FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack
Larry Dighera
http://www.wired.com/politics/security/news/2008/01/dreamliner_security
Boeing's new 787 Dreamliner passenger jet may have a serious
security vulnerability in its onboard computer networks that could
allow passengers to access the plane's control systems, according
to the U.S. Federal Aviation Administration. The computer network
in the Dreamliner's passenger compartment, designed to give
passengers in-flight internet access, is connected to the plane's
control, navigation and communication systems, an FAA report
reveals...
According to the FAA document
<http://frwebgate6.access.gpo.gov/cgi-bin/waisgate.cgi?WAISdocID=486816490816+0+0+0&WAISaction=retrieve>
published in the Federal Register (mirrored at Cryptome.org
<http://cryptome.org/faa010208.htm>), the vulnerability exists
because the plane's computer systems connect the passenger network
with the flight-safety, control and navigation network. It also
connects to the airline's business and administrative-support
network, which communicates maintenance issues to ground crews...
Out of the frying pan:
http://cs.schwab.com/clicker/cli?requestID=storyreader&storyid=9919827&emailMsgID=mcs122427683545bacmr4tupkaaaaarcliw2r
10:00 AM 12/24/07
In-Flight Net Providers: Lessons Learned
Airlines and service providers seeking to deliver high-speed
Internet services to passengers say they've learned from Boeing
Co.'s 2006 decision to pull the plug on its ambitions to outfit
its planes with a similar service.
Analysts say Boeing's failed Connexion online service was costly
to install and operate, resulting in large expenditures before
getting a single paying customer. An industry wide downturn
triggered by the 2001 terrorist attacks made the system an even
tougher sell to struggling airlines.
Among other things, JetBlue Airways Corp., AMR Corp.'s American
Airlines and Virgin America are today turning to air-to-ground
connections to avoid Boeing's expensive satellite fees.
"We wanted to attack every one of the things that were inhibitors
in that first-generation system," said Jack Blumenstein, chief
executive of Aircell LLC, which is providing service for American
and Virgin.
JetBlue's LiveTV subsidiary paid the Federal Communications
Commission $7 million for wireless spectrum that one test JetBlue
aircraft has been using since Dec. 11 to communicate with about
100 cell towers spread across the continental United States.
The 1-megahertz frequency band allows that aircraft to offer free
e-mail and instant-messaging services on laptops and handheld
devices through Yahoo Inc. and BlackBerry maker Research In Motion
Ltd.
Aircell licensed a band three times the size of LiveTV's for $31
million and plans to offer broader Internet services, including
Web surfing, for about $10 a flight _ what Boeing had charged for
the first hour. Pending regulatory approval, Aircell's first
Internet-capable flight is expected on American in 2008, using 92
cell towers on the ground. ...
John T
news:n4gvn311e83ois9ra...@4ax.com
> How naďve of Bowing to think that there computer is not hackable:
I missed the part where Boeing claimed the computers were not hackable, but
your document did reveal "Boeing has been working on the issue with the FAA
for a number of years already." Seems to be hardly a headline - unless the
reader is an Airbus fan.
--
John T
http://sage1solutions.com/blogs/TknoFlyer
http://sage1solutions.com/products
NEW! FlyteBalance v2.0 (W&B); FlyteLog v2.0 (Logbook)
____________________
Bertie the Bunyip
> How naďve of Bowing to think that there computer is not hackable:
Maybe they can have you as their resident netkkkop then.
Bertie
Bertie the Bunyip
news:477fc69e$0$14098$9a6e...@news.newshosting.com:
> "Larry Dighera" <LDig...@att.net> wrote in message
> news:n4gvn311e83ois9ra...@4ax.com
>> How naïve of Bowing to think that there computer is not hackable:
>
> I missed the part where Boeing claimed the computers were not
> hackable,
Larry is sort of a alabama style nettkkkop.
No evidence required.
Bertie
Larry Dighera
<tknoflye...@hotmail.com> wrote in
<477fc69e$0$14098$9a6e...@news.newshosting.com>:
>"Larry Dighera" <LDig...@att.net> wrote in message
>news:n4gvn311e83ois9ra...@4ax.com
>> How naďve of Bowing to think that there computer is not hackable:
>
>I missed the part where Boeing claimed the computers were not hackable, but
>your document did reveal "Boeing has been working on the issue with the FAA
>for a number of years already." Seems to be hardly a headline - unless the
>reader is an Airbus fan.
As a professional in the computer business, you should know that there
are virtually no computer systems that are not vulnerable to security
compromise. Connecting the cabin entertainment computer system to the
flight control computer is just plane ignorant. It's akin to the
residents of Iowa choosing a candidate that rejects Darwin's theory of
evolution to lead our country. Please cite a credible reason why the
in-flight entertainment computer system can't be isolated, and not
connected to other systems aboard the aircraft. There is none.
I'm no Airbus fan, but I believe the corruption within Boeing's
management that was exposed and prosecuted during Boeing's attempt to
lease air refueling tankers to the USAF recently speaks volumes about
Bowing management's cluelessness.
Bertie the Bunyip
> On Sat, 5 Jan 2008 13:21:29 -0500, "John T"
> <tknoflye...@hotmail.com> wrote in
> <477fc69e$0$14098$9a6e...@news.newshosting.com>:
>
>>"Larry Dighera" <LDig...@att.net> wrote in message
>>news:n4gvn311e83ois9ra...@4ax.com
>>> How naïve of Bowing to think that there computer is not hackable:
>>
>>I missed the part where Boeing claimed the computers were not
>>hackable, but your document did reveal "Boeing has been working on the
>>issue with the FAA for a number of years already." Seems to be hardly
>>a headline - unless the reader is an Airbus fan.
>
> As a professional in the computer business, you should know that there
> are virtually no computer systems that are not vulnerable to security
> compromise. Connecting the cabin entertainment computer system to the
> flight control computer is just plane ignorant. It's akin to the
> residents of Iowa choosing a candidate that rejects Darwin's theory of
> evolution to lead our country. Please cite a credible reason why the
> in-flight entertainment computer system can't be isolated, and not
> connected to other systems aboard the aircraft. There is none.
>
You evaded the question, netkkkop
Bertie
John T
>
>>> How naďve of Bowing to think that there computer is not hackable:
>>
>> I missed the part where Boeing claimed the computers were not
>> hackable, but your document did reveal "Boeing has been working on
>> the issue with the FAA for a number of years already." Seems to be
>> hardly a headline - unless the reader is an Airbus fan.
>
> As a professional in the computer business, you should know that there
> are virtually no computer systems that are not vulnerable to security
> compromise.
The fact that computers are on the plane in and of itself is a "security
vulnerability" by your definition.
> Connecting the cabin entertainment computer system to the
> flight control computer is just plane ignorant.
The article you quoted had no specifics on the connections so I have no data
to judge the nature of the vulnerability. Please update us if you have those
specifics. Otherwise, you're just fanning anti-Boeing flames via ignorance.
> Please cite a credible reason why the
> in-flight entertainment computer system can't be isolated, and not
> connected to other systems aboard the aircraft. There is none.
That must be why Boeing has been working with the FAA to correct the issue.
> ...speaks volumes about
> Bowing management's cluelessness.
Pot. Kettle. Come back with facts rather than press releases and we'll have
something to discuss. Until then, you're just floundering in ignorance.
Mxsmanic
> As a professional in the computer business, you should know that there
> are virtually no computer systems that are not vulnerable to security
> compromise. Connecting the cabin entertainment computer system to the
> flight control computer is just plane ignorant.
Agreed. The only way to keep the systems separate and secure is to eliminate
all physical connections between them ... but I'm sure that Boeing will
negligently fail to do this.
At least it's no longer necessary for terrorists to try to overpower the crew.
The airplane will crash and the crew will never even know why. The suicide
bomber will be replaced by a passenger with a laptop.
> I'm no Airbus fan, but I believe the corruption within Boeing's
> management that was exposed and prosecuted during Boeing's attempt to
> lease air refueling tankers to the USAF recently speaks volumes about
> Bowing management's cluelessness.
Perhaps they are losing their edge. No company can stay on top forever.
Mxsmanic
> The fact that computers are on the plane in and of itself is a "security
> vulnerability" by your definition.
By the definitions of many, in fact, but for different reasons.
> The article you quoted had no specifics on the connections so I have no data
> to judge the nature of the vulnerability. Please update us if you have those
> specifics. Otherwise, you're just fanning anti-Boeing flames via ignorance.
If the networks have a physical connection between them, they are vulnerable.
> That must be why Boeing has been working with the FAA to correct the issue.
The FAA knows nothing about resolving this type of issue, and apparently
Boeing doesn't, either (or it doesn't want to spend the time and money to do
it right).
