The Boeing Dreamliner "Security"

By Kenneth van Wyk

February 08, 2008

In some situations -- like 30,000 feet in the air -- an ironclad firewall is incredibly important.

I’ve thought about this over and over, and the only rational conclusion I’ve been able to draw is that they were either inexcusably ignorant or else operating at an unparalleled level of hubris. Just who are they? The designers of Boeing’s new 787 “Dreamliner,” that’s who.

A bit of background… A couple weeks ago, a particular FAA warning notice surfaced on the Internet. The warning was sent to Boeing to put them on notice to ensure—and I’m not making this up—that they build a software protection mechanism so that passenger data won’t make its way onto the aircraft’s flight control networks.

You read that correctly: the in-flight passenger data network is connected to the network that carries flight control data. It seems that the interconnection was found during a design review by the FAA and others, including Boeing’s archrival, Airbus. (Good of Airbus, don’t you think?)

Of course, I applaud the FAA for doing an architectural risk analysis of the system; I’ve done hundreds of these and firmly believe they’re time well spent. But what could possibly have lead Boeing’s engineers to think it would be a good idea to have an interconnection between the passengers and the flight controls? Without a doubt, none of us need to be reminded of the risks involved.

Oh, and it gets worse. The FAA warning didn’t instruct Boeing how to ensure separation between passenger and flight control data. Instead, they’re leaving it up to the same people who came up with the flawed design in the first place to come up with a fix. Great.

Security Articles
Security and the Politics of Fear

Norton Internet Security 2008: Faster, Stronger

Microsoft's New Patent: The Dark Side of SaaS

Google's Android vs. Apple's iPhone: Which is More Secure?

FREE IT Management Newsletters

Now, let’s consider this a little deeper. If the design review findings are correct and there really is a potentially dangerous connection between the two worlds that absolutely must be kept apart, then it is likely to have been a conscious decision. I can’t imagine an information security professional who wouldn’t have counseled against such a thing.

As I said, the only rationale I’ve been able to come up with are that they were either ignorant or, even worse, guilty of unparalleled hubris.

If they were ignorant, shame on them. Shame on them for putting passenger lives at risk in this way. Shame on them for not adequately doing a domain analysis to explore things like the threats, attack surfaces, and potential technological weak points. Shame on them for designing a data system without any understanding of how data systems can be attacked. With luck, though, the FAA warning will have jolted them into an acceptable level of awareness.

If they did understand all of these things and they did it anyway, then things are far worse. There is then an implicit assumption that they could build some form of software firewall that would do the job perfectly—because the public will no doubt expect and accept nothing short of perfection.

Will it be built on existing building blocks? Open source? Proprietary firewall technologies? How will the system adapt to new attacks as they are discovered? Will each 787 do a Windows Update (or equivalent) just before it takes to the skies? Heaven forbid.

Pages: 1 2


Comment and Contribute
(Maximum characters: 1200). You have
characters left.