WASHINGTON (CNN) -- It's a scenario befitting a Hollywood thriller.
A sophisticated hacker in Seat 11A uses an on-board Internet system to infiltrate a plane's computer, seizing control of its navigation systems, communications and flight controls.
Not terribly likely, the Federal Aviation Administration says. In fact, it may be impossible.
But just to make certain, the FAA and airplane manufacturers are studying onboard systems planned for the next generation of jetliners to make certain that in-flight Internet access won't have any unintentional or unwanted impact on a plane's vital systems.
In a little publicized Federal Register notice published in April and updated this month, the FAA imposed "special conditions" on Boeing, manufacturer of the 787 Dreamliner aircraft, which will be the first plane to offer Internet hookups. The notice states that the 787 allows "new kinds of passenger connectivity to previously isolated data networks" on the plane. It requires Boeing to demonstrate the safety and security of its systems.
The FAA says that any vulnerability is purely hypothetical, and characterizes the "special condition" -- one of 10 imposed on the plane -- as routine. Special conditions are included as part of a plane's routine certification when the FAA encounters new or novel technologies that are not already addressed by existing regulations.
Boeing spokeswoman Lori Gunter said the company has already addressed the FAA's concerns, but must await real-world tests on completed aircraft before getting certification. Six test planes are being built, with the first test flight expected in late March, Gunter said.
The manufacturer has orders for 817 of the aircraft from 55 customers, she said. The initial planes will not be equipped with Internet access, Boeing said. That will come later.
Computer security experts say any passenger computer systems should be completely separate from systems essential to the plane's safe operation. It is OK for both systems to share power sources and some other functions, but other "connectivity" can make the crew systems vulnerable to the passenger systems, they say.
Both the FAA and Boeing declined to describe any "connectivity" between passenger and crew systems, but said the final system will be safe and secure. Details of the plane's design and specific connectivity are proprietary information and not available to the general public, the FAA said.
Gunter said internal and external auditors have checked the system and "there is no problem."
And Mike Sinnett, director of systems for Boeing's 787 Program, said, "There's no connection between the types of things a passenger could have access to and the flight-critical systems and the data that passes among the flight-critical systems. We have hardware and software in place that prohibits the transfer of data between those systems."
Hacker-turned-security consultant Mark Loveless said crucial flight systems should be completely isolated from passenger computer systems. "It's kind of Security 101," he said. "There's no reason for there to be any connection at all."
Though he would like to know more about the security system, Loveless said he would not hesitate to fly on the Dreamliner.
"I know that the people at Boeing -- their kids are going to be flying on these aircraft that they're building, so it would make sense that they'd want to take care of themselves and others," he said.
The Air Line Pilots Association says it is confident that Boeing and the FAA will prevent any infiltration of the crew's onboard control systems, but says it believes any system should be designed to give pilots ultimate control over in-flight entertainment and Internet systems. Pilot control is essential for both safety and security reasons, ALPA says.
Loveless does not envision anyone seizing control of a plane, in any event. "There's no way you could come up with [a] virtual cockpit on your [laptop]," he said.
But just how is the passenger computer connected to the flight computer?
"Well, that's the 30,000-foot question, isn't it?" Loveless said. If the computer systems were truly separate, he said, Boeing should be willing to reveal its basic architecture to outsiders.
But that isn't likely.
"The more you talk about [security systems], the less secure it gets," Boeing spokeswoman Gunter said. E-mail to a friend
|Most Viewed||Most Emailed||Top Searches|