Bertie the Bunyip
news:fr60o31v2cld57f9g...@4ax.com:
> Larry Dighera writes:
>
>> As a professional in the computer business, you should know that
>> there are virtually no computer systems that are not vulnerable to
>> security compromise. Connecting the cabin entertainment computer
>> system to the flight control computer is just plane ignorant.
>
> Agreed. The only way to keep the systems separate and secure is to
> eliminate all physical connections between them ... but I'm sure that
> Boeing will negligently fail to do this.
No you aren;'t
>
> At least it's no longer necessary for terrorists to try to overpower
> the crew. The airplane will crash and the crew will never even know
> why. The suicide bomber will be replaced by a passenger with a
> laptop.
Yeah, right.
>
>> I'm no Airbus fan, but I believe the corruption within Boeing's
>> management that was exposed and prosecuted during Boeing's attempt to
>> lease air refueling tankers to the USAF recently speaks volumes about
>> Bowing management's cluelessness.
>
> Perhaps they are losing their edge. No company can stay on top
> forever.
Yeah, not like you would know of course, neverhaving been on top of
anything except your skid mark ridden chair.
bertie
>
Bertie the Bunyip
george
> If the networks have a physical connection between them, they are vulnerable.
Surprise for you.
Aircraft have had computer systems for quite q while now.
maybe you should complain to Microsoft for not putting redundant
systems in your toy
Phil J
> On Sat, 5 Jan 2008 13:21:29 -0500, "John T"
> <477fc69e$0$14098$9a6e1...@news.newshosting.com>:
>
> >"Larry Dighera" <LDigh...@att.net> wrote in message
> >news:n4gvn311e83ois9ra...@4ax.com
> >> How naïve of Bowing to think that there computer is not hackable:
>
> >I missed the part where Boeing claimed the computers were not hackable, but
> >your document did reveal "Boeing has been working on the issue with the FAA
> >for a number of years already." Seems to be hardly a headline - unless the
> >reader is an Airbus fan.
>
> As a professional in the computer business, you should know that there
> are virtually no computer systems that are not vulnerable to security
> compromise. Connecting the cabin entertainment computer system to the
> flight control computer is just plane ignorant. It's akin to the
> residents of Iowa choosing a candidate that rejects Darwin's theory of
> evolution to lead our country. Please cite a credible reason why the
> in-flight entertainment computer system can't be isolated, and not
> connected to other systems aboard the aircraft. There is none.
>
> I'm no Airbus fan, but I believe the corruption within Boeing's
> management that was exposed and prosecuted during Boeing's attempt to
> lease air refueling tankers to the USAF recently speaks volumes about
> Bowing management's cluelessness.
Based on the article, it sounds like the passenger system and the
aircraft control system share some network infrastructure. I'm sure
they will place firewalls between them, but I think it would be a lot
safer to physically separate them. Of course that would probably cost
more money and add complexity. But if I was a pilot of a 787, I
wouldn't want even the ghost of a chance for a passenger to get access
the flight control systems.
BTW, I'm not an Airbus fan. I support Boeing since they are an
American company. But I am a computer geek and I don't really trust
network firewalls to be unhackable.
Phil
Larry Dighera
<tknoflye...@hotmail.com> wrote in
<477fd8f9$0$14104$9a6e...@news.newshosting.com>:
>The fact that computers are on the plane in and of itself is a "security
>vulnerability" by your definition.
No. I said:
Connecting the cabin entertainment computer system to the
flight control computer is just plane ignorant.
But your decision not to respond to that belies the insincerity of
your followup response.
Larry Dighera
<pjac...@comcast.net> wrote in
<0af28330-bd04-4505...@p69g2000hsa.googlegroups.com>:
>Based on the article, it sounds like the passenger system and the
>aircraft control system share some network infrastructure. I'm sure
>they will place firewalls between them, but I think it would be a lot
>safer to physically separate them. Of course that would probably cost
>more money and add complexity. But if I was a pilot of a 787, I
>wouldn't want even the ghost of a chance for a passenger to get access
>the flight control systems.
>
What could be the possible motivation be for Boeing to mingle the
cabin computer system accessible by the passengers with the aircraft
control system computer? I fail to understand why their connection is
such an issue, that Boeing would consider doing it, let alone fight
the FAA over it. How could it possibly be justified?
>BTW, I'm not an Airbus fan. I support Boeing since they are an
>American company.
Our country would be far better off if its consumers all felt the way
you do, but because they don't, it's becoming more and more difficult
to even find American made products in the marketplace. And the US
need for foreign petroleum in particular should never have been
permitted to occur. As it is, the US transfer of wealth to the
mid-east is financing those who plot against us. What were our
leaders thinking?
>But I am a computer geek and I don't really trust
>network firewalls to be unhackable.
Because it's likely the cabin entertainment computer is physically
access able from the cabin, it's even more vulnerable to attack.
Bertie the Bunyip
This from the peson who is the embodiment of disingenuous.
Bertie
Bob Noel
Larry Dighera <LDig...@att.net> wrote:
> How naďve of Bowing to think that there computer is not hackable:
>
>
> http://www.wired.com/politics/security/news/2008/01/dreamliner_security
> Boeing's new 787 Dreamliner passenger jet may have a serious
> security vulnerability in its onboard computer networks that could
> allow passengers to access the plane's control systems, according
> to the U.S. Federal Aviation Administration. The computer network
> in the Dreamliner's passenger compartment, designed to give
> passengers in-flight internet access, is connected to the plane's
> control, navigation and communication systems, an FAA report
> reveals...
>
> According to the FAA document
>
> <http://frwebgate6.access.gpo.gov/cgi-bin/waisgate.cgi?WAISdocID=486816490816+
> 0+0+0&WAISaction=retrieve>
> published in the Federal Register (mirrored at Cryptome.org
> <http://cryptome.org/faa010208.htm>), the vulnerability exists
> because the plane's computer systems connect the passenger network
> with the flight-safety, control and navigation network. It also
> connects to the airline's business and administrative-support
> network, which communicates maintenance issues to ground crews...
Notice that the Special Condition published in the 13 April 2007 Federal
Register (and later on 2 Jan 2008) adds the following requirement
for the 787 Type Certificate:
"The design shall prevent all inadvertent or malicious changes
to, and all adverse impacts upon, all systems, networks, hardware,
software, and data in the Aircraft Control Domain and in the Airline
Information Domain from all points within the Passenger Information
and Entertainment Domain."
If complied with, why complain?
of course, several questions come to mind:
1) Exactly what is the extent of the connection (physical and logical) between
cabin systems and cockpit systems? Unfortunately, the specifics are likely
to be considered proprietary and not in the public domain.
2) Why have any connection at all? I don't know if Boeing has publically stated
why, but allow me to posit that perhaps Boeing engineers believed that airlines
needed a means to monitor non-criticals systems and send aircraft status
information to their airline operations centers. There are architectures and
boundary control devices that tightly control the flow and format of information
across network boundaries.
I can envision architectures that would provide adequate protection. They
exist today in the security/classified domains. I'm interested in knowing why
Boeing would want to go through the pain of implementing such architectures
and educating their engineers, DERs, and ATO folks.
btw - I don't think Boeing is dumb enough to think that computers are not
hackable, even Boeing management, and maybe even Boeing lawyers (ok,
maybe the lawyers are dumb enough).
--
Bob Noel
(goodness, please trim replies!!!)
Mxsmanic
> Surprise for you.
> Aircraft have had computer systems for quite q while now.
But they haven't been accessible to passengers up to now. With everything on
the same network, anyone could hack into the control network from the
passenger network. That's what is alarming in this case. It would have been
much easier and safer to just install two physically independent networks.
Mxsmanic
> What could be the possible motivation be for Boeing to mingle the
> cabin computer system accessible by the passengers with the aircraft
> control system computer?
Lower cost. One cable instead of two, etc. It also makes it possible to
install more bells and whistles on the software side, although this also makes
the system vastly more vulnerable.
> I fail to understand why their connection is
> such an issue, that Boeing would consider doing it, let alone fight
> the FAA over it. How could it possibly be justified?
It's cheaper. And the FAA really knows nothing about the risks of such
systems, so it's likely to eventually get by.
> Our country would be far better off if its consumers all felt the way
> you do, but because they don't, it's becoming more and more difficult
> to even find American made products in the marketplace. And the US
> need for foreign petroleum in particular should never have been
> permitted to occur. As it is, the US transfer of wealth to the
> mid-east is financing those who plot against us. What were our
> leaders thinking?
"How can I stay in power?"
The same thing that all leaders think.
> Because it's likely the cabin entertainment computer is physically
> access able from the cabin, it's even more vulnerable to attack.
Messing up the program of movies is no big deal, but when someone hacks into
the flight control computers, there's a problem.
