Comments on Runway Girls Blog on the subject of ‘Connectivity crossover and the case for cockpit security’ do highlight an interesting debate on the subject of security for the new generation or eEnabled aircraft.
This is not the first discussion on the subject, as since the FAA Special Conditions No. 25-356-SC and 25-357-SC were published in Jan 08 a number of interesting debates have been triggered.
I don’t profess to have any answers but I have observed the many issues in this area for a number of years, here are some of my personal opinions.
With major airlines worldwide investing in a variety of IFE and connectivity solutions, keeping an ever-increasing techno aware passenger informed and entertained, is an important requirement for operators.
Retro- fitting of new IFE systems has been carried out successfully for many years … todays newer IFE systems are introducing for the first time TCP/IP networks as an integral part of the aircraft and for airlines this introduces a new set of security risks and challenges.
With the successful first flight of the 787 Dec last year (2009), focus has inevitably switched to the safe operation of the aircraft, particularly from an operators connectivity view-point. This is being helped by airline operators of the A380, who are now feeding back on this new connected aircraft journey, helping airlines to understand the operational challenges of eEnablement.
One of the most important new challenges of eEnablement, is the exposure of an airlines existing (in some cases substantial) ground based back office IT systems to what is essentially a hostile aircraft. eEnablement will be a risk until airline operators are satisfied they have an IT architecture in place, protecting both aircraft and ground based networks.
Companies with global business interests today issue employees with network ready devices for connecting to back office systems from practically any worldwide location. These systems consider each other as hostile until authentication has been successfully accepted by devices.
eEnabled aircraft have very similar requirements, with one major exception, some of the devices onboard the aircraft could never be and would never be trusted (Nintendo DS, iPhone, Blackberry’s, Laptop etc), yet they have potential to connect to the operators onboard networks via WiFi, USB, RJ-45 etc.
Airframers are aware of connectivity issues and have solutions to help control the different connectivity options on board and both would rightly point out that ultimately, security, is the operators responsibility.
It is accepted in the wider aviation industry that individual(s) exist who have subversive agendas. These individuals (see diag) could be onboard the aircraft, at the airport, in fact, practically any location globally.
Will the aircraft become a target for attack, absolutely, from day one, the challenge exists and security solutions will be tested.
Should the passenger IFE domain be isolated from other domains onboard eEnabled aircraft … my personal view is that they should be, this would simplify and help minimise the overall risk.