Can the 737 be attacked by hackers? - The FAA wants your feedback

Last Friday (6 June 2014), the FAA published a proposal for additional requirements that would make it less likely that someone could hack into critical electronic systems on some 737 models. The language is a bit dense, but the implication is that several models of the 737 (the 737-700, -700C, -800, -900ER, -7, -8, and -9 series) have an unusual design feature that allows access to the airplane's critical systems and data network by way of the passengers service computer systems.

It is not at all clear that this is a current danger, or if a 737 has already been hacked. For more details, you can review the Federal Register item that discusses this issue (Federal Register Vol. 79, No. 109, pages 32642-3), and for further details you can find out more in the docket folder for Docket FAA-2014-0302

What's the problem?
According to the FAA, the applicable airworthiness regulations do not contain adequate or appropriate safety standards to prevent inappropriate access to critical information systems. The special conditions that the FAA wants to add to the regulations contain additional safety standards that would presumably establish a level of safety equivalent to existing airworthiness standards.

The FAA wants your comments
The FAA would like to hear what you have to say, and invites everyone to contribute to this rule making effort. You can send written comments, data, or or other information to the FAA. While the most helpful comments would reference a specific portion of the special conditions, the FAA will consider all comments. The closing date for comments is 21 July 2014.

The FAA accepts comments online, by, fax, by mail, or it in person:

• Online: Visit this link to the comment page, or if that does not work, visit http://www.regulations.gov and search for docket number FAA-2014-0302-0001

• Mail: Send comments to Docket Operations, M-30, U.S. Department of Transportation (DOT), 1200 New Jersey Avenue SE., Room W12-140, West Building Ground Floor, Washington, DC 20590-0001.

• Hand Delivery or Courier: Take comments to Docket Operations in Room W12-140 of the West Building Ground Floor at 1200 New Jersey Avenue SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except federal holidays.

• Fax: Fax comments to Docket Operations at 202-493-2251.

Common questions about the comment process

• Can anybody leave a comment?: Yes

• Do I have to be some kind of computer or aviation expert: No

• Will my comments make a difference?: Hard to say

Additional resources
Overview at regulations.gov
FAA docket folder

Photo of Boeing 737-8ZS cockpit: Wikipedia

Mapping the intersection of mind and computer in the cockpit

The following is based on the article Mapping the intersection of mind and computer from guest writer Christine Negroni

Well my inbox is filling up again with emails, as it did last month when I reported the following story for The New York Times on pilot complacency and cockpit automation.

Prompting the latest flurry of comments is a June 15, 2010 article by Andy Pasztor and Daniel Michaels in the Wall Street Journal about the crash in May 2010 crash of an Afriqiyah Airways A330. Only one of the 104 people on the Airbus A330 from Johannesburg to Tripoli survived the accident.

According to Pasztor and Michaels the landing accident is being seen as one in “which confused pilots got out of sync with the plane's computerized controls and ended up flying an apparently functioning commercial jet into the ground.”

This is no one-off event. A number of studies over the past 15 years indicate pilots fail to adequately monitor what the airplane is doing in one-half to three-quarters of all accidents. So in the wake of the Afriqiyah Airways disaster, what’s the big idea being proposed? More automation. That’s right, Airbus is said to be working to “devise foolproof automated ground-collision avoidance systems” that in cases of emergency transfer control from the pilots to the airplane.

“This is very disturbing”, wrote Hugh Schoelzel, a retired captain who worked as director of safety for TWA. “The more automation we add, the more training and pilot qualification issues arise. I believe in automation, but as an adjunct to basic pilot skills, not as an ‘end-all’.”

While automation may be causing a decrease in piloting skills as Mr. Schoelzel suggests, Professor Missy Cummings of the Massachusetts Institute of Technology says there is another reason to be concerned about cockpit automation; boredom.

Dr. Cummings a former Navy pilot, is director of the humans and automation laboratory at MIT’s department of Aeronautics and Astronautics. Not surprisingly she is a proponent of automation and envisions a future that will include at least some pilotless commercial flights. But first some extremely troublesome problems have to be wrestled to the ground, problems demonstrated by one of Dr. Cummings students, Master’s degree candidate First Lt. Christin S. Hart, who has found that too much automation can prove counter-productive.

“Increased automation can lower an operator’s workload too much, leading to mental underload, which can cause a decrement in vigilance, or sustained alertness, and lead to boredom. It has been shown that boredom produces negative effects on morale, performance, and quality of work,” she wrote in her paper, Assessing the Impact of Low Workload in Supervisory Control of Networked Unmanned Vehicles.

