Sporkman
January 10th, 2008, 05:30 PM
http://news.yahoo.com/s/ap/20080109/ap_on_hi_te/787_computer_security_2
Will Boeing's 787 be safe from hackers?
By ELIZABETH M. GILLESPIE, AP Business Writer Wed Jan 9, 5:03 PM ET
SEATTLE - Before Boeing Co.'s new 787 jetliner gets the green light to fly passengers, the aircraft maker will have to prove that offering Internet access in the cabin won't leave the flight controls vulnerable to hackers and hijackers.
Boeing claims it has engineered safeguards to shut out unauthorized users, but some security analysts worry navigation and communications systems could be vulnerable.
"The odds of this being perfect are zero," said Bruce Schneier, chief technology officer at the security services firm BT Counterpane. "It's possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in mankind anyone's done that."
But Boeing spokeswoman Lori Gunter said 787's aviation electronics "are not connected in any way to the Internet."
Boeing has designed the 787 to allow airlines to offer passengers more in-flight entertainment and Internet options than previous planes have allowed.
Those new features and other aspects of 787's computer network go beyond the scope of existing regulations, so the Federal Aviation Administration is requiring Boeing to show the new technology won't pose a safety threat.
In a "special condition" the FAA has ordered Boeing to satisfy, the agency notes that the 787 "allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane.
"Because of this new passenger connectivity, the proposed data network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane."
An FAA spokesman said the agency has been working closely with Boeing and is pleased so far.
"We are always in constant communication and are satisfied with what they have provided," FAA spokesman Allen Kenitzer said.
Boeing is set to deliver the first 787 by the end of the year.
Boeing's Gunter said there is "not any place where the passenger interface to the Internet shares hardware" with the plane's aviation electronics.
"There are multiple layers of hardware and software" that ensure "data cannot pass from the passenger entrainment network to the other more secure networks on the airplane," Gunter said.
Special conditions are a normal part of the regulatory process aircraft makers undergo to get their planes certified for flight. The FAA issues them any time new designs introduce safety concerns that aren't fully addressed in existing regulations.
Boeing rival Airbus SAS argues that the only way to satisfy the new requirement would be to physically separate the passenger information and entertainment systems from all other systems on the plane.
Airbus told the FAA in a written comment that such a solution "is not technically and operationally viable."
Gunter declined to specify exactly how and to what degree the 787's computer networks are separated.
"One of the things you do to ensure security is not talk about the protections in any great detail," she said.
Boeing has already completed all lab tests the FAA has ordered for computer security, Gunter said. Final approval will come after Boeing runs another set of tests during flight testing, which is scheduled to begin in March.
The Air Line Pilots Association has urged the FAA to require a backup system that would allow flight attendants to disable passengers' Internet connections. The FAA declined, saying its job is not to dictate specific designs, but Boeing said that capability already exists.
Broadband passenger Internet access won't be available on the first 787s Boeing delivers. Few airlines offer mile-high Web access, but Gunter said Boeing wired the 787 for it because in-flight Internet is an emerging technology Boeing expects a growing number of airlines will adopt in the coming years.
The special condition on computer security, first proposed last spring and published in final form last week, is one of several the FAA has issued for the 787.
Others require Boeing to prove the 787 will be as safe during crash landings or in-flight fires as aluminum planes, since it will be the first large passenger plane made mostly of carbon-fiber composites.
Boeing also has to show that the 787, which will be powered almost entirely by high-voltage electric generators rather than air sucked through the engines, will be able to fly and safely land if its electrical power system fails.
Will Boeing's 787 be safe from hackers?
By ELIZABETH M. GILLESPIE, AP Business Writer Wed Jan 9, 5:03 PM ET
SEATTLE - Before Boeing Co.'s new 787 jetliner gets the green light to fly passengers, the aircraft maker will have to prove that offering Internet access in the cabin won't leave the flight controls vulnerable to hackers and hijackers.
Boeing claims it has engineered safeguards to shut out unauthorized users, but some security analysts worry navigation and communications systems could be vulnerable.
"The odds of this being perfect are zero," said Bruce Schneier, chief technology officer at the security services firm BT Counterpane. "It's possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in mankind anyone's done that."
But Boeing spokeswoman Lori Gunter said 787's aviation electronics "are not connected in any way to the Internet."
Boeing has designed the 787 to allow airlines to offer passengers more in-flight entertainment and Internet options than previous planes have allowed.
Those new features and other aspects of 787's computer network go beyond the scope of existing regulations, so the Federal Aviation Administration is requiring Boeing to show the new technology won't pose a safety threat.
In a "special condition" the FAA has ordered Boeing to satisfy, the agency notes that the 787 "allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane.
"Because of this new passenger connectivity, the proposed data network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane."
An FAA spokesman said the agency has been working closely with Boeing and is pleased so far.
"We are always in constant communication and are satisfied with what they have provided," FAA spokesman Allen Kenitzer said.
Boeing is set to deliver the first 787 by the end of the year.
Boeing's Gunter said there is "not any place where the passenger interface to the Internet shares hardware" with the plane's aviation electronics.
"There are multiple layers of hardware and software" that ensure "data cannot pass from the passenger entrainment network to the other more secure networks on the airplane," Gunter said.
Special conditions are a normal part of the regulatory process aircraft makers undergo to get their planes certified for flight. The FAA issues them any time new designs introduce safety concerns that aren't fully addressed in existing regulations.
Boeing rival Airbus SAS argues that the only way to satisfy the new requirement would be to physically separate the passenger information and entertainment systems from all other systems on the plane.
Airbus told the FAA in a written comment that such a solution "is not technically and operationally viable."
Gunter declined to specify exactly how and to what degree the 787's computer networks are separated.
"One of the things you do to ensure security is not talk about the protections in any great detail," she said.
Boeing has already completed all lab tests the FAA has ordered for computer security, Gunter said. Final approval will come after Boeing runs another set of tests during flight testing, which is scheduled to begin in March.
The Air Line Pilots Association has urged the FAA to require a backup system that would allow flight attendants to disable passengers' Internet connections. The FAA declined, saying its job is not to dictate specific designs, but Boeing said that capability already exists.
Broadband passenger Internet access won't be available on the first 787s Boeing delivers. Few airlines offer mile-high Web access, but Gunter said Boeing wired the 787 for it because in-flight Internet is an emerging technology Boeing expects a growing number of airlines will adopt in the coming years.
The special condition on computer security, first proposed last spring and published in final form last week, is one of several the FAA has issued for the 787.
Others require Boeing to prove the 787 will be as safe during crash landings or in-flight fires as aluminum planes, since it will be the first large passenger plane made mostly of carbon-fiber composites.
Boeing also has to show that the 787, which will be powered almost entirely by high-voltage electric generators rather than air sucked through the engines, will be able to fly and safely land if its electrical power system fails.