OT: Data security now an issue for aircraft - VMS

This is a discussion on OT: Data security now an issue for aircraft - VMS ; > http://www.flightglobal.com/articles...formation.html ## Onboard wired and wireless devices may also have access to parts of the airplane's digital systems that provide flight critical functions," says the FAA in a special conditions document published in December. "These new connectivity capabilities may ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: OT: Data security now an issue for aircraft

  1. OT: Data security now an issue for aircraft

    > http://www.flightglobal.com/articles...formation.html

    ##
    Onboard wired and wireless devices may also have access to parts of the
    airplane's digital systems that provide flight critical functions," says
    the FAA in a special conditions document published in December. "These
    new connectivity capabilities may result in security vulnerabilities to
    the airplane's critical systems."

    In order to "ensure the security, integrity, and availability" of
    critical systems, the FAA will require Boeing to demonstrate that
    unauthorised access to the hardware, software and databases of the
    aircraft control and airline information domains is not possible.
    ##


    I wonder how one could really demonstrate total data security for an
    aircraft that could be in service for 15-20 years. Systems that have to
    be approved by the FAA (and then different agencies around the world)
    tend to be difficultto change during the lifetime of the aircraft.

    And yeah, there are now widnows systems in ****pits to provide PDF
    manuals to the crews. (called "electronic flight book").

  2. Re: OT: Data security now an issue for aircraft

    In article <47859511$0$6237$c3e8da3@news.astraweb.com>, JF Mezei writes:
    >{...snip...}
    >And yeah, there are now widnows systems in ****pits to provide PDF
    >manuals to the crews. (called "electronic flight book").


    Pilot on radio:
    --------------
    "May Day! May Day! This is international flight 123 requesting emergency
    landing assistance and priority. Only one set of langing gear has deploy-
    ed and the engines have just cut out on our approach."


    Pilot to co-pilot:
    -----------------
    "Quick, consult the electronic flight book for emergency landing procedures
    for landing gear and engine malfunction!"

    Co-pilot:
    --------


    {M$ Exploiter} Search for: [landing gear and engine malfunction]

    Trying... Trying... Trying...

    +--------------------------------------+
    | Weendoze has detected a fatal error! |
    | |
    | +-------+ +-------+ +------+ |
    | | Abort | | Retry | | Fail | |
    | +-------+ +-------+ +------+ |
    +--------------------------------------+


    ..... later that evening...

    "Welcome to the 6 0'clock news. Our top story tonight... another airline
    tragedy. We now switch you live to our field correspondent at the sight
    of the crash..."


    "Good Evening! This is Hugh Oughtnotusems reporting live from the scene
    of a terrible airline crash... Was it pilot error or system failure?"

    ....


    --
    VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

    "Well my son, life is like a beanstalk, isn't it?"

    http://tmesis.com/drat.html

  3. Re: OT: Data security now an issue for aircraft

    See Bruce Schnier's blog for some sensible comment on this
    http://www.schneier.com/blog/archive...g_the_boe.html


  4. Re: OT: Data security now an issue for aircraft

    In article
    <4bf71cba-8f70-4926-9391-326f7dc384e6@d21g2000prf.googlegroups.com>,
    IanMiller wrote:

    > See Bruce Schnier's blog for some sensible comment on this
    > http://www.schneier.com/blog/archive...g_the_boe.html


    Gotta love this reader's comment:

    5 years ago (issue 2003/1), this was a cartoon in the german it-paper
    c't:

    http://www.heise.de/ct/schlagseite/03/01/gross.jpg

    Translation:

    New device found
    Device: Airbus A310

    Start auto configuration?

    [OK] [cancel]

    --
    Paul Sture

    Sue's OpenVMS bookmarks:
    http://eisner.encompasserve.org/~stu...bookmarks.html

  5. Re: OT: Data security now an issue for aircraft

    IanMiller wrote:
    > See Bruce Schnier's blog for some sensible comment on this
    > http://www.schneier.com/blog/archive...g_the_boe.html
    >


    This guy didn't read it right.

    There is no accusation of securit problems. The FAA just needs to make
    sure there arte no security problems.

    And it isn't a question of passengers taking control of the aircraft
    from their laptops while playing MS Flight Simulator.

    The issue here is that the 787's information systems will be able to
    connect to an airline network while at airport. This allows them to
    download all sorts of information to the aircraft (weather reports etc),
    access the aircraft's data recorder to spot any maintenance issues that
    occured in the last flight, and possibly update any airport data (for
    instance, runway XX closed at airport YY). There is probably more which
    can be done in maintenance mode.

    Whether airlines use the same infrastructure to transmit new movies to
    the passenger entertainment system is not known. But it is likely that
    any credit card transactiosn made during the flight (duty free stuff
    etc) would then be submitted via wireless to the airline's airport
    network for processing. (unless those would be done via staellite during
    flight)

    It is normal that the FAA be weary and require proper analysis.

