While a cyberattack is believed to be among the less-likely scenarios being considered by investigators for the disappearance of flight 370, and the U.S. have already initiated moves to prevent the hostile takeover of any 777 model by unauthorized access to critical systems and data networks from the passenger cabin.
Boeing declines to comment on specific aspects of the MH370 investigation, but company sources say the earlier vintage of the in-flight entertainment and other connectivity systems of the missingmean the potential threat from a cyberattack is thought to be negligible.
Even so, recently issued FAA special conditions—which became effective for the 777-200, -300 and -300ER in November—are designed to address a potential loophole in the safety standards, which has emerged with the recent development of onboard network systems that connect the increasingly sophisticated passenger services computers with those hosting previously isolated critical aircraft systems and data networks.
The FAA says the special conditions “are being issued to ensure that the security (i.e., confidentiality, integrity, and availability) of airplane systems is not compromised by unauthorized wired or wireless electronic connections between the airplane information services domain, aircraft control domain, and the passenger entertainment services.”
The special conditions were applied to the 777 family in the wake of Boeing’s August 2012 application for a change to the aircraft’s Type Certificate to cover the installation of an onboard network system.
The conditions include the addition of a network extension device to “improve domain separation between the airplane information services domain and the aircraft control domain,” says the FAA. The revised architecture and network configuration is intended to be used for, or interfaced with, flight-safety related control and navigation systems, the business and administrative support functions of the airline, passenger information systems and access by systems internal to the aircraft.
The action was taken because increasingly integrated network configurations in the 777 “may enable the exploitation of network security vulnerabilities and increased risks, potentially resulting in unsafe conditions for the airplanes and occupants,” says the FAA.
It adds that exploitation of these security vulnerabilities may “result in intentional or unintentional destruction, disruption, degradation, or exploitation of data and systems critical to the safety and maintenance of the airplane.”