The US government released a report yesterday warning of security threats facing modern aircraft, leading to stories from major publications claiming in-flght Wi-Fi could be hacked to take control of a passenger plane. But according to Dr Phil Polstra, a qualified pilot and professor of digital forensics at Bloomsburg University, the report contained much erroneous information.This story broke while I was on vacation and ignoring the 'net, and so I didn't comment then. Now the plot thickens. The Government Accounting Office has a history of misinterpreting cyber risk:
Polstra believes the US Government Accountability Office (GAO) report was put together by people who didn’t understand how modern aircraft actually work. He took umbrage with the claims that as airplanes are increasingly connected to the internet, the control systems on planes are in danger of being remotely compromised. He told FORBES over email that the avionics networks, which deal with flight controls and coordination, were simply not connected to the internet like Wi-Fi services. “To imply this is irresponsible.”
GAO staffers have demonstrated repeatedly that they do not understand how attacks and networks and operating systems work - at the deep technical level. That means their reports have been forcing government agencies to spend money in precisely the wrong ways - so much so that a close analysis will show that GAO is culpable in enabling the deep and pervasive cyber penetration that has occurred across many elements of the federal government. GAO staffers blame OMB's regulations for their errors when they are called to account. Isn't it time for GAO leadership to take a hard look at the damage caused by its findings and the people they have making those findings?I hadn't considered inter-Agency budget rivalry as a driver for Press Release driven bogus security news, but that's something that will play a part in my analysis from now on.
UPDATE 22 APRIL 2015 11:28: More here. I'm not a fan of having critical systems and passenger/entertainment systems on the same network, and so will try to avoid the Airbus 350 and 380, and the Boeing 787. But there is good analysis at this link.