cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
j_M007
Community Champion

Technical documentation and confidentiality, integrity, availability concerns -- life safety

An interesting report from CBC (Canadian Broadcasting Corporation) about the role of technical documentation in recent airliner disasters.

 

Disclosure is important; but what about competitive advantage? What are the security ramifications of divulging how to disable a system?

 

Should there be onboard continuity plans or emergency operations drills for system failures?

 

Should this be documented; and how to secure continuity measures?

 

 

https://www.cbc.ca/news/thenational/boeing-737-max-8-manual-mentions-mcas-only-once-1.5072984

1 Reply
HTCPCP-TEA
Contributor I

Disclosure is important; but what about competitive advantage? What are the security ramifications of divulging how to disable a system?

 

To be entirely fair, in this instance, I would have thought that such information would have been included in Aircrew training well before being placed into operation, and then included as reference materials such as flight manuals. The fact that the pilots had no knowledge of it seems to supersede any issues of competitive advantage etc, though I see where your coming from.

The ramification of divulging how to disable the systems, well, it's perspective based but worst case scenario is the all out compromise of an active system.

 

Should there be onboard continuity plans or emergency operations drills for system failures?

 

Absolutely. Though this brings a whole raft of further complications, human errors or indeed malicious intent, but such issues should be dealt with in different ways. When all is said and done, if complete control is taken from the flight crew, why even have a flight crew?

 

Should this be documented; and how to secure continuity measures?

 

Yes it should, though the classification of such a document should be appropriate. The protection of it more so. Documentation of systems is key to the longevity of it, and should be carefully constructed, not just in this case but in every case. The only thing I would say on this is the content of such documentation should be very well thought out.

I've seen many technical documents that were free to retrieve yet contained information that a would-be attacker would love to have prior to engagement. The content should be protected in such a manner that only the intended audience may see it, but it should exist.

 

We have ways and means of protecting nuclear deployment systems, among many other, the world around. why would we not be able to do something similar to ensure flight systems are not compromised, but are bypass-able in the event of unforeseen issues. Granted, Nuclear systems are a big ticket and aren't comparable as such, but you get the idea.

 

Cheers