Tag Archives: FAA

Did A Software Virus Contribute To Fatal Air Crash

Preliminary investigation into the 2008 crash of Spanair Flight 5022, released in August 2009 by the U.S. National Transportation Safety Board, states that the probable cause of the crash was the flight crew’s failure to ensure that the plane’s flaps and slats were extended for takeoff.

Its early days to be sure but from what is leaking out in the media ( Spanish newspaper El Pais) it being reported that malware may have been a contributed to the accident.

An internal Spanair report indicated that a central computer system used to monitor aircraft problems had been infected with malware, according to El Pais. The infected computer system, located at the airline’s HQ in Palma de Mallorca, failed to detect several technical problems with the airplane.

In a previous article ‘A Case For Aircraft Security’ I emphasised the importance of IT Security in the operation of modern aircraft. If the final investigation due later this year in December confirms that a trojan was a contributor to the accident it will draw attention to the more advanced software systems being used in the operation of the Boeing 787 and Airbus A380.

When it comes to ‘IT/Aircraft Security’ airlines are ultimately responsible and this event will have airlines around the world re-evaluating their operational processes. For those airlines flying or have orders for the B787 or A380 they must focus on this tragic event, even if malware took little or no part in the accident the fact that it is being considered, highlights what is possible as aircraft evolve into mobile ‘IT networks’.

About these ads

1 Comment

Filed under Aviation

A Case For Aircraft Security

Comments on Connectivity crossover and the case for cockpit security’ do highlight an interesting debate on the subject of security for the new generation of eEnabled aircraft.

This is not the first discussion on the subject, as since the FAA Special Conditions No. 25-356-SC and 25-357-SC were published in Jan 08 a number of interesting debates have been triggered.

I have observed the many issues in this area for a number of years and here are some of my personal opinions.

With major airlines worldwide investing in a variety of IFE and connectivity solutions, keeping an ever-increasing techno aware passenger informed and entertained, is an important requirement for operators.

Retro- fitting of new IFE systems has been carried out successfully for many years … but todays newer IFE systems are introducing for the first time TCP/IP connectivity as an integral part of the aircraft and for airlines this introduced a new set of security risks and challenges.

Since the successful first flight of the 787 Dec 2009 and previous entry into service of the A380, Airline operational focus switched to the challenge of the new safe operation of eEnabled aircraft fleets, in particular Connectivity, Integration and Security. Airlines needed to understand the wider operational challenges of eEnablement.

One of the most obvious new challenges of eEnablement is the exposure of an airlines existing (in some cases substantial) ground based back office IT systems to what is essentially a hostile Aircraft environment.

Protecting both aircraft and ground based networks, became a operational requirement and airline operators of eEnabled Aircraft needed to be satisfied they had an appropriate IT architecture in place.

Companies with global business interests issue employees with network ready devices for connecting to back office systems from any worldwide location. They consider each other as hostile until successful authentication has been achieved.

Today’s eEnabled aircraft have the same requirement, but with one major exception, connected passenger devices could not be successfully authenticated and could never be trusted. Yet they will be connected to the operators onboard networks via WiFi, USB, RJ-45 etc. which in turn will have connections to the Airlines operational systems.

Airframer’s such as Airbus and Boeing are aware of the connectivity issues and have solutions to help control the different connectivity options. However given the potential complexity of an Airlines back office systems and operational processes, they do point out that integration and security are the operators responsibility and that any weakness may impact on an aircrafts airworthiness.

It is accepted by the aviation industry individuals and groups exist who have subversive agendas. These individuals (see diag) could be onboard the aircraft, at the airport, in fact, practically any location globally.

Q – Will the aircraft become a target for attack
A – Absolutely, the challenge exists. Airline security solutions will be tested.

Q – What if an attack succeeded.
A – Without doubt the impact to an Airlines safety and security would be brought into question and could subsequently impact the airlines Brand.

Q – Should IT networks be physically isolated onboard eEnabled aircraft.
A – Yes, this would help Airlines manage Connectivity, Integration and minimise the overall risk to the aircraft Security.

Leave a comment

Filed under Aviation