Mxsmanic
> Notice that the Special Condition published in the 13 April 2007 Federal
> Register (and later on 2 Jan 2008) adds the following requirement
> for the 787 Type Certificate:
>
> "The design shall prevent all inadvertent or malicious changes
> to, and all adverse impacts upon, all systems, networks, hardware,
> software, and data in the Aircraft Control Domain and in the Airline
> Information Domain from all points within the Passenger Information
> and Entertainment Domain."
>
> If complied with, why complain?
How do you verify compliance with something that vague?
> 1) Exactly what is the extent of the connection (physical and logical) between
> cabin systems and cockpit systems? Unfortunately, the specifics are likely
> to be considered proprietary and not in the public domain.
If the wires touch, they need to be separated.
> 2) Why have any connection at all?
Because it's cheaper to do everything with one network than it is to do it
with two.
> I don't know if Boeing has publically stated
> why, but allow me to posit that perhaps Boeing engineers believed that airlines
> needed a means to monitor non-criticals systems and send aircraft status
> information to their airline operations centers. There are architectures and
> boundary control devices that tightly control the flow and format of information
> across network boundaries.
I don't give them that much credit. They just wanted to save money.
Keep in mind that the engineers in this case probably know very little about
computers, networks, and security, and a lot about building airplanes. They
will reinvent the wheel and make all the mistakes that the IT profession fixed
long ago, possibly with very unpleasant results. It happens regularly when
any industry abruptly starts to pile computers into their products.
> I can envision architectures that would provide adequate protection.
Yes, but you can be sure that Boeing engineers know nothing about them.
> They exist today in the security/classified domains. I'm interested
> in knowing why Boeing would want to go through the pain of implementing
> such architectures and educating their engineers, DERs, and ATO folks.
Who said they educated anyone? They may not even have designed that part of
the aircraft.
> btw - I don't think Boeing is dumb enough to think that computers are not
> hackable, even Boeing management, and maybe even Boeing lawyers (ok,
> maybe the lawyers are dumb enough).
I think they might be.
Would you fly a plane designed by Microsoft?
Bertie the Bunyip
news:ivl1o395agkhmvh11...@4ax.com:
> I think they might be.
>
> Would you fly a plane designed by Microsoft?
Nope, microsoft don't design airplanes, fjukkwit.
Bertie
>
John T
> No. I said:
>
> Connecting the cabin entertainment computer system to the
> flight control computer is just plane ignorant.
>
> But your decision not to respond to that belies the insincerity of
> your followup response.
I did. You just didn't like it.
Bertie the Bunyip
news:pml1o39ta2h5j6sfl...@4ax.com:
> george writes:
>
>> Surprise for you.
>> Aircraft have had computer systems for quite q while now.
>
> But they haven't been accessible to passengers up to now.
Wrong again
Bertie
Bertie the Bunyip
Larry Dighera
<ihates...@netscape.com.invalid> wrote in
<ihatessppaamm-03B...@news.isp.giganews.com>:
>
>Notice that the Special Condition published in the 13 April 2007 Federal
>Register (and later on 2 Jan 2008) adds the following requirement
>for the 787 Type Certificate:
>
>"The design shall prevent all inadvertent or malicious changes
>to, and all adverse impacts upon, all systems, networks, hardware,
>software, and data in the Aircraft Control Domain and in the Airline
>Information Domain from all points within the Passenger Information
>and Entertainment Domain."
>
>If complied with, why complain?
Apparently Boeing is not currently in compliance, hence the conflict
with FAA over certification of the Dreamliner.
Phil J
wrote:
>
> Notice that the Special Condition published in the 13 April 2007 Federal
> Register (and later on 2 Jan 2008) adds the following requirement
> for the 787 Type Certificate:
>
> "The design shall prevent all inadvertent or malicious changes
> to, and all adverse impacts upon, all systems, networks, hardware,
> software, and data in the Aircraft Control Domain and in the Airline
> Information Domain from all points within the Passenger Information
> and Entertainment Domain."
>
> If complied with, why complain?
>
> Bob Noel
If they can safely accomplish this, that's great. I hope they do.
But just because the FAA writes a regulation saying it should be
foolproof, that doesn't mean it will be.
Phil
ji...@specsol.spam.sux.com
> Bob Noel writes:
> > Notice that the Special Condition published in the 13 April 2007 Federal
> > Register (and later on 2 Jan 2008) adds the following requirement
> > for the 787 Type Certificate:
> >
> > "The design shall prevent all inadvertent or malicious changes
> > to, and all adverse impacts upon, all systems, networks, hardware,
> > software, and data in the Aircraft Control Domain and in the Airline
> > Information Domain from all points within the Passenger Information
> > and Entertainment Domain."
> >
> > If complied with, why complain?
> How do you verify compliance with something that vague?
The requirement is not unique nor vague to those that do it for a
living; you know, a job, something you may have heard about but
never experienced.
You hire any number of companies who have been doing this for decades.
<snip ignorant babble>
--
Jim Pennino
Remove .spam.sux to reply.
John Mazor
"Mxsmanic" <mxsm...@gmail.com> wrote in message
news:ivl1o395agkhmvh11...@4ax.com...
> Would you fly a plane designed by Microsoft?
The R.A.P. Irony-O-Meter just pegged over to the stop.
Bob Noel
Martin Hotze
> Mxsmanic <mxsm...@gmail.com> wrote:
(...)
> <snip ignorant babble>
Wouldn't it be a good idea to save your time on answering him? It leads
to nothing than more stupid posts from MX.
#m
Bertie the Bunyip
ji...@specsol.spam.sux.com
No matter what anyone does, he will continue to make stupid posts.
There are two major schools of thought as to what the rest of the rational
world can do:
1. Totally ignore him to reduce the wasted bandwidth, but there will
also allways be someone who will respond whether it is because they
are new or because he particularly ticks someone off.
2. Respond to the extent that it corrects his usually incorrect and
sometimes dangerous postings least someone who doesn't know the
source actually believes what he says.
As for the time it takes, I seldom open a USENET window unless I'm
waiting for something else, e.g. a long compile or a data gathering
session to complete, so it is either that or play pocket pool.
Mike Noel
'foolproof', there always seems to be some unanticipated vulnerability a
bright, driven hacker could exploit. Also, software and hardware is
periodically fixed and improved. It is the nature of such complex systems
that later generations of developers will not completely understand the
built-in safeguards and may make the system more vulnerable.
Not allowing data to flow between the two systems is the safe way to avoid
later problems.
--
Best Regards,
Mike
http://photoshow.comcast.net/mikenoel
"Phil J" <pjac...@comcast.net> wrote in message
news:f56bb2a2-f0b2-4037...@f47g2000hsd.googlegroups.com...
Larry Dighera
<ihates...@netscape.com.invalid> wrote in
<ihatessppaamm-B6B...@news.isp.giganews.com>:
>> Apparently Boeing is not currently in compliance, hence the conflict
>> with FAA over certification of the Dreamliner.
>
>What conflict?
http://www.wired.com/politics/security/news/2008/01/dreamliner_security
Bertie the Bunyip
Wow, you even think like a policeman.
Bertie
Gerry Caron
"Bob Noel" <ihates...@netscape.com.invalid> wrote in message
news:ihatessppaamm-B6B...@news.isp.giganews.com...
There is no conflict. And since Boeing has not submitted an application for
a TC yet, there is way to determine if the design is in compliance. Since
no applicant (Boeing, in this case) wants to find out there is a problem at
the last minute, they have ongoing discussions with the ACO. The Special
Condition is a quick way the FAA can set a standard for a design.
When an applicant submits for a TC, the FAA has to make a determination if
that design is compliant with the rules (14 CFR Part 25 for air transports).
Often, when the design has something new and novel, there just isn't a rule
to address the issues associated with the new design, so the FAA makes up a
new "rule" and calls it a "Special Condition". If they actually wanted to
make it a rule, it would have to go thru the whole rule making process.
(Technically 14 CFR 25.1309 pretty much covers anything you can propose, but
it is very general and subject to interpretation. So the Special Condition
is used to eliminate any ambiguities in the FAA's position.) Special
Conditions normally end up being incorporated into a new rule sometime later
during a general update to Part 25.
From my experience working on the 787, I'd put this issue way down on the
list of challenges Boeing has to deal with.
Gerry
Bob Noel
Larry Dighera <LDig...@att.net> wrote:
Larry, I don't see a conflict there between the FAA and Boeing.
Bob Noel
> There are two major schools of thought as to what the rest of the rational
> world can do:
>
> 1. Totally ignore him to reduce the wasted bandwidth, but there will
> also allways be someone who will respond whether it is because they
> are new or because he particularly ticks someone off.
Either you totally ignore him or you don't. You can't have it both ways.
