Boeing's new 787 Dreamliner passenger jet's onboard computer networks may have a serious security problem as they are vulnerable to passengers who would like to hack into the plane's control systems, according to the US Federal Aviation Administration (FAA).
A FAA report reveals that the computer network in the Dreamliner's passenger compartment, designed to give passengers in-flight internet access, is connected to the plane's control, navigation and communication systems. This would make the plane's control systems vulnerable to hackers. Security analysts say that a more secure design would physically separate the two computer networks.
Boeing said it's aware of the problem and a solution to the problem will be tested shortly.
The 787 Dreamliner is Boeing's hottest selling aircraft and has notched up record sales. The mid-sized jet will seat anything between 210 and 330 passengers, depending on configuration. With induction of the aircraft pushed back to November 2008, from July 2008, the FAA now wants Boeing to address this problem.
According to the FAA document published in the Federal Register, the vulnerability exists because the 787's computer systems connect the passenger network with the flight-safety, control and navigation network. The system also connects to the airline's business and administrative-support network, which communicates maintenance issues to ground crews.
The design "allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane," says the FAA document. "Because of this new passenger connectivity, the proposed data-network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane."
Meanwhile a Boeing spokesperson said that the wording of the FAA document is misleading, and that the plane's networks don't completely connect. Without getting into details, company officials said that Boeing was employing a combination of solutions that involved some physical separation of the networks, known as "air gaps," and software firewalls.
Apart from these there would also be other technical solutions of a proprietary nature, company officials said. According to them, although data can pass between the networks, "there are protections in place" to ensure that the passenger internet service doesn't access the maintenance data or the navigation system "under any circumstance."
Though safeguards protecting the critical networks from unauthorized access were in place, the company still needed to conduct lab and in-flight testing to ensure that they work. This, said officials, will take place in March when the first Dreamliner would be ready for a test flight.
According to Boeing officials, the FAA and Boeing have already agreed on the tests that the plane manufacturer will have to do to demonstrate that it has addressed the FAA's security concerns.