Security Flaw Turns 787 into Latest Video GameBy Larry Walsh | Posted Monday, January 07, 2008 18:01 PM
When the new 787 Dreamliner takes flight later this year, passengers will have Internet access at 37,000 feet...and perhaps control of the aircraft. At least that's what some security experts are reading into a Federal Aviation Administration assessment of the in-flight Internet service.
The Dreamliner--the newest mid-sized jet Boeing developed in more than a quarter-century--sports in-flight Internet connectivity in the passenger cabin. The same network is reportedly connected to the plane's navigation, avionics and communications systems. In other words, a malicious passenger (say a terrorist) could conceivably take full control of the plane from the comfort of seat 32A, according to Wired.com.
Wired is reporting that the FAA is requiring Boeing to demonstrate the safety of the system before it's approved. The same report says the FAA would have preferred two separated networks for security and safety. Boeing, however, says the systems are separated by an "air gap," or a switch that physically separates the two networks.
The 787 is scheduled to go into service toward the end of this year. With more than 800 planes on order for airlines around the world, the plane was originally scheduled for release this spring. However, Boeing delayed the launch date, in part, because of software integration issues with its navigation system. It's unclear whether the software issues being worked on by Honeywell are related to the security concerns.
Go ahead and chide me for stating the obvious, but this is the first of many security issues that will come about as in-flight Internet service is extended to passengers. Bughunters and so-called security researchers will probe every line of code and infrastructure fissure for vulnerabilities that will get them 15 minutes of digital fame. And they'll be right for doing so, since passenger safety and security is paramount in the age of hyper-terrorism.
At some point, the FAA will have to mandate some minimum level of in-flight computer security, for no other reason than to ease concerns and instill a level of confidence in safety similar to metal detectors and X-ray machines at airport terminals (and we all know how effective those are). In the end, security and services are a matter of tradeoffs--we accept some level of risk for some level of convenience. In-flight connectivity is no different.
What are your thoughts on in-flight Internet security? Is the service worth the security risk? Send your thoughts to Larry at email@example.com.