>
> 2. Respond to the extent that it corrects his usually incorrect and
> sometimes dangerous postings least someone who doesn't know the
> source actually believes what he says.
and thereby feeding the troll
The only way to deal with a troll is completely ignoring it.
John T
news:47815462$0$28861$4c36...@roadrunner.com
>
> From my experience working on the 787, I'd put this issue way down on
> the list of challenges Boeing has to deal with.
Sounded like it from the release. But it's still fodder for anti-Boeing/787
or pro-Airbus folks to play with.
Larry Dighera
<gca...@cfl.NOSPAM.rr.com> wrote in
<47815462$0$28861$4c36...@roadrunner.com>:
>When an applicant submits for a TC, the FAA has to make a determination if
>that design is compliant with the rules (14 CFR Part 25 for air transports).
>Often, when the design has something new and novel, there just isn't a rule
>to address the issues associated with the new design, so the FAA makes up a
>new "rule" and calls it a "Special Condition". If they actually wanted to
>make it a rule, it would have to go thru the whole rule making process.
>(Technically 14 CFR 25.1309 pretty much covers anything you can propose, but
>it is very general and subject to interpretation. So the Special Condition
>is used to eliminate any ambiguities in the FAA's position.) Special
>Conditions normally end up being incorporated into a new rule sometime later
>during a general update to Part 25.
>
>From my experience working on the 787, I'd put this issue way down on the
>list of challenges Boeing has to deal with.
You mean like this:
--------------------------------------------------------------------------------
3 January 2008
--------------------------------------------------------------------------------
[Federal Register: January 2, 2008 (Volume 73, Number 1)]
[Rules and Regulations]
[Page 27-29]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr02ja08-5]
[[Page 27]]
-----------------------------------------------------------------------
DEPARTMENT OF TRANSPORTATION
Federal Aviation Administration
14 CFR Part 25
[Docket No. NM364 Special Conditions No. 25-356-SC]
Special Conditions: Boeing Model 787-8 Airplane; Systems and Data
Networks Security--Isolation or Protection From Unauthorized Passenger
Domain Systems Access
AGENCY: Federal Aviation Administration (FAA), DOT.
ACTION: Final special conditions.
-----------------------------------------------------------------------
SUMMARY: These special conditions are issued for the Boeing Model
787-8
airplane. This airplane will have novel or unusual design features
when
compared to the state of technology envisioned in the airworthiness
standards for transport category airplanes. These novel or unusual
design features are associated with connectivity of the passenger
domain computer systems to the airplane critical systems and data
networks. For these design features, the applicable airworthiness
regulations do not contain adequate or appropriate safety standards
for
protection and security of airplane systems and data networks against
unauthorized access. These special conditions contain the additional
safety standards that the Administrator considers necessary to
establish a level of safety equivalent to that established by the
existing standards. Additional special conditions will be issued for
other novel or unusual design features of the Boeing Model 787-8
airplanes.
DATES: Effective Date: February 1, 2008.
FOR FURTHER INFORMATION CONTACT: Will Struck, FAA, Airplane and Flight
Crew Interface, ANM-111, Transport Airplane Directorate, Aircraft
Certification Service, 1601 Lind Avenue SW., Renton, Washington 98057-
3356; telephone (425) 227-2764; facsimile (425) 227-1149.
SUPPLEMENTARY INFORMATION:
Background
On March 28, 2003, Boeing applied for an FAA type certificate for
its new Boeing Model 787-8 passenger airplane. The Boeing Model 787-8
airplane will be an all-new, two-engine jet transport airplane with a
two-aisle cabin. The maximum takeoff weight will be 476,000 pounds,
with a maximum passenger count of 381 passengers.
Type Certification Basis
Under provisions of 14 Code of Federal Regulations (CFR) 21.17,
Boeing must show that Boeing Model 787-8 airplanes (hereafter referred
to as ``the 787'') meet the applicable provisions of 14 CFR part 25,
as
amended by Amendments 25-1 through 25-117, except Sec. Sec. 25.809(a)
and 25.812, which will remain at Amendment 25-115. If the
Administrator
finds that the applicable airworthiness regulations do not contain
adequate or appropriate safety standards for the 787 because of a
novel
or unusual design feature, special conditions are prescribed under
provisions of 14 CFR 21.16.
In addition to the applicable airworthiness regulations and
special
conditions, the 787 must comply with the fuel vent and exhaust
emission
requirements of 14 CFR part 34 and the noise certification
requirements
of part 36. The FAA must also issue a finding of regulatory adequacy
pursuant to section 611 of Public Law 92-574, the ``Noise Control Act
of 1972.''
The FAA issues special conditions, as defined in Sec. 11.19,
under
Sec. 11.38, and they become part of the type certification basis
under
Sec. 21.17(a)(2).
Special conditions are initially applicable to the model for which
they are issued. Should the type certificate for that model be amended
later to include any other model that incorporates the same or similar
novel or unusual design feature, the special conditions would also
apply to the other model under Sec. 21.101.
Novel or Unusual Design Features
The digital systems architecture for the 787 consists of several
networks connected by electronics and embedded software. This proposed
network architecture is used for a diverse set of functions, including
the following:
1. Flight-safety-related control and navigation and required
systems (Aircraft Control Domain).
2. Airline business and administrative support (Airline
Information
Domain).
3. Passenger entertainment, information, and Internet services
(Passenger Information and Entertainment Domain).
The proposed architecture of the 787 is different from that of
existing production (and retrofitted) airplanes. It allows new kinds
of
passenger connectivity to previously isolated data networks connected
to systems that perform functions required for the safe operation of
the airplane. Because of this new passenger connectivity, the proposed
data network design and integration may result in security
vulnerabilities from intentional or unintentional corruption of data
and systems critical to the safety and maintenance of the airplane.
The
existing regulations and guidance material did not anticipate this
type
of system architecture or electronic access to aircraft systems that
provide flight critical functions. Furthermore, 14 CFR regulations and
current system safety assessment policy and techniques do not address
potential security vulnerabilities that could be caused by
unauthorized
access to aircraft data buses and servers. Therefore, special
conditions are imposed to ensure that security, integrity, and
availability of the aircraft systems and data networks are not
compromised by certain wired or wireless electronic connections
between
airplane data buses and networks.
Discussion of Comments
Notice of Proposed Special Conditions No. 25-07-01-SC for the 787
was published in the Federal Register on April 13, 2007 (72 FR 18597).
One comment was received from the Air Line Pilots Association,
International (ALPA) and several from Airbus.
ALPA Comment: ALPA strongly recommended that a backup
means must also be provided for the flightcrew to disable passengers'
ability to connect to these specific systems.
FAA Response: These special conditions apply to the design of
airplane systems and networks, and would not preclude a security
mitigation strategy that provides a means for the flightcrew to
disable
passenger connectivity to the networks or to disable access to
specific
systems connected to the airplane networks. However, the FAA would
prefer not to dictate specific design features to the applicant but
rather to allow applicants the flexibility to determine the
appropriate
security protections and means to address all potential
vulnerabilities
and risks posed by allowing this access. For example, the security
protection response to a suspected network security violation could
result in--
The system automatically disabling passenger access to the
network or certain functions,
Flight deck annunciation and flightcrew disabling of
passenger access to certain systems or capabilities, or
Various combinations of the above.
AIRBUS General Comment 1: In Airbus's opinion these
special conditions leave too much room for interpretation, and related
guidance and acceptable means of compliance should be developed in an
advisory circular for use by future applicants.
FAA Response: We agree that guidance is necessary and specific,
detailed compliance guidelines and
[[Page 28]]
criteria have been developed for this aircraft certification program,
specific to this airplane's network architecture and design, providing
initial guidance on an acceptable means of compliance for the 787.
Additionally, the FAA intends to participate in an industry committee
chartered with developing acceptable means of compliance to address
aircraft network security issues, and hopes to endorse the results of
the work of that committee by issuing an advisory circular (AC). Until
such time as guidance is developed for a general means of compliance
for network security protection, these special conditions and the
agreed-to guidance are imposed on this specific network architecture
and design.
AIRBUS Comment (a): Airbus stated that the requirement in
the proposed special conditions is not ``high level'' enough because
it
considers a solution or an architecture. Airbus believes that criteria
or assumptions for defining the domains are missing (for example,
systems criticality, interfaces, rationale for the need to protect one
domain from another one, trust levels * * *). The commenter maintained
that the Aircraft Control Domain (ACD), Airline Information Domain
(AID) and Passenger Information and Entertainment Domain (PIED) need
to
be precisely defined.
