There’s a speculative report from the Sunday Express that theorises that Malaysian Airlines Flight MH370 might have been hijacked, potentially, by terrorists who might have used a mobile phone to access airline systems that could have been interconnected with the inflight entertainment system. That’s a lot of weasel words isn’t it?
But, let’s for a moment say that this is all possible and that the plane was taken over by someone using a smartphone app. Can we learn anything from this?
If you don’t want people to “jump” across systems then they need to operate independently on separate infrastructure. For example, on a plane, the network used to distribute movies for the inflight entertainment system needs to be a separate physical LAN from the aircraft control systems.
All wireless comms for the flight systems need to be encrypted.
Logins to systems need to be fiercely protected.
Robust intrusion detection systems need to be employed so that any attempt to break into a control system is recorded and the source is identified as best as possible.
There are lots of other elements to this story that are worth considering but, even if the speculation is wildly inaccurate, it does give us some food for thought when it comes to designing our own systems.