FAA Plays Down Boeing 787 Security Concerns

However an FAA spokesperson played down the threat levels in an interview with Infosecurity. Alison Duquette said as far as the FAA is concerned, there was no security problem with the new 787 and the information published was part of the agency’s certification process to address all potential vulnerabilities.

“We are not aware of any problems with hacking into the network,” she said. “It’s all a standard part of the process and the issue has already been addressed.”

Duquette also said the FAA cannot publicly disclose the security protection features Boeing has integrated into the 787.

Worries rose about the 787’s security when in the Federal Register, the FAA stated the proposed architecture of the 787 was different from that of existing production and retrofitted airplanes.

“It allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane,” the document stated. “Because of this new passenger connectivity, the proposed data network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane.”

The FAA said that to “ensure the security, integrity and availability of flight critical systems, it will require Boeing to show that hackers and other unauthorized users cannot get access to them, before it will certify the craft as airworthy.”

According to the FAA document, the vulnerability exists because the 787’s computer systems connect the passenger network with the flight-safety, control and navigation network.

As part of its final conditions document, published January 2, the FAA requires that the 787 design “prevent all inadvertent or malicious changes to, and all adverse impacts upon, all systems, networks, hardware, software and data in the Aircraft Control Domain and in the Airline Information Domain and from all points within the Passenger Information and Entertainment Domain.”

Boeing has said it is aware of the FAA’s concerns and measures have been taken to make the 787 secure. A solution to the problem will be tested shortly.

Boeing spokeswoman Loretta Gunter explained the 787 has been designed to meet the security requirements outlined in the FAA’s special condition.

“Special conditions are the FAA’s way of documenting certification requirements that are not covered by existing rules,” she said. “They are coordinated with the manufacturer years ahead of time so there are no surprises in the requirements. We have already successfully completed our laboratory testing of our security for computing systems.”

More testing will take place when an actual plane is built. Boeing’s 787 is scheduled to enter service in November, 2008.

What’s Hot on Infosecurity Magazine?