FAA wants to know Boeing 747-8 is hack-proof

Agency recently issued "special conditions" mandating that Boeing ensure data networks on the new plane don't make it vulnerable to hacking from the outside.

Daniel Terdiman Former Senior Writer / News
Daniel Terdiman is a senior writer at CNET News covering Twitter, Net culture, and everything in between.
Daniel Terdiman
3 min read

The first 747-8 freighter to come off the production lines, as seen on the tarmac at Paine Field in Everett, Wash., last month. Daniel Terdiman/CNET

If Boeing is going to keep on producing jumbo jets with state-of-the-art networking technology, it may have to get used to dealing with government demands that it ensure the planes are not hackable.

Earlier this month, as reported by AVWeb, the U.S. Federal Aviation Administration issued "special conditions" regarding Boeing's forthcoming 747-8--the next-generation of its iconic 747 line of planes--aimed at making sure that the new plane's high-tech networking systems are hack-proof.

The 747-8, which should have its first flight any day now, is intended to be a much more efficient and powerful version of the 747 than even its most recent models. According to the FAA, it "will have novel or unusual design features associated with the architecture and connectivity capabilities of the airplane's computer systems and networks, which may allow access to external computer systems and networks."

The agency wrote that the airplane's digital systems architecture comprises several connected networks and may interface with "flight-safety related control, communication, and navigation systems;" "Airline business and administrative support;" "Passenger information and entertainment systems;" and "The capability to allow access to or by external network sources."

Essentially, the FAA seemed worried that the 747-8 will be vulnerable to outside access and that the "applicable airworthiness regulations do not contain adequate or appropriate safety standards for these design features," mandating the issuing of the special conditions.

"The architecture and network configuration may allow the exploitation of network security vulnerabilities," the FAA wrote, "resulting in intentional or unintentional destruction, disruption, degradation, or exploitation of data, systems and networks critical to the safety and maintenance of the airplane."

As a result, the FAA's new special conditions governing the 747-8 assert that Boeing "must ensure electronic system security protection for the aircraft control domain and airline information domain from access by unauthorized sources external to the airplane, including those possibly caused by maintenance activity." It adds that Boeing "must ensure that electronic system security threats from external sources are identified and assessed, and that effective electronic system security protection strategies are implemented to protect the airplane from all adverse impacts on safety, functionality and continued airworthiness."

The 787 Dreamliner takes to the air for its first-ever flight, at Paine Field, in Everett, Wash., on Dec. 15, 2009. The 787, like Boeing's 747-8, caught the attention of the FAA for theoretical vulnerabilities related to the communications networks. Daniel Terdiman/CNET

For Boeing, this is not its first run-in with the FAA over digital security worries about one of its new generation of planes. Indeed, its 787 Dreamliner, which had its first flight just last month and is hoped will go into commercial use later this year, has also been the subject of such concerns.

In a January 2008 story, Wired.com reporter Kim Zetter wrote, "Boeing's new 787 Dreamliner...may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the [FAA]."

Neither Boeing nor the FAA immediately responded to requests for comment about the theoretical vulnerabilities about the 747-8. But in reference to the similar FAA concerns about the 787 Dreamliner, company spokesperson Lori Gunter told Wired.com that "the wording of the FAA document is misleading, and that the plane's networks don't completely connect."

Zetter also wrote at the time that, "Gunter wouldn't go into detail about how Boeing is tackling the issue but says it is employing a combination of solutions that involves some physical separation of the networks, known as 'air gaps,' and software firewalls."