FAA Response: We do not agree that the requirement in the proposed
special conditions prescribes a solution or an architecture. These
special conditions and the acceptable means of compliance were
developed based on the Boeing-proposed 787 network architecture and
connectivity between the Passenger Information and Entertainment
Domain
and the Aircraft Control Domain and Airline Information Domain. The
applicant is responsible for the design of the airplane network and
systems architecture and for ensuring that potential security
vulnerabilities of providing passenger access to airplane networks and
systems are mitigated to an appropriate level of assurance, depending
on the potential risk to the airplane and occupant safety. This
responsibility is similar to that entailed in the current system
safety
assessment process of 14 CFR 25.1309. (See also AC 25.1309-1A and the
ARAC-recommended Arsenal version of this AC, which can be found at
http://www.faa.gov/regulations_policies/rulemaking/committees/arac/media/tae/TAE_SDA_T2.pdf
, and SAE (Society of Automotive Engineers)
ARP (Aerospace Recommended Practice) 4754). We believe the general
definitions for the airplane network ``domains'' are sufficient for
these special conditions.
AIRBUS Comment (b): Airbus stated that in the sentence
``The design shall prevent all inadvertent or malicious changes to,
and
all adverse impacts * * *'', the wording ``shall prevent ALL'' can be
interpreted as a zero allowance. According to the commenter,
demonstration of compliance with such a requirement during the entire
life cycle of the aircraft is quite impossible because security
threats
evolve very rapidly. The only possible solution to such a requirement
would be to physically segregate the Passenger Information and
Entertainment Domain from the other domains. This would mean, for
example, no shared resources like SATCOM (satellite communications),
and no network connections. Airbus maintained that such a solution is
not technically and operationally viable, saying that a minimum of
communications is always necessary. Airbus preferred a less
categorical
requirement which allows more flexibility and does not prevent
possible
residual vulnerabilities if they are assessed as acceptable from a
safety point of view. Airbus said this security assessment could be
based on a security risk analysis process during the design,
validation, and verification of the systems architecture that assesses
risks as either acceptable or requiring mitigations even through
operational procedures if necessary. Airbus noted that this process,
based on similarities with the SAE ARP 4754 safety process, is already
proposed by the European Organization for Civil Aviation Equipment
(EUROCAE) Working Group 72 for consideration of safety risks posed by
security threats or by the FAA through the document ``National
Airspace
System Communication System Safety Hazard Analysis and Security Threat
Analysis,'' version v1.0, dated Feb. 21, 2006. Airbus said such a
security risk analysis process could be used as an acceptable means of
compliance addressed by an advisory circular.
FAA Response: We agree that Airbus's interpretation of zero
allowance for any ``inadvertent or malicious changes to, and all
adverse impacts'' to airplane systems, networks, hardware, software,
and data is correct. However, this does not prevent allowing
appropriate access if the design incorporates robust security
protection means and procedures to prevent inadvertent and intentional
actions that could adversely impact airplane systems, functionality,
and airworthiness. Airbus commented that ``a minimum of communications
is always necessary.'' Unauthorized users, however, must not be
allowed
communication access to aircraft systems and equipment in such a way
that inadvertent or intentional actions can have any adverse impact on
the aircraft systems, equipment, and data. Technology exists which
allows sharing of resources without allowing unauthorized access and
inappropriate actions to systems and data. As previously mentioned,
detailed compliance guidelines and criteria, specific to the 787
network architecture, have been developed into an acceptable means of
compliance for this airplane certification program. In addition, we
intend to participate in future related industry committees (such as
SAE S-18, which is currently revising ARP 4754, EUROCAE Working Group
72, and RTCA (RTCA, Incorporated; formerly Radio Technical Commission
for Aeronautics) Special Committee 216). These groups will be
developing additional aircraft network security guidance, and we hope
to be able to endorse the results of their efforts as an acceptable
means of compliance for network security issues on future aircraft
certification programs.
AIRBUS Comment (c): Airbus said that this requirement is
limited to the design (``The design shall prevent all inadvertent or
malicious changes * * * ''), but security solutions are always
dependent on organizational procedures. Airbus said that because the
efficiency of a security solution relies on the weakest link in the
overall chain (design, operations, organizations, processes, * * *),
the robustness of the design may be impaired (by, for instance, cabin
crew interfaces being used by unauthorized passengers) if equivalent
security requirements are not mandated for other involved parties, as,
for example, through an operational or maintenance approval.
FAA Response: The applicant is responsible for developing a design
compliant with these special conditions and other applicable
regulations. The design may include specific technology and
architecture features, as well as operator requirements, operational
procedures and security measures, and maintenance procedures and
requirements, to ensure an appropriate implementation that can be
properly used and maintained to ensure safe operations and continued
operational safety. These special conditions do not preclude
organizational, process, operational, monitoring, or maintenance
procedures and requirements from being part of the design to ensure
security protection. As with other aircraft models, the operator is
obligated to
[[Page 29]]
operate and maintain the aircraft in conformance with regulations and
with requirements for operation and maintenance of the product.
AIRBUS Comment (d): Airbus noted that the special
conditions consider only interference between the Passenger
Information
and Entertainment Domain (PIED) and the Airline Information Domain or
Aircraft Control Domain. It notes there is no requirement for
protecting the Aircraft Control Domain from the Airline Information
Domain, if this one is considered less trusted than the Aircraft
Control Domain. As an example, it said that the Airline Information
Domain could implement portable electronic flight bags.
FAA Response: These special conditions address only the interfaces
between the passenger domain (PIED) and other aircraft systems and
networks. Other interfaces and accesses are addressed by current
regulations and policy, and by another proposed special conditions.
AIRBUS Comment (e): Airbus said that, depending on the
meaning of ``unauthorized external access,'' these special conditions
may be redundant to proposed special conditions 25-07-02-SC (see
comment ``b'' about 25-07-02-SC).
FAA Response: These special conditions are not redundant. The
passenger PIED and its security implementation are part of the
airplane
model and type design, and are not considered ``external'' to the
aircraft. In reviewing the Boeing-proposed 787 network architecture
and
design during development of these special conditions, we determined
the need for two separate special conditions. To ensure appropriate
security protection of the aircraft and its systems, one special
condition was needed for access from the passenger domain, and one for
access from sources external to the airplane.
AIRBUS proposed text revision: Airbus proposed the
following revised wording for these special conditions.
The applicant shall ensure that security threats from all points
within the Passenger Information and Entertainment Domain, are
identified and risk mitigation strategies are implemented to protect
the Aircraft Control Domain and Airline Information Services Domain
from adverse impacts reducing the aircraft safety.
FAA Response: As noted previously, the purpose of these special
conditions is to ensure security protection from all inadvertent or
malicious changes to, and all adverse impacts to, airplane systems,
networks, hardware, software, and data from accesses through the
passenger domain. We do not believe the commenter's proposal is
specific enough to achieve this purpose, and we will retain the
current
wording.
Applicability
As discussed above, these special conditions are applicable to the
787. Should Boeing apply at a later date for a change to the type
certificate to include another model on the same type certificate
incorporating the same novel or unusual design features, these special
conditions would apply to that model as well.
Conclusion
This action affects only certain novel or unusual design features
of the 787. It is not a rule of general applicability.
List of Subjects in 14 CFR Part 25
Aircraft, Aviation safety, Reporting and recordkeeping
requirements.
0
The authority citation for these special conditions is as follows:
Authority: 49 U.S.C. 106(g), 40113, 44701, 44702, 44704.
The Special Conditions
Accordingly, pursuant to the authority delegated to me by the
Administrator, the following special conditions are issued as part of
the type certification basis for the Boeing Model 787-8 airplane.
The design shall prevent all inadvertent or malicious changes
to, and all adverse impacts upon, all systems, networks, hardware,
software, and data in the Aircraft Control Domain and in the Airline
Information Domain from all points within the Passenger Information
and Entertainment Domain.
Issued in Renton, Washington, on December 21, 2007.
Ali Bahrami,
Manager, Transport Airplane Directorate, Aircraft Certification
Service.
[FR Doc. E7-25467 Filed 12-31-07; 8:45 am]
BILLING CODE 4910-13-P
Larry Dighera
<ihates...@netscape.com.invalid> wrote in
<ihatessppaamm-8ED...@news.isp.giganews.com>:
If the FAA is pointing out a potential vulnerability in Boeing's
design, what would you call it?
Bertie the Bunyip
Constructive criticsm.
But of course, I have a brain, so that;'s just me.
Bertie
Bertie the Bunyip
There are always other options.
Bertie
Bertie the Bunyip
> a/tae/TAE_SDA_T2.pdf , and SAE (Society of Automotive Engineers)
Wow, you're not a netkkop.
You're worse. You're a netlawyer.
Bertie
george
> george writes:
> > Surprise for you.
> > Aircraft have had computer systems for quite q while now.
