Boeing throws down cracker gauntlet, FAA makes them pick it up

Boeing’s new 787 Dreamliner, due to enter service in November 2008, packs a load of innovations in an attempt to fend off competition from its rival, Airbus. Touting exceptional fuel efficiency as its main draw for buyers, the 787 also includes numerous new features to improve passenger experience: larger seats, windows, and luggage bins; better control of air pressure and quality; “calm” lighting, and eventually even Internet access! Those folks at Boeing thought of everything!

Except for security, that is. The network that provides user connections to the Internet is also connected to the plane’s control and navigation systems, as well as the business and administrative support network for the airline. Boeing insists that the networks are only “loosely connected”:

Boeing spokeswoman Lori Gunter explained that although data can pass between the two networks, protections already in place make sure that passenger internet services are blocked from accessing maintenance data or the navigation system “under any circumstance”.

Uh huh. No way no how no h4xx0r is gonna get into our network. We’ve heard that one before. Fortunately, the FAA sees it our way, and Boeing is planning to modify this arrangement to include “physical separation of the networks and software firewalls as well as more proprietary airline-specific technologies.” The first two should be effective. Proprietary technology, on the other hand, only achieves security through obscurity — in other words, it only gives you that warm and fuzzy feeling of security without actually doing anything to hamper the skills of elite network crackers.

As Mark Loveless of Autonomic Networks said:

This isn’t a desktop computer. It’s controlling the systems that are keeping people from plunging to their deaths. So I hope they are really thinking about how to get this right.

I don’t know about you, but I think I’d like to wait for version 2.