The March 2014 disappearance of Malaysian Airlines Flight 370 has renewed old concerns about the security of aircraft with embedded systems, such as the Boeing 777. While the exact causes of the plane’s demise have not been determined yet, security experts have taken the opportunity to point out that cyberattacks could exploit the features of advanced airliners and lead to similar incidents in the future.
Boeing’s concerns about computer system security
Boeing itself has been cognizant of this issue. Prior to the MH370 mystery, the company took steps to mitigate the risk of someone hacking into its planes. According to International Business Times, Boeing filed documents with the U.S. Federal Register to upgrade the onboard networks of its 777-200, 777-300, and 777-300ER aircraft, apparently out of the concern that the connections between their entertainment systems and critical control infrastructure could enable a complete takeover.
“This proposed data network and design integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane,” stated Boeing’s filing with the U.S. Federal Register.
In theory, a hacker could have taken advantage of the USB and/or ethernet ports that come standard on a 777, en route to gaining full access to the plane’s computer systems. Boeing addressed this vulnerability after the Federal Aviation Administration approved its request to change its license. A network extension was added to keep systems separated from each other.
The MH370 airliner was a Boeing 777-200 that, as BankInfoSecurity explained, featured integrated systems capable of connecting with external networks. In granting the license change, the FAA stipulated that this setup had to prevent malicious changes while ensuring that the plane could still be flown properly.
Security experts contend airliner hacking is a real threat
Still, the cybersecurity community has contended that insufficient attention and resources have been devoted to hardening aircraft, Boeing 777s in particular, against hacking. Radware vice president Carl Herberger, for example, has argued that airliners should be more thoroughly tested against cyberattacks before being deemed airworthy.
“Security professionals have long understood the threat that embedded systems create for modern day critical infrastructure,” explained Herberger. “We need to test and protect these systems and it’s high time to drive these processes into modern day transportation (and I’ll add other sectors) vendors to ensure public safety.”
The FAA’s Jeffrey Duven even admitted that the body’s current regulations had not been designed with 777-style integrated systems in mind. He noted that any hacking of a Boeing 777 could result in decreased safety and potentially risky conditions for passengers.
The problem isn’t just with the onboard infrastructure. Various manufacturers and contractors contribute to the construction of planes, meaning lax security at one of their facilities could give away critical information about the systems and compromise the entire aircraft.
The issues with Boeing 777 systems illustrate the importance of restricting data access to authorized parties. Software such as PowerTech Exit Point Manager for IBM i ensure that exit points and traffic to Power Systems servers are properly monitored, preventing the types of intrusions that security experts have warned about in airliners.
Many organizations still have large gaps in their security coverage. For example, only a sliver of IBM i systems monitor all network access points. PowerTech helps fill those gaps by providing a wide range of security solutions that control and monitor system access and activity. Its products close back doors and limit user access to sensitive commands without reducing productivity.