An FAA request to change Boeing 777 security filed on the US Federal Register website in 2013, and another one last year on Boeing's 737 line, tell us more about Boeing and the FAA's relationship with onboard network security.
According to a 2013 special conditions modification request titled
Electronic System Security Protection From Unauthorized Internal Access, Boeing was worried about the IFE being connected to critical systems of the aircraft.
Boeing requested the Federal Aviation Administration for permission to add a "network extension device" to separate the various systems from each other,
stating:
The existing regulations and guidance material did not anticipate this type of system architecture or electronic access to aircraft systems. Furthermore, regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities, which could be caused by unauthorized access to aircraft data buses and servers.
In June 2014, another FAA/Boeing modifications under special conditions filing -- a request for comment on security proposals -- addressed the Boeing models of interest to Chris Roberts: The 737 line.
In the filing, Boeing proposed special conditions and a means of compliance to "ensure that the security (i.e., confidentiality, integrity, and availability) of airplane systems is not compromised by unauthorized wired or wireless electronic connections."
It specifically acknowledged that,
"The architecture and network configuration may allow the exploitation of network security vulnerabilities resulting in intentional or unintentional destruction, disruption, degradation, or exploitation of data, systems, and networks critical to the safety and maintenance of the airplane."
These "special conditions and a means of compliance" were so vague that during the comments period,
one anonymous security researcher expressed serious concerns about the efficacy of the proposal. The comment urged FAA and Boeing to adopt some security industry basics: Namely, independent evaluation and penetration testing. The 737 filing
was subsequently withdrawn from public comment because the FAA didn't want to "delay issuance of the design approval and thus delivery of the affected aircraft."
Unfortunately, the FAA also said that dismissing the comment period was acceptable because there weren't any important comments anyway. It stated, "these special conditions has been subject to the public comment process in several prior instances with no substantive comments received."
) but that can mostly be blamed on the media.
