The present invention relates generally to maintaining the security of a networked airplane.
Conventional aircraft are provided with a central maintenance computer function (CMCF). The CMCF encompasses all major avionics, electrical, and mechanical systems installed on the aircraft. The CMCF collects, stores, and displays maintenance information generated by line commandable units. The CMCF also provides a centralized location to initiate system tests. The CMCF has operator interface display and input devices (i.e. multi-purpose control display units (MCDUs)).
The prior art provides airline mechanics with an electronic maintenance terminal display that displays real-time CMCF data screens via MCDU emulation. A typical maintenance terminal is a laptop PC comprising a cursor control device, a keyboard, an internal hard drive, a floppy diskette drive, a CD-ROM drive, interfaces for brightness and contrast control, and a graphical output printer bus. Using such a maintenance terminal, authorized personnel are able to access maintenance applications that supervise the aircraft's avionics health status.
Maintenance performed on airplane systems introduces the possibility of two distinct kinds of hazard: (1) direct hazard to maintenance and other personnel on the ground due to the release of energy (e.g., electrical, hydraulic and mechanical motion); and (2) hazard to flight safety from incorrect software configurations loaded into computing systems during maintenance. Some previous airplanes have relied on physical security controls and procedures to ensure that these hazards are mitigated.
The Boeing 787 aircraft makes extensive use of networks in the design of maintenance tools and terminals for the airplane, introducing a possibility that a malicious or accidental attack on the network might activate hazardous function unexpectedly or cause the corruption of a system's software configuration without the authorized operator's knowledge.
There is a need for a system and a method for ensuring that the initiation of such operations using maintenance terminals or other tools is prohibited when maintenance activities are not intended to be performed, so that airplane operators can be assured that maintenance functions cannot be unexpectedly activated. Such a system and method should be useful for preventing an attacker from manipulating on-board systems, whether accessed via a wired or a wireless maintenance terminal or tool.