Comments on Runway Girls Blog on the subject of ‘Connectivity crossover and the case for cockpit security’ do highlight an interesting debate on the subject of security for the new generation of eEnabled aircraft.
This is not the first discussion on the subject, as since the FAA Special Conditions No. 25-356-SC and 25-357-SC were published in Jan 08 a number of interesting debates have been triggered.
I have observed the many issues in this area for a number of years and here are some of my personal opinions.
With major airlines worldwide investing in a variety of IFE and connectivity solutions, keeping an ever-increasing techno aware passenger informed and entertained, is an important requirement for operators.
Retro- fitting of new IFE systems has been carried out successfully for many years … but todays newer IFE systems are introducing for the first time TCP/IP connectivity as an integral part of the aircraft and for airlines this introduced a new set of security risks and challenges.
Since the successful first flight of the 787 Dec 2009 and previous entry into service of the A380, Airline operational focus switched to the challenge of the new safe operation of eEnabled aircraft fleets, in particular Connectivity, Integration and Security. Airlines needed to understand the wider operational challenges of eEnablement.
One of the most obvious new challenges of eEnablement is the exposure of an airlines existing (in some cases substantial) ground based back office IT systems to what is essentially a hostile Aircraft environment.
Protecting both aircraft and ground based networks, became a operational requirement and airline operators of eEnabled Aircraft needed to be satisfied they had an appropriate IT architecture in place.
Companies with global business interests issue employees with network ready devices for connecting to back office systems from any worldwide location. They consider each other as hostile until successful authentication has been achieved.
Today’s eEnabled aircraft have the same requirement, but with one major exception, connected passenger devices could not be successfully authenticated and could never be trusted. Yet they will be connected to the operators onboard networks via WiFi, USB, RJ-45 etc. which in turn will have connections to the Airlines operational systems.
Airframer’s such as Airbus and Boeing are aware of the connectivity issues and have solutions to help control the different connectivity options. However given the potential complexity of an Airlines back office systems and operational processes, they do point out that integration and security are the operators responsibility and that any weakness may impact on an aircrafts airworthiness.
It is accepted in the wider aviation industry individual(s) exist who have subversive agendas. These individuals (see diag) could be onboard the aircraft, at the airport, in fact, practically any location globally.
Q – Will the aircraft become a target for attack
A – Absolutely, the challenge exists. Airline security solutions will be tested.
Q – What if an attack succeeded.
A – Impact on an Airlines safety and security would be brought into question and could impact the airlines Brand.
Q – Should IT networks be physically isolated onboard eEnabled aircraft.
A – Yes, this would help Airlines manage Connectivity, Integration and minimise the overall risk to the aircraft Security.