These findings do not surprise Dr. Cummings “The human mind craves stimulation”, she explained to me last week during a visit to her office in Cambridge. Failing to find that stimulation in the task at hand, the mind will wander.

This cuts to the heart of a number of events outlined by industry researchers but takes us at warp speed to the episode last October in which two Northwest Airlines pilots overflew their destination - the Minneapolis airport. The Northwest pilots were doing personal work on their laptops which is not allowed.

“It doesn’t have anything to do with automation,” FAA Administrator Randy Babbitt told me. “Any opportunity for distraction doesn’t have any business in the cockpit. Your focus should be on flying the airplane.”

But if I’m reading Lt. Hart’s study properly, the automation itself is an opportunity for distraction, even as it assists pilots by reducing workload and increasing the precision of calculations and navigation.

This is a conundrum. In today’s cockpit, two highly complex systems – the mind and the computer – come together, even though the contours of that intersection are still being mapped. It is not only unwise to race to a fix that fails appreciate these systems in balance, but it is unlikely to result in success.

Related Content
NTSB opens public docket on Northwest overflight

Former TSA employee accused of attempted computer sabotage

Earlier this week, federal prosecutors in Colorado charged a former Transportation Security Administration employee with attempting to sabotage TSA computer systems, including one that contains key terrorist watch lists.

The former employee, Douglas Duchak, 46, of Colorado Springs, faces two charges of attempting to damage protected TSA computers. From August 2004 to October 2009, he worked as a data analyst at the TSA's Colorado Springs Operation Center where the government maintains computer systems that contain among other things the government's no-fly list. He allegedly tried to send a virus into the computer system's servers in late October 2009, after learning he would be terminated.

The computer system includes the government's no-fly list.

In the federal indictment, prosecutors stated Duchak failed in his attempt to introduce a virus into the computer system. Had he been successful, prosecutors claimed that his actions "would have caused damage affecting a computer used by the United States government in furtherance of national security."

Duchak was informed on October 15, 2009 that his employment would end on October 30th. In the indictment, he is accused of having introduced malicious computer code into the system on October 22nd and October 23rd. The indictment implied that his employment was terminated on October 23rd, a week before his employment was originally scheduled to end.

Duchak entered a not guilty plea during a hearing in Colorado and was released on a $25,000 bond. If convicted of both counts, he faces up to 10 years in prison and a fine of $500,000.

NTSB to Open Up Public Docket on Northwest Airlines A320 Overflight in October 2009

Detailed information from the NTSB investigation into the October 21, 2009 incident involving the distracted Northwest Airlines pilots have been released to the public. The incident, which resulted in a large amount of media attention, occurred when the pilots of Northwest Airlines flight 188 was out of contact with air traffic control for about for 77 minutes while cruising from San Diego to Minneapolis.

The Airbus A320 (N03274) overflew Minneapolis by more than 100 miles before re-establishing radio contact with air traffic controllers and landing at the destination airport. There were no injuries to the 149 aircraft occupants, or damage to the aircraft.

Overview of Final Stages of the Flight

Reportedly, one of the reasons why the pilots did not respond to radio calls was because they were using their laptop computers in the cockpit and were distracted. While using laptops in the cockpit is allowed by the FAA, use of personal computers in the cockpit was not allowed by Delta (which owns Northwest). Both pilots were dismissed by the airline, and the FAA revoked their licenses.

Included in the docket will be factual reports from several of the NTSB-led groups involved in the investigation, including the Operations Group, Air Traffic Control Group, Survival Factors Group, Cockpit Voice Recorder Group and Flight Data Recorder Group. The docket will be available on Wednesday morning, December 16th. To view the contents of the docket, visit the the public docket page for this incident.

Related Information
Northwest Flight 188 public docket page
Previous AirSafeNews.com Incident Update
Original AirSafeNews.com article on this incident
Delta Airlines Statement 26 October 2009
FAA air traffic control transcripts and audio recordings
NTSB Update from 26 October 2009

Passenger Electronic Devices Survey Results

Earlier this month, an AirSafe.com article on free wireless Internet access in airplanes and airport terminals included a survey on suggested guidelines for use of personal electronic devices in airplanes and airports. A survey in the article asked several questions, and 35 members of the AirSafe.com audience were kind enough to respond.

Using Electronics in the Sky
Not surprisingly, all but three of those responding have carried electronic devices on aircraft, with 26 reporting using a cell phone and an equal number admitting to carrying laptops or iPod type devices.

