According to the Special Conditions issued by the FAA (Federal Aviation Administration) on Jan. 15, prior to certification of the new technologies in B747-8, the Agency has requested Boeing to identify and assess all the potential security threats and to implement proper countermeasures to prevent the exploitation of the eventual vulnerabilities:
The Model 747-8/-8F architecture and network configuration may allow increased connectivity to and access from external network sources and airline operations and maintenance networks to the aircraft control domain and airline information domain. The aircraft control domain and airline information domain perform functions required for the safe operation and maintenance of the airplane. Previously these domains had very limited connectivity with external network sources. The architecture and network configuration may allow the
exploitation of network security vulnerabilities resulting in intentional or unintentional destruction, disruption, degradation, or exploitation of data, systems, and networks critical to the safety and maintenance of the airplane. The existing regulations and guidance material did not anticipate these types of airplane system architectures. Furthermore, 14 CFR regulations and current system safety assessment policy and techniques do not address potential security vulnerabilities, which could be exploited by unauthorized access the airplane networks, data bases, and servers. Therefore, these special conditions and a means of compliance are provided to ensure that the security (i.e., confidentiality, integrity, and availability) of airplane systems is not compromised by unauthorized wired or wireless electronic connections.
The aircraft is expected to perform its maiden flight in the following weeks, hence, the first revenue flight is still long to come. However, I’d rather board this complex aircraft after all its security breaches have been fixed and tested with a penetration test…..