I’ve been saving up news articles about security vulnerabilities for my cyberattacks class, but I’m not quite sure where to fit in a discussion of potential vulnerabilities in Boeing’s New 787. On the crazy-cool side, the plane is going to have internet connectivity in the cabin for passengers. On the crazy-stupid side, the passenger’s network is connected to the cockpit network. Solutions are being discussed, but they do not seem to include just keeping the two networks physically separate. But software solutions can, and probably will, have holes, and Boeing is treating this as a software-debugging problem. I can’t imagine what the justification would be for wanting the networks to be connected. I am a big proponent of the “if it is absolutely vital, keep it unplugged from any network” school of security. Or, frankly, if you can’t do it safely, I’ll get by without internet access on my plane flight….
I read about this a few days ago and my first thoughts were “Why are these networks not separate?” Then I had an immediate “What the hell are they thinking?” moment afterwards.
I still have no answer to either questions though. I can’t fathom how many levels of communication this had to go through to get approved, and no one had questions about this.
Well, to be fair, FAA *does* have questions about it. But yes, I am not sure how this ended up being the design. There were allusions in the article to there being some reason why it made sense to have them be connected and I really wish they had elaborated on what they are. I start imagining plans to use the passenger network as a redundant backup in case the cockpit fails or somesuch but that really doesn’t make sense.