On-Board Internet and Airline Security
UPDATE: For reasons unrelated to the WiFi security questions discussed in this post, it was announced today that Boeing Co. delayed the maiden test flight of the 787 Dreamliner and said that it won't deliver the aircraft until early 2009. This pushes back the delivery date by three months to its customer, All Nippon Airways Co. Boeing has indicated that the delay is attributable to "challenges related to start-up issues in its factory and extended global supply-chain" and insists that the design and technologies behind the plane 'remain sound.'
Modern "road warriors" run through airports, wait in terminals for delayed or canceled flights, experience often long layovers, and where possible, log onto the available WiFi. My recent increase in business travel shows (me, at least) how tethered to the computer many have become. Most hotels now offer free WiFi. Some airports also offer service (I was in one last week that actually offered free WiFi). Of course, public Internet access lacks security. Still, most airlines and planes do not have power outlets at your seat, so your ability to work on your computer is limited by your battery life.
Airborne broadband has been possible since before September 11th. However, "debate" between FAA and FCC, and then DHS and DOJ continues about the safety of allowing cell phone and WiFi use in the air. Certainly, there is a justifiable fear of ground to air (or the reverse) communication between terrorists. Recently, it was disclosed that the new Boeing 787 Dreamliner, offering passengers a number of amenities including on-board, in-flight Internet access had been designed with a serious security flaw.
An alert issued by the FAA last week revealed that the computer network in the Dreamliner's passenger compartment, designed to give passengers in-flight Internet access, is connected to the plane's control, navigation, and communication systems.
The revelation is causing concern in security circles because the physical connection of the networks makes the plane's control systems vulnerable to hackers. A more secure design would physically separate the two computer networks. Boeing said it's aware of the issue and has designed a solution it will test shortly.
Boeing's 787 Dreamliner is a mid-sized jet designed to carry between 210 and 330 passengers, and is in the final stages of development. The Company says that it has taken advanced orders for over 800 planes that are scheduled to go into service at the end of 2008. Even though Boeing indicates that the language of the report is somewhat misleading (basically that the plane's networks do not completely connect), and that they are addressing the issue, the FAA is demanding that Boeing show that it has addressed the computer-network issue before the planes begin service.
Lori Gunter of Boeing said that "there are places where the networks are not touching, and there are places where they are." Gunter added that although data can pass between the networks, "there are protections in place" to ensure that the passenger Internet service doesn't access the maintenance data or the navigation system "under any circumstance." She said the safeguards protect the critical networks from unauthorized access, but the company still needs to conduct lab and in-flight testing to ensure that they work.
Of course, the concern here is over the potential for hackers to access aircraft flight and management systems over what the FAA considers "inadequate or appropriate safety standards for protection and security of airplane systems and data networks against unauthorized access.”
I realize that many fellow travelers would like to have access to the email accounts while flying from one airport to another. It might be nice to have, but certainly not at the risk of security breaches of airliner systems. And I'm not too sure what it would be like with a number of business passengers all logging onto their accounts. Personally, I'd be happy to have more space between the seats and power outlets.