>
> the same network, anyone could hack into the control network from the
> passenger network. That's what is alarming in this case. It would have been
> much easier and safer to just install two physically independent networks.
To 'hack' into a system you have to have an input device like a
keyboard.
A touch screen that allows you to select a film channel, audio channel
or Air phone is scarcely going to go any further than that !
I built networks.
In one building the server ran an Office network, a Student network
and our Tech network.
We could see everything on the other networks.
The students could only see their own network.
The Office staff could only see their own network.
It would appear that your knowledge of computers and IT is right up
there with your knowledge of aviation !
ji...@specsol.spam.sux.com
> On Jan 7, 2:26 am, Mxsmanic <mxsma...@gmail.com> wrote:
> > george writes:
> > > Surprise for you.
> > > Aircraft have had computer systems for quite q while now.
> >
> > But they haven't been accessible to passengers up to now. With everything on
> > the same network, anyone could hack into the control network from the
> > passenger network. That's what is alarming in this case. It would have been
> > much easier and safer to just install two physically independent networks.
> To 'hack' into a system you have to have an input device like a
> keyboard.
> A touch screen that allows you to select a film channel, audio channel
> or Air phone is scarcely going to go any further than that !
Maybe.
My bank's ATMS have touch screens.
One day recently I walked up to them and one clearly had a Microsoft
BSOD.
I didn't try to hack in, but someone might.
Whether or not they are successful depends on how well the system
was designed.
> I built networks.
> In one building the server ran an Office network, a Student network
> and our Tech network.
> We could see everything on the other networks.
> The students could only see their own network.
> The Office staff could only see their own network.
Yes, such is quite common in the real world.
> It would appear that your knowledge of computers and IT is right up
> there with your knowledge of aviation !
Is that surprising?
ji...@specsol.spam.sux.com
> In article <vbp755-...@mail.specsol.com>, ji...@specsol.spam.sux.com wrote:
> > There are two major schools of thought as to what the rest of the rational
> > world can do:
> >
> > 1. Totally ignore him to reduce the wasted bandwidth, but there will
> > also allways be someone who will respond whether it is because they
> > are new or because he particularly ticks someone off.
> Either you totally ignore him or you don't. You can't have it both ways.
Non sequitur.
As I said, an individual may ignore him, but there will allways be someone
who will respond.
> > 2. Respond to the extent that it corrects his usually incorrect and
> > sometimes dangerous postings least someone who doesn't know the
> > source actually believes what he says.
> and thereby feeding the troll
> The only way to deal with a troll is completely ignoring it.
Won't happen in the real world.
The only thing that bothers me with those that resond is those that
quote 347 lines to add one or two lines; if you are going to respond,
snip for christ's sake.
Bertie the Bunyip
Some Other Guy
> To 'hack' into a system you have to have an input device like a
> keyboard.
> A touch screen that allows you to select a film channel, audio channel
> or Air phone is scarcely going to go any further than that !
> I built networks.
> In one building the server ran an Office network, a Student network
> and our Tech network.
> We could see everything on the other networks.
> The students could only see their own network.
> The Office staff could only see their own network.
So you have hundreds of passenger devices on the network. Due to a bug, one
or many may malfunction and cause a packet storm, either bringing down the
network or causing unacceptable latency. High latency can cause autopilot
oscillation and loss of control. Oops.
You do NOT put noncritical devices on the same physical network as critical
ones. You just don't. You don't even bridge them together, because
problems on one side of the bridge might crash the bridge itself, affecting
the critical network.
Mxsmanic
> To 'hack' into a system you have to have an input device like a
> keyboard.
The passengers will have laptops.
> It would appear that your knowledge of computers and IT is right up
> there with your knowledge of aviation !
I note that there's often a reverse relationship between self-confidence and
quick answers and experience.
Mxsmanic
> The R.A.P. Irony-O-Meter just pegged over to the stop.
Why?
Bertie the Bunyip
news:3003o3lkjnsnj71ub...@4ax.com:
Do you even feel it when you walk straight into a wall?
Bertie
Bertie the Bunyip
news:s403o3drlsm8s4qq0...@4ax.com:
> John Mazor writes:
>
>> The R.A.P. Irony-O-Meter just pegged over to the stop.
>
> Why?
>
There it goes again.
Bertie
Bob Noel
Larry Dighera <LDig...@att.net> wrote:
> >> http://www.wired.com/politics/security/news/2008/01/dreamliner_security
> >> Boeing's new 787 Dreamliner passenger jet may have a serious
> >> security vulnerability in its onboard computer networks that could
> >> allow passengers to access the plane's control systems, according
> >> to the U.S. Federal Aviation Administration.
> >
> >Larry, I don't see a conflict there between the FAA and Boeing.
>
> If the FAA is pointing out a potential vulnerability in Boeing's
> design, what would you call it?
Where is the FAA pointing out a potential vulnerability?
The special condition is intended to address an area where
the FAA certification requirements don't quite cover.
John T
news:9h8855-...@mail.specsol.com
>
> My bank's ATMS have touch screens.
>
> One day recently I walked up to them and one clearly had a Microsoft
> BSOD.
>
> I didn't try to hack in, but someone might.
I recently saw a similar error displayed on a parking garage ticket
dispenser.
What input device would the would-be hacker use? Was there a touch-screen
keyboard available? Some other input device accessible?
"Someone might" try hacking *any* system. A computer's mere existence is
enough of a challenge for some folks. Are you suggesting that the ATM should
not be "connected" to another system because it represents a security
vulnerability (which was the premise that started this thread)?
John Mazor
"Mxsmanic" <mxsm...@gmail.com> wrote in message
news:s403o3drlsm8s4qq0...@4ax.com...
> John Mazor writes:
>
>> The R.A.P. Irony-O-Meter just pegged over to the stop.
>
> Why?
Why not?
george
> george writes:
> > To 'hack' into a system you have to have an input device like a
> > keyboard.
>
> The passengers will have laptops.
Like hell they will look up the regs.
no plug or radio link no contact.
george
> So you have hundreds of passenger devices on the network. Due to a bug, one
> or many may malfunction and cause a packet storm, either bringing down the
> network or causing unacceptable latency. High latency can cause autopilot
> oscillation and loss of control. Oops.
We are talking about the flight systems of an aircraft with, as I
suspect you're aware, two pilots who are there and are trained for
such an eventuality.
Autopilots falling over or going awry for a time are not unknown.
As a bye most ISPs handle hundreds, thousands and sometimes hundreds
of thousands of contacts per minute without falling over.
500 passengers wanting to watch the same movie isn't going to crash
the system
Larry Dighera
<ihates...@netscape.com.invalid> wrote in
<ihatessppaamm-9B9...@news.isp.giganews.com>:
>In article <52n2o3pnn5hb4l6kb...@4ax.com>,
> Larry Dighera <LDig...@att.net> wrote:
>
>> >> http://www.wired.com/politics/security/news/2008/01/dreamliner_security
>> >> Boeing's new 787 Dreamliner passenger jet may have a serious
>> >> security vulnerability in its onboard computer networks that could
>> >> allow passengers to access the plane's control systems, according
>> >> to the U.S. Federal Aviation Administration.
>> >
>> >Larry, I don't see a conflict there between the FAA and Boeing.
>>
>> If the FAA is pointing out a potential vulnerability in Boeing's
>> design, what would you call it?
>
>Where is the FAA pointing out a potential vulnerability?
Wired.com quotes the FAA as saying that. See above.
>The special condition is intended to address an area where
>the FAA certification requirements don't quite cover.
And it appears that Airbus is doing their best to point out the
potential shortcomings of the Dreamliner design in meeting the special
conditions to the FAA.
Bertie the Bunyip
You're talking out your ass Larry.
Bertie
ji...@specsol.spam.sux.com
> <ji...@specsol.spam.sux.com> wrote in message
> news:9h8855-...@mail.specsol.com
> >
> > My bank's ATMS have touch screens.
> >
> > One day recently I walked up to them and one clearly had a Microsoft
> > BSOD.
> >
> > I didn't try to hack in, but someone might.
> I recently saw a similar error displayed on a parking garage ticket
> dispenser.
> What input device would the would-be hacker use? Was there a touch-screen
> keyboard available? Some other input device accessible?
There is also a keypad on those ATMS.
Who knows what it's functionality is; one would hope none and neither
the touch screen nor the keypad do anything until the system is reset
from the inside, but as I didn't design the system, I can't say if that's
how it works.
> "Someone might" try hacking *any* system. A computer's mere existence is
> enough of a challenge for some folks. Are you suggesting that the ATM should
> not be "connected" to another system because it represents a security
> vulnerability (which was the premise that started this thread)?
Ummm, no.
While physical separation of systems is one of the better deterents to
hacking, it isn't the only method to prevent it.
