAN.

FADEC failure anyone :(

Especially with the FADEC "integrated" in the CCS (or whatever?).

VLANs, together with firewalls, can indeed be used to segrate multiple network on the same cabling media, and this is more than enough for most company networks and low level "classified" data.

But note that all but the lowest level "classified" data CANNOT be shared on the same cabling backbone - they must be physically separated. In fact standard ethernet cable is in most cases not good enough due to possibilities of wire taps and signal leakage - fibre optic is therefore the defacto standard. And "classified" data is not transferred over the Internet as a rule. Low level data may be securely transferred if heavily encrypted, but anything more restricted cannot go via the Internet at all.

The simple fact is, if two networks are sharing the same backbone, there is a real risk of comprising the security separating the two. The only accepted way to guarantee proper segregation is physical separation.

The articles don't really elaborate on the extent of the cross connection - I'd certainly hope the fly-by-wire system is independant! - but surely with a blank paper design, building in a real risk that the passenger network may affect any part of the flight system network is unacceptable.

There is also the possibility of "Denial of Service" problems. If the communications channel becomes constantly "busy" through failure of part of a system, or through malicious intent, then legitimate traffic has no way to travel through the channel and has to wait, or -worse- it may be lost completely.

Exactly. Any time there's a bit of wire between two computing devices, someone, somewhere, has the skill to use one device to access the other, overload the other, corrupt it or otherwise compromise or render it incapable of providing the service it is supposed to provide. You've got to be barking mad to have a wired link between 400 people with their entertainment systems and randomly-hosed PCs, and bits of the aircraft that are trying to do something important. Does make me want to fire up Ethereal and friends the next time I'm on a flight.

Access to PCDL (primary centralised data link) in always available exclusively from row 13 due to avionics compartment location.

As an IT Director with a lot of sites to protect (at great expense) I'd go along with this.

John

Why not simply have totally independent networks? That way, the only unauthorized data that the computer and electronics whiz in seat 34G could access is the latest pay-per-view movies. To somebody who isn't in the electronics field, it seems like a simple enough thing to do. I'm willing to learn why the most obvious thing is being ignored.

...or maybe if they decide to go with robust network security, we'll have to enter a password every time we change the QNH or try to execute a new route:ugh:

It is my responsibility at work to start and programme the IFE on the 747/777/A330, and to try and fault-find and 'fix' it whenever it doesn't work as advertised.

It is one of the least enjoyable aspects of the job. I am technically minded, so it's not that. I am computer literate so it's not that either.
The problem lies in the fact that IFE systems are notoriously opinionated and unpredictably moody.
The manufacturers swear on everything they hold dear that their system will under NO circumstance ever do X Y or Z, yet all of us know for a fact that X Y and Z are regular occurrences.
And of course the fault can never be replicated on the ground and the dedicated mechs look at you as if you're some sort of total moron.

Similarly, the manufacturers will wax lyrical about the reliability of the system, its stability and back-up.
While in reality, the systems crash for no good reason, behave weirdly when you least expect it, ignore whatever fault fixing procedure you let loose on it and will on principle do the exact opposite of what the manual says they will

The idea that an IFE system could be in any way at all connected to the cockpit systems causes me the deepest of anxieties.

Actually, more of a screaming panic! ;)

Curious ...
 

A slight change of tack - but does anyone know how the internet backhaul is provided? I'd guess at satellite based, but the dealings I've had with those setups are less than impressive.

Carbon 15, previously such services were supplied by the Connexion by Boeing (CbB) system that was installed on the likes of Lufthansa and Etihad.

Owing to a slightly dodgey business model, the grown ups at Boeing pulled the plug leaving aircraft with some extra ballast and something akin to an upside down bathtub on the roof.

Inmarsat have launch a "high speed" service called Swift Broadband. This is designed to give a "high speed" data service to the aircraft through its I4 satellite constellation.

Hope this helps

Being able to read all your spam at 40,000 feet.
What progress !

Boeing 787 hit by wireless security fears
 

Sorry for the alarmist title, but it was written by the BBC, not me:

OK, it does seem a bit like a slow news day story. But, if "Like most modern planes, the 787 has extensive computer systems," what about this type has attracted the attention of the FAA on this issue? Why are they not worried about the A380, for example? Only because no American carriers have ordered one? :confused:

Wifi access....

