Earlier in the week I came across a very interesting article regarding control systems that we normally do not discuss but has a similar issue that we experience in other control system implementations.
The FAA recently published a “special conditions” document within the Federal Register (FR DOC 2010-661) discussing concerns over Boeing’s 747-8/-8F models network architecture. Specifically, they discuss the concern of the potential of having critical systems (flight safety control, nav systems, etc.) networked together and susceptible to attack from an external wired/wireless source. The paper goes on to say, that a means of ensuring network security needs to be provided by Boeing for these models and any future models with this network design. Lastly, the paper notes that it was issued because “14 CFR regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities.” Many of you may note, that the FAA had issued a similar document in January 2008 regarding the Boeing 787 and its network security. The 2008 document listed several responses, mostly by Airbus, regarding the FAA’s guidance.
While I give the FAA kudos for documenting this concern, why haven’t the regulations been changed or guidance provided to manufacturers regarding network security? As new planes and models roll out they will inevitably take advantage of the improvements in networking technologies.