Systems that are interconnected can be designed to be secure.
Bob Noel
Larry Dighera <LDig...@att.net> wrote:
> >> >Larry, I don't see a conflict there between the FAA and Boeing.
> >>
> >> If the FAA is pointing out a potential vulnerability in Boeing's
> >> design, what would you call it?
> >
> >Where is the FAA pointing out a potential vulnerability?
>
> Wired.com quotes the FAA as saying that. See above.
Larry: Please quote the portion of that wired.com that you think
constitutes a conflict between the FAA and Boeing. Frankly, I don't
see a conflict. I see Boeing and the FAA ACO working on certifying
something new. I don't see where that document claims the FAA
and Boeing disagree on what needs to be done, whether anything
needs to be done, or any disagreement. The only conflict apparent
in that wired.com article comes from the Loveless.
>
> >The special condition is intended to address an area where
> >the FAA certification requirements don't quite cover.
>
> And it appears that Airbus is doing their best to point out the
> potential shortcomings of the Dreamliner design in meeting the special
> conditions to the FAA.
I would expect Boeing and Airbus are always doing that.
Gig601XLBuilder
> How naïve of Bowing to think that there computer is not hackable:
>
How naïve of Larry to look to Wired for news on any subject. The entire
article is based on an FAA document that is calling for certification
requirements that assure that in the 787 and the aircraft like that will
come in the future are secure from being hacked.
Larry Dighera
<wrgi...@REMOVEgmail.com> wrote in
<13o4l4k...@news.supernews.com>:
>Larry Dighera wrote:
>> How naïve of Bowing to think that their computer is not hackable:
>>
>>The entire article is based on an FAA document that is calling for certification
>requirements that assure that in the 787 and the aircraft like that will
>come in the future are secure from being hacked.
The Wired story is based on more than the FAA document:
"This is serious," said Mark Loveless, a network security analyst
with Autonomic Networks, a company in stealth mode, who presented
a conference talk last year on Hacking the Friendly Skies
(PowerPoint). "This isn’t a desktop computer. It's controlling the
systems that are keeping people from plunging to their deaths. So
I hope they are really thinking about how to get this right."
...
Boeing spokeswoman Lori Gunter said the wording of the FAA
document is misleading, and that the plane's networks don't
completely connect.
Gunter wouldn't go into detail about how Boeing is tackling the
issue but says it is employing a combination of solutions that
involves some physical separation of the networks, known as "air
gaps," and software firewalls. Gunter also mentioned other
technical solutions, which she said are proprietary and didn't
want to discuss in public.
"There are places where the networks are not touching, and there
are places where they are," she said.
Gunter added that although data can pass between the networks,
"there are protections in place" to ensure that the passenger
internet service doesn't access the maintenance data or the
navigation system "under any circumstance."
She said the safeguards protect the critical networks from
unauthorized access, but the company still needs to conduct lab
and in-flight testing to ensure that they work. This will occur in
March when the first Dreamliner is ready for a test flight.
Are you familiar with the term buffer-overrun?
Bertie the Bunyip
> On Mon, 07 Jan 2008 10:37:21 -0600, Gig601XLBuilder
> <wrgi...@REMOVEgmail.com> wrote in
> <13o4l4k...@news.supernews.com>:
>
>>Larry Dighera wrote:
>>> How naďve of Bowing to think that their computer is not hackable:
Are you familiar with the term "Give up"?
Bertie
>
Mxsmanic
> We are talking about the flight systems of an aircraft with, as I
> suspect you're aware, two pilots who are there and are trained for
> such an eventuality.
They have not been trained for this, and in any case, in a fly-by-wire system,
there's not much that they can do if the computer is hacked.
Mxsmanic
> Like hell they will look up the regs.
Which regs?
Mxsmanic
> And it appears that Airbus is doing their best to point out the
> potential shortcomings of the Dreamliner design in meeting the special
> conditions to the FAA.
They are hoping that people will forget the trouble the A380 has with wings
snapping off, or the trouble other aircraft have with keeping the gear
straight or avoiding trees.
Mxsmanic
> Are you familiar with the term buffer-overrun?
It's a good way to identify incompetent programmers.
Bertie the Bunyip
news:2955o31g1fk1ohof6...@4ax.com:
Nope, wrong again, fjukkwit.
Bertie
Bertie the Bunyip
news:ga55o3tb9pa56mb2q...@4ax.com:
> george writes:
>
>> Like hell they will look up the regs.
>
> Which regs?
>
The ones that make it illegal to go dumpster diving in France?
Bertie
Bertie the Bunyip
news:kb55o3h98l815r49s...@4ax.com:
> Larry Dighera writes:
>
>> And it appears that Airbus is doing their best to point out the
>> potential shortcomings of the Dreamliner design in meeting the
>> special conditions to the FAA.
>
> They are hoping that people will forget the trouble the A380 has with
> wings snapping off,
An A360 has had it's wings snap off?
News to just about everyone, I would think.
Fjukkwit.
Bertie
Bertie the Bunyip
news:hd55o35uq4rp54hg8...@4ax.com:
> Larry Dighera writes:
>
>> Are you familiar with the term buffer-overrun?
>
> It's a good way to identify incompetent programmers.
Like you?
Bertie
george
> Mxsmanic <mxsma...@gmail.com> wrote innews:ga55o3tb9pa56mb2q...@4ax.com:
>
> > george writes:
>
> >> Like hell they will look up the regs.
>
> > Which regs?
>
> The ones that make it illegal to go dumpster diving in France?
No :-)
but its a good point.
The regs ban certain electronic devices from being used during climb
and descend
george
Evidence?
gear straight?
WTF
Microsoft doesn't have crosswind capability?
ROTFL
And what about 'avoiding trees' and what does that have to do with
Airbus?
Bertie the Bunyip
news:aef24191-c2f0-4244...@e23g2000prf.googlegroups.com:
No, just during departure and approach.
Bertie
>
John T
news:u2q855-...@mail.specsol.com
>
> While physical separation of systems is one of the better deterents to
> hacking, it isn't the only method to prevent it.
>
> Systems that are interconnected can be designed to be secure.
Agreed.
Christopher Brian Colohan
> 1) Exactly what is the extent of the connection (physical and logical) between
> cabin systems and cockpit systems? Unfortunately, the specifics are likely
> to be considered proprietary and not in the public domain.
>
> 2) Why have any connection at all?
Top 10 reasons why there is a connection between the entertainment and
flight control system:
10. Each seatback computer has a CPU and RAM in it. Can you imagine
a Beowulf cluster of all of these computers? What a powerful machine!
This cluster soaks up spare machine cycles predict the weather that
the plane is about to encounter.
9. Counter-terrorism. Each seatback can run a flight simulator
program. To increase realism, it gets real data from the flight deck,
making the simulation more entertaining. If a passenger has the magic
unlock code, they can enable the reverse connection -- taking control
of the plane. Normally only the undercover air marshals have the
codes, but if hijackers enter the flight deck then the codes are
broadcast to all of the passengers in the plane.
8. Cool screen savers. In addition to the "plane's current position
on a map" display, you can watch the fuel levels, control surface
deflections, autopilot programming, and current radio frequencies.
The plane compares the pilot's performance to an internal model of an
idealized pilot, and shows the passengers what the pilot is doing
right or wrong. A special game mode lets you pilot a simulated plane
and see if you can out-score the real pilot.
7. Surveilance cams. Each tray table has a built in webcam which
lets passengers videoconference from the comfort of their own chair!
From the flight deck pilots can also turn on any camera they please to
check out suspicious passengers, or to relieve boredom. This data is
also interleved on an uplink to ATC so they can keep an eye on the
sky.
6. More efficient multicast. What if a passenger is downloading a
GPS firmware update, and the flight deck is downloading the same
update at the same time? You wouldn't want to transmit those bits
twice -- if they share a common network multicast can be used to
improve performance.
Okay, I ran out of ideas. Perhaps you can help finish this list?
Chris
Martin Hotze
> 7. Surveilance cams. Each tray table has a built in webcam which
> lets passengers videoconference from the comfort of their own chair!
> From the flight deck pilots can also turn on any camera they please to
> check out suspicious passengers, or to relieve boredom. This data is
> also interleved on an uplink to ATC so they can keep an eye on the
> sky.
you meant the DHS.
but maybe one can vote the "chick of the flight"?
> 6. More efficient multicast. What if a passenger is downloading a
> GPS firmware update, and the flight deck is downloading the same
> update at the same time? You wouldn't want to transmit those bits
> twice -- if they share a common network multicast can be used to
> improve performance.
multicast ... my ass. you mean they start useful and working multicast
first on planes (before they do so IRL)?
#m
--
beware of the .sig-monster!