Mutt

Wrong.

The logical Aircraft Control Domain and Passenger Information and Entertainment Domain are not physically separate. So, an enterprising person or a malfunctioning device might be able affect the performance of one domain from the other.

Why don't Boeing ask Microsoft to design the software; that should make it secure. Even better install Vista and use Flight Sim. then we could all have a go.

Bushfiva, how about this.....

Mutt

Of course this sort of thing doesn't really happen!!

http://www.mirror.co.uk/news/topstor...9520-20281665/

Hi,

maybe I overlooked the information I'm interested in, but anyway:

I can hardly believe that flight critical systems share the network. In my opinion, most likely the Cabin Management Systems use the same network. But maybe I'm wrong...

Does anybody know which a/c systems share the network with the PAX-systems?

A good idea for many reasons already discussed. I would even be tempted to make the aircraft's networks to a different standard from the norm, at least with regard physical connectors. An ethernet RJ-45 could let you plug (and leave) all manner of undesirable devices connected. I don't know enough about the wireless/datalink stuff to comment.

This is one place for (quality) comment and analysis in the IT world on this and other risk s:

http://catless.ncl.ac.uk/Risks/25.1.html#subj2

Regarding interfaces between the Pax entertainment systems and other aircraft systems, the following are typical of the latest generation IFE systems

ARINC 429 (Rx only) for moving map positional data (Alt, long, lat, speed etc)
Pax Service System for reading lights and calls lights/chimes
PA System so announcements can be heard through headphones
SATCOM for voice/data connectivity
Electrical power (obviously)

Hope this helps

And when they've resolved that, they can resolve the issues around harmful pollutants (carcinogens?) being released into the local atmosphere if, God Forbid, a B787 should ever suffer a major fire.

My grapevine tells me that fire services, for one, have raised this issue with EASA who have been working on it for some time.

I appreciate that this is not a new problem, that composite structure has been around for ages, that there are plenty of people who actually know all about this and whether there really is a problem, and that I'm not one of them.

So does anyone know exactly where the matter stands, today?

Ever heard of the Martinair 757 incident ?

On May 28, 1996, at 1421 eastern daylight time, a Boeing 767-31AER, PH-MCH, operated by Martinair Holland, as flight 631 received minor
damage during an unscheduled landing at Logan Airport, Boston.

The flight destined for Orlando, Florida, had departed Schiphol Airport, Amsterdam. Flight crew reported that they had received several false system advisories during the flight. The advisories would appear and then disappear
shortly thereafter, with no corrective action being taken.

There was no evidence that the actual airplane systems were being affected.
These advisories started shortly after the airplane had reached cruise altitude, and continued at an intermittent rate throughout the flight. In addition there were multiple uncommanded auto pilot disconnects.

The transponder code window would suddenly display all zeros, and there were changes to the zero fuel weight information displayed on the EFIS. At one time, the airplane flew for about one hour with no problems noted. At 1355, when the 757 was about 20 nm miles north of the Kennebunk VOR, Maine, the crew declared an emergency due to loss of EFIS cockpit displays and the inertial navigation units.

They requested to land at Boston. The flight crew extended slats, and received a split slat indication. After checking that the available runway length was adequate, for their configuration and weight, they decided not to
extend flaps.

The spoilers were armed; however, after touchdown, the flight crew had to manually extend the spoilers and was unable to engage the reverse thrust.

Let's not forget the Egyptair 767 either, which went into a wild roller coaster dive.

Some years ago loading baggage for Air New Zealand, I remember on duty in the baggage hall how cell phones would keep ringing in baggage ready for loading on flights.

There was the CFIT crash of a Dash 8-100 belonging to Ansett NZ in June 1995. The captain Gary Sotheran claimed that whilst struggling with hung up main gear on an IFR approach the radar altimeter suddenly flipped 1,000 feet. Nobody ever believed him.

Sotheran was put on criminal trial and the day after that trial was abandoned news agencies disclosed that NZ Police had concealed evidence of a cell phone call being made by a passenger during the approach.

Police didn't seem to think it was their duty to share with the aviation world that cell phones endangered the flight because they were so hell bent on their prosecution.

Kiwiguy,
You're obviously talking about EMI.
This thread is about having interconnected IT networks on the plane, so not the same subject at all.