    When the Airbus A320 was introduced, the FAA was shown to be incompetant
    since they had not thought about testing software quality assurance.
    (this was a totally new concept for passenger aircraft). As a result,
    there were a lot of bugs in the A320 that were only detected well after
    the A320 was put into production with paying passengers. (for instance,
    changing cabin temperature during certain phase of flight would also
    affect the engine thrust levels). the FAA learned its lesson from this
    and now requires far greater testing of aircraft when Boeing/Airbus
    introduce new gizmos.

  6. Re: OT: Data security now an issue for aircraft

    "P. Sture" wrote:
    >
    > In article
    > <4bf71cba-8f70-4926-9391-326f7dc384e6@d21g2000prf.googlegroups.com>,
    > IanMiller wrote:
    >
    > > See Bruce Schnier's blog for some sensible comment on this
    > > http://www.schneier.com/blog/archive...g_the_boe.html

    >
    > Gotta love this reader's comment:
    >
    > 5 years ago (issue 2003/1), this was a cartoon in the german it-paper
    > c't:
    >
    > http://www.heise.de/ct/schlagseite/03/01/gross.jpg
    >
    > Translation:
    >
    > New device found
    > Device: Airbus A310
    >
    > Start auto configuration?
    >
    > [OK] [cancel]


    I was thinking along the lines of:

    +--------------------------------------+
    | The Flight Controls have been moved. |
    | |
    | Windows must be restarted |
    | for the change to take effect. |
    | |
    | [Restart Now] [Cancel] |
    +--------------------------------------+

    David J Dachtera
    DJE Systems

  7. Re: OT: Data security now an issue for aircraft

    In article <47859511$0$6237$c3e8da3@news.astraweb.com>,
    JF Mezei wrote:

    > And yeah, there are now widnows systems in ****pits to provide PDF
    > manuals to the crews. (called "electronic flight book").


    "A new version of Adobe Reader is available. Do you wish to install it
    now or later?"

    --
    Paul Sture

    Sue's OpenVMS bookmarks:
    http://eisner.encompasserve.org/~stu...bookmarks.html

  8. Re: OT: Data security now an issue for aircraft

    In article <47869175$0$15736$c3e8da3@news.astraweb.com>, JF Mezei writes:
    >
    > When the Airbus A320 was introduced, the FAA was shown to be incompetant
    > since they had not thought about testing software quality assurance.
    > (this was a totally new concept for passenger aircraft).


    It may have been new in passenger aircraft control, but it was hardly
    new at the FAA. They've been doing air traffic control with software
    since the 1950's.


  9. Re: OT: Data security now an issue for aircraft


    "IanMiller" wrote in message
    news:4bf71cba-8f70-4926-9391-326f7dc384e6@d21g2000prf.googlegroups.com...
    > See Bruce Schnier's blog for some sensible comment on this
    > http://www.schneier.com/blog/archive...g_the_boe.html
    >


    Ian,

    Bruce makes a very valid point when he says a new architecture like this
    necessarily has new failure modes (or, as he puts it, folks need to think
    about "the more common software flaw that causes some unforeseen interaction
    with something else and cascades into a bigger problem"). Bruce also quite
    reasonably points out that hard information would be very welcome. But
    beyond that there isn't much content there (I don't know where there *is*
    any real content on this subject).

    Fwiw, the on-plane LANs being discussed (called AFDX or ARINC664 or CDN
    depending on who you are) are sort of like Ethernet VLANs, which are
    obviously tried and reasonably well tested in the world of routine IT. On
    top of classic VLANs the aircraft networks add things like static
    design-time allocation of required bandwidths for known data flows
    (principles inherited from the ATM world but new to Ethernet). Given some of
    the extra requirements, I can't imagine that the switches being used are
    COTS so the chances of there being much real life experience with them are
    small, and testing is (by definition) never exhaustive enough, so as Bruce
    points out, there are genuine concerns, and they're not necessarily solely
    to do with security (if we mean the "access control" sense of security).

    Competent folks who are used to designing this kind of networky thing for
    ground-based but safety-related control systems would understand the issues
    on this aircraft network. So far, Boeing seem to be asking us to take it on
    trust that they (and their suppliers) have done the same quality of job as
    some of the readers here would have done, and so far, Boeing seem to be
    reluctant to answer simple but important questions e.g. as to whether there
    are actual "air gaps" between safety critical networks and what you might
    call "operations" networks.

    The first few pages of http://www.actel.com/documents/AFDX_Solutions_AN.pdf
    provide an overview of AFDX/ARINC664/CDN.

    Not sure where the best home is for the rest of this discussion.

    2p
    John

    http://www.ces.ch/documents/download...hite_paper.pdf



+ Reply to Thread