Modernizing Authentication — What It Takes to Transform Secure Access
The U.S. Federal Aviation Administration (FAA) has proposed additional safety requirements for Boeing 737s to protect the airplanes from hackers (h/t USA TODAY).
In the Federal Register, the FAA noted that newer 737s "may allow increased connectivity to and access from external network sources and operations and maintenance networks to the aircraft control domain and operator information domain. ... Previously these domains had very limited connectivity with external network sources."
"The architecture and network configuration may allow the exploitation of network security vulnerabilities resulting in intentional or unintentional destruction, disruption, degradation, or exploitation of data, systems, and networks critical to the safety and maintenance of the airplane," the FAA added.
Because existing regulations and guidance don't anticipate these issues, the FAA is proposing the following special conditions:
- The applicant must ensure that the airplanes' electronic systems are protected from access by unauthorized sources external to the airplane, including those possibly caused by maintenance activity.
- The applicant must ensure that electronic system security threats are identified and assessed, and that effective electronic system security protection strategies are implemented to protect the airplane from all adverse impacts on safety, functionality, and continued airworthiness.
- The applicant must establish appropriate procedures to allow the operator to ensure that continued airworthiness of the airplane is maintained, including all post type certification modifications that may have an impact on the approved electronic system security safeguards.
The FAA is seeking comments on the proposed special conditions by July 21, 2014.
Photo courtesy of Shutterstock.