Archive for September, 2011



I wrote yesterday about the control systems implemented in the Boeing 787 Dreamliner, and the fact that, since the issue was reported in 2008, not much information on the way these systems interoperate, if at all. There have been references to “firewalling” the two networks from each other and this got my thinking after I posted:

  • Modern aircraft often have 30-year, or more, lifespans
  • Some element of the safety-case given to the FAA must rest on the fact that there are no inputs into the passenger entertainment system, i.e. there aren’t any network ports in the cabin
  • Some airlines are moving to implement WiFi on aircraft, like Delta and Lufthansa.
  • Over the 30-year lifespan of an aircraft, the cabin will be upgraded, entertainment system changed and services added

Thirty years is a long time to rely on an IT system. There aren’t many operational systems now running that were implemented in 1981. Those that are still running are seen to be very vulnerable to attack and treated very carefully. This is because the types of attacks have evolved massively in this time, with systems implemented just months ago vulnerable to attack.

My question is: how will these security systems be maintained? What if a vulnerability is found in the firewall(s) itself? How will the safety case change if the parameters of the entertainment system change? Does the FAA have any recommendations of the logical segregation of traffic if data from, for instance, WiFi hotspots, or GSM/3G pico-cells implemented in cabins needs to run over the same cabling infrastructure?

Again, maybe I have the wrong end of the stick, but I am concerned that, seemingly, no-one’s really looking into the implications of this and, given my own experience, unless these systems are implemented by people with a very deep understanding of process control security, it may not have been thought about.

Boeing 787


Way back in 2008 there were a number of stories floating around that the new Boeing 787, the first production airframe of which was delivered this week, had a serious security weakness. It turns out that Boeing, in their infinite wisdom, had decided to not segregate the flight control systems from the seat-back entertainment systems and would, instead, firewall them from each other.

I’ve been searching online but can’t find any up-to-date information whether this architecture was changed. Some good articles on this came from Wired and Bruce Schneier’s blog. Wikipedia’s 787 entry includes the following:

The airplane’s control, navigation, and communication systems are networked with the passenger cabin’s in-flight internet systems.In January 2008, Boeing responded to reports about FAA concerns regarding the protection of the 787’s computer networks from possible intentional or unintentional passenger access by stating that various hardware and software solutions are employed to protect the airplane systems. These included air gaps for the physical separation of the networks, and firewalls for their software separation. These measures prevent data transfer from the passenger internet system to the maintenance or navigation systems.

The reference to firewalls and air gaps leads me to suspect that these systems are not fully segregated. If this is the case, I really hope that they’ve had some seriously good information security advice.Process control systems, and this is a process control system of sorts, aren’t always as well implemented as they could be. Where there is a safety-critical element, air gaps or data diodes are the only ways to go.

Designing out the vulnerabilities has to be better than retrofitting security afterwards.

I’d welcome comments from anyone, especially those who know more about the actual implementation.

Update: I’ve added another post about this here.

Private Emails


Michael Gove is reported to have been using his private email account and won’t reply to emails sent to his official address. There are so many reasons why this is a bad idea. Here is my (almost certainly incomplete) list just in case the Rt. Hon. Michael Gove happens to pass by:

  1. It’s not based in the UK. In fact, Google pride themselves in not telling you were the data is held (just try finding out);
  2. Google is a US-headquartered company. As per Microsoft’s announcement, the US PATRIOT Act seemingly trumps EU and UK data protection law, even if the data was in the EU;
  3. You can’t encrypt the emails at rest;
  4. There’s no guarantee that the data will be there tomorrow, as this example from Yahoo amply demonstrates;
  5. While Gmail allows you to turn on HTTPS and a form of two-factor authentication, these are optional and probably turned off;
  6. The foreign governments are alleged to have already hacked into Gmail;
  7. On occasion, email accounts have been mixed up, where one person reads someone else’s mail;
  8. These emails may not be retrievable under the Freedom of Information Act.

You only risk what you don’t value. If Mr. Gove believes the emails he receives and send to be of such low importance to put them at this sort of risk, is he the best person to be a cabinet minister?

%d bloggers like this: