Challenges for IT Infrastructure Supporting Secure Network-Enabled Commercial Airplane Operations Richard V. Robinson 1 , Krishna Sampigethaya 1, 2 , Mingyan Li 1 , Scott Lintelman 1 , Radha Poovendran 2 , and David von Oheimb 3 . 1 Boeing Phantom Works, Bellevue, WA 98008, USA 2 Network Security Lab (NSL), University of Washington, Seattle, WA 98195, USA 3 Siemens Corporate Technology, Germany [Abstract] The numerous benefits of enabling commercial airplanes to communicate over networks are only obtained at the price of introducing security threats to onboard systems. A primary threat arises from the opportunity for corruption of safety-critical and business-critical airplane loadable software distributed via networks from off-board systems. The FAA recognizes that the unprecedented use of such applications in network- enabled airplanes impacts well-established safety regulations and guidance. In this paper, we present a framework for securing airplane software distribution and overview the main challenges. For facilitating integration into existing certification guidelines for airplanes, we employ the Common Criteria standard based approach to security evaluation of IT infrastructure for airplane network applications. Additionally, we present some open problems in network-enabled airplane security. I. Introduction HE convergence of rapidly expanding world-wide data communication infrastructures, network-centric information processing, and commoditized lightweight computational hardware, has brought the aerospace industry to the threshold of a new era in aviation: the age of a fully network-enabled or “eEnabled” airplane. The prospects in commercial aviation are exceedingly optimistic for airline businesses and the flying public alike, as the eEnabled airplane promises to provide a basis for improvements in passenger amenities, schedule predictability, maintenance and operational efficiencies, flight safety, and other areas. T However, as large-scale airplanes employ more internal computer processing and network facilities, and become connected with network environments off-board, opportunities for information security attacks may open. The widespread use of commercial off-the-shelf components raises the potential for re-engineering and sabotaging aircraft IT components. Regulatory institutions have yet to systematically address information security needs appropriate to commercial aircraft, such as the network-enabled 787-8 airplane model. 10,11 Indeed, while the framework informing safety engineering principles and practices for airplanes and airplane software is mature and widely agreed (e.g. RTCA DO-178B), no such framework exists for corresponding information security needs. 4 This paper describes an approach and methodology for addressing one specific, well-defined aspect of the eEnabled airplane security problem, viz., electronic distribution of airplane loadable software. Today, industry standard mechanisms for retaining and distributing airplane loadable software parts 1 are evolving away from processes that handle physical storage media, in favor of electronic storage and distribution via computer networks. 2 We analyze security issues that emerge when information networks are used to store and distribute airplane loadable software and describe an approach to ensuring the integrity of such parts throughout their lifecycles. Correctness of certain airplane loadable software components, e.g. flight control computer software, has direct safety implications. This self-evident observation is addressed at length in the standards and advice mandated such as in Ref. 1, for assuring quality of airplane loadable software during its design and development. Therefore, the integrity of safety-critical software parts must be protected at all times. However, the use of public networks for storing and distributing airplane software may expose vulnerabilities that can be exploited for attacks on the integrity of parts, potentially posing a threat to airplane safety by reducing safety margins. Furthermore, attackers American Institute of Aeronautics and Astronautics 1