Christopher Brian Colohan
>> 6. More efficient multicast. What if a passenger is downloading a
>> GPS firmware update, and the flight deck is downloading the same
>> update at the same time? You wouldn't want to transmit those bits
>> twice -- if they share a common network multicast can be used to
>> improve performance.
>
> multicast ... my ass. you mean they start useful and working multicast
> first on planes (before they do so IRL)?
Are you saying that, given my example, if this worked well it would be
_useful_?
Hmmm. I have to recalibrate here...
Chris
Marty Shapiro
news:uclk5ml...@tretiak.stampede.cs.cmu.edu:
5. Immedate posting to YouTube of any Mile High Club activity caught
on the concealed video cameras.
--
Marty Shapiro
Silicon Rallye Inc.
(remove SPAMNOT to email me)
Heath Roberts
> As a professional in the computer business, you should know that there
> are virtually no computer systems that are not vulnerable to security
> compromise. Connecting the cabin entertainment computer system to the
> flight control computer is just plane ignorant. It's akin to the
> residents of Iowa choosing a candidate that rejects Darwin's theory of
> evolution to lead our country. Please cite a credible reason why the
> in-flight entertainment computer system can't be isolated, and not
> connected to other systems aboard the aircraft. There is none.
IFE's gotta have power, no? What if they hack the flight controls
through that? (Hey, I personally *saw* it happen in a movie)
Mxsmanic
> The regs ban certain electronic devices from being used during climb
> and descend
If you mean the FARs, that's not true. There is a blanket ban, with certain
explicit exceptions, as well as exceptions that may be provided by operators.
See FAR 91.21.
Bertie the Bunyip
george
Sec. 91.21 Portable electronic devices.
(a) Except as provided in paragraph (b) of this section, no
person
may operate, nor may any operator or pilot in command of an aircraft
allow the operation of, any portable electronic device on any of the
following U.S.-registered civil aircraft:
(1) Aircraft operated by a holder of an air carrier operating
certificate or an operating certificate; or
(2) Any other aircraft while it is operated under IFR.
(b) Paragraph (a) of this section does not apply to--
(1) Portable voice recorders;
(2) Hearing aids;
(3) Heart pacemakers;
(4) Electric shavers; or
(5) Any other portable electronic device that the operator of the
aircraft has determined will not cause interference with the
navigation
or communication system of the aircraft on which it is to be used.
(c) In the case of an aircraft operated by a holder of an air
carrier operating certificate or an operating certificate, the
determination required by paragraph (b)(5) of this section shall be
made
by that operator of the aircraft on which the particular device is to
be
used. In the case of other aircraft, the determination may be made by
the pilot in command or other operator of the aircraft.
That is the Reg.
Self explanatory
Gig 601XL Builder
(1) Portable voice recorders;
Is an iPod not a personal voice recorder? Yet all the airlines I've been
on recently include it in the don't turn on until we say so list.
Bertie the Bunyip
news:13o7lti...@news.supernews.com:
One of the reasons the FAA don't like Ipods and their ilk is that if you
are zoned out listening to music when an evacuation occurs, you might be
a liability in the event.
Rigth or wrong, it is one of the reasons.
Bertie
>
Larry Dighera
<wrgi...@REMOVEgmail.com> wrote in
<13o7lti...@news.supernews.com>:
While portable voice recorders fall under Paragraph B, there is a
report of an iPod causing interference in the cockpit:
From: poi...@pobox.com (Don Poitras)
Newsgroups: rec.aviation.piloting
Subject: Bizarre radio experience
Date: Mon, 22 Oct 2007 19:26:27 +0000 (UTC)
Message-ID: <ffith3$ahj$1...@reader1.panix.com>
...
There's only one thing left to try...
I turn off my iPod that's plugged into the headset (not "Ride of
the Valkyries", but Amy LaVere)... silence. Wow. Cool. Plug back
in, "podunk..."
Somehow the combination of iPod, wire and LightSpeed 30-3G was
acting as a radio (a very crisp, loud radio) picking up multiple
frequencies at once. I wish I had written down all the airport
names so I could see how many I was hearing, but it was quite the
cacophony. I called LightSpeed and the guy there had never had
that reported before.
Gig 601XL Builder
I understand that but what I'm saying is the reg quoted above seems to
me to specifically ALLOW personal voice recorders which is really all an
iPod is.
Gig 601XL Builder
on recently include it in the don't turn on until we say so list.
>
> While portable voice recorders fall under Paragraph B, there is a
> report of an iPod causing interference in the cockpit:
>
> From: poi...@pobox.com (Don Poitras)
> Newsgroups: rec.aviation.piloting
> Subject: Bizarre radio experience
> Date: Mon, 22 Oct 2007 19:26:27 +0000 (UTC)
> Message-ID: <ffith3$ahj$1...@reader1.panix.com>
> ...
> There's only one thing left to try...
> I turn off my iPod that's plugged into the headset (not "Ride of
> the Valkyries", but Amy LaVere)... silence. Wow. Cool. Plug back
> in, "podunk..."
>
> Somehow the combination of iPod, wire and LightSpeed 30-3G was
> acting as a radio (a very crisp, loud radio) picking up multiple
> frequencies at once. I wish I had written down all the airport
> names so I could see how many I was hearing, but it was quite the
> cacophony. I called LightSpeed and the guy there had never had
> that reported before.
>
>
This is hardly at issue. The iPod was wired into the pilots headset.
Bertie the Bunyip
Mmm, They have had drives, though. Might make a difference. i don't
know. Phones are definitely a PITA on board and I had a laptop dump an
Omega database on me years ago. Eletricity and radio are something I shy
away from though..
Bertie
Some Other Guy
> On Jan 7, 1:53 pm, Some Other Guy <bga...@microsoft.com> wrote:
>
>> So you have hundreds of passenger devices on the network. Due to a bug,
>> one or many may malfunction and cause a packet storm, either bringing
>> down the
>> network or causing unacceptable latency. High latency can cause
>> autopilot
>> oscillation and loss of control. Oops.
>
> We are talking about the flight systems of an aircraft with, as I
> suspect you're aware, two pilots who are there and are trained for
> such an eventuality.
In other words, you think it's okay for an in flight entertainment
system to cause the aircraft flight control systems to misbehave.
This is where you and I disagree, and I have nothing more to say about that.
george
> george wrote:
> > We are talking about the flight systems of an aircraft with, as I
> > suspect you're aware, two pilots who are there and are trained for
> > such an eventuality.
>
> In other words, you think it's okay for an in flight entertainment
> system to cause the aircraft flight control systems to misbehave.
No but that won't stop you making the claim.
If such an unlikely event might occur the pilots will go through their
drills.
Computerised systems falling over is not a new thing
That's why the aircrew are there and trained to handle such problems
>
> This is where you and I disagree, and I have nothing more to say about that.
Promises
Larry Dighera
wrote in
<2107380d-e2ae-4e1f...@p69g2000hsa.googlegroups.com>:
>
>If such an unlikely event might occur the pilots will go through their
>drills. Computerised systems falling over is not a new thing
>That's why the aircrew are there and trained to handle such problems
In fly-by-wire aircraft there are no truly manual controls, are there?
What if the flight crew found their attempts at control input
ineffective do that a hypothetical hack? Are the interconnected
systems designed to prevent the crew's loss of control to the
automated systems?
Tribal nonsense
Mxsmanic
> If such an unlikely event might occur the pilots will go through their
> drills.
There aren't any drills that would help.
> Computerised systems falling over is not a new thing
> That's why the aircrew are there and trained to handle such problems
They are not trained to handle such problems. When the aircraft is controlled
by computer and the computer fails, there isn't any training that will make
any difference.
Bertie the Bunyip
news:kg6ao3t1i4db412n5...@4ax.com:
Nope, wrong again.
Manual reversion is primitive in a 'bus, but adequate for the task.
Of course, don;'t take my word for it. I've only been trained to fly one
and have.
You are an idiot.
Bertie
Larry Dighera
wrote in <Xns9A20C2060B7...@207.14.116.130>:
>Manual reversion is primitive in a 'bus, but adequate for the task.
Are you implying that there is a physical link between the flight
controls and the control surfaces?
Bertie the Bunyip
Go fuck yourself killfile boi
Bertie
george
> On Wed, 9 Jan 2008 19:05:43 +0000 (UTC), Bertie the Bunyip <S...@rt.1>
> wrote in <Xns9A20C2060B741pissuprop...@207.14.116.130>:
>
> >Manual reversion is primitive in a 'bus, but adequate for the task.
>
> Are you implying that there is a physical link between the flight
> controls and the control surfaces?
Oh lord no.
We pray toward the right and the aircraft responds by turning right.
It would be blasphemy to have a connection between controls and
control surfaces.
<Cynical mode off>