Most Think Guidelines Appropriate
One question was whether the suggested guidelines, which included using headphones, not displaying inappropriate images, and no cell phones in flight were appropriate. Of the 35 respondents, 23 thought they went far enough, four thought they didn't go far enough, and two thought they went too far. Six others were not sure.

Cell Phones in the Air Not a Popular Idea
The possibility of cell phone use in the sky brought out some strong opinions, with 11 checking the 'No' box and another 11 checking the 'Hell No' box. Coincidentally, 11 others checked the 'Yes' box.

Original Survey Questions and Choices
1. Do you think that these guidelines go far enough? (Yes, No, Not Sure, Other)
2. Have you traveled with a personal electronic device? (Yes, No)
- If you answered yes, what kind of device? (Cell phone, Laptop, iPod type device, game player, PDA, other)
3. Do you think that in flight phone calls should be allowed? (Yes, No, Hell No, Not Sure)

Other Comments
Perhaps the most interesting part of the survey was the variety of comments that were sent in. They have been included below with only slight editing for spelling and grammar:

- I think it depends on the circumstances. It's a hard one, because too much regulation is not good and not enough (regulation) leads to unhappy passengers which you really don't want in an enclosed space 32,000 feet in the air.

- I think that we have a right to view, read or whatever we want to do and for the phone call thing, what is the difference between talking on the phone or to another person on the plane? Get real!

- (Unless) it is an emergency written correspondence only

- In the old days they had a smoking section why not sections that allow certain things or even an internet cafe area.

- In-Flight content should not be limited.

- Life is evolution, and we must establish rules and education on behavior.

- The problem of one person's freedom running into other people's freedom from objectionable material already exists. You don't need WiFi to use your laptop or iPod on the plane.

- Too many already violate the law and confiscation of the devices is a must!

- Socks should be provided for mouths to passengers who insist on talking really loud on early morning and late night flights. And isolation booth for crying children like they used to have in churches would be a great idea.

Photo: gregoryjameswalsh

Free Airborne WiFi Makes it More Likely That You Will See Inappropriate Inflight Entertainment

Recently, Google announced that it would provide free wireless access at 47 airports throughout the US, and on domestic US flights on Virgin America. While this is a temporary promotion, it represents a progression that will probably lead to universal, and likely free, Internet access in airport terminals and in aircraft.

While online access is something that most passengers will welcome, there are a few issues that have not been resolved, and likely will not be resolved by laws or regulation, and that is the issue of what is acceptable online behavior in an airport or on an airplane.


While laptop computers, cell phones, and other personal electronics have been around for more than a generation, only in the last few years have these technologies have made it easy to play videos, and the costs dropped so much that almost anyone can afford to have some kind of electronic device that can play audio files or video files, or stream audio and video online.

The problems come when one person's freedom to read, hear, or watch almost anything imaginable runs into another person's freedom from objectionable material. In the years before there were iPods and laptops, about the worst thing that a passenger could bring on board was a magazine featuring nudity (magazines still widely available in airport newsstands).

While there are no federal guidelines for what kind of content is allowed on PEDs, most flight attendants would likely use a common sense approach similar to the one described in a November 12, 2009 Washington Post article written by Monica Hesse. She quotes a flight attendant who said that he flights attendants don't do anything about what people are watching unless it is disturbing other passengers.


AirSafe.com has provided general guidelines for how a passenger should behave with their personal electronic devices. When it comes to wireless activity in the terminal, and especially in an aircraft AirSafe.com suggests the following guidelines:

• Don't Make Noise When playing music or other audio content, use headphones or earphones. If you are using a laptop, video game, or other device where you need the visuals but don't need the audio, turn the audio off. If that isn't possible, don't the device.
  
  
• Don't Display Inappropriate Images - Inappropriate images generally include sexually oriented material, material depicting extreme acts of violence, or other images that could be upsetting to other passengers. You can display these kinds of images only if no one else can see your display, but few seats in an aircraft or in a terminal would likely have this amount of privacy. This rule holds true
  
  
• Avoid Phone Calls While in Flight - It may be tempting to use in flight online access to make calls on Skype or some other VOIP service, but don't. It unlikely that your seatmate will take kindly to an unwanted conversation, and though it may be possible to make a call in privacy from the lavatory, but would you want to admit that in public later on?
  
  
• Read Whatever You Want - If someone is close enough to read what you are reading, then that person is violating your privacy.
  

Please Take the Time To Respond to Our Survey

The survey is now closed. The results of the survey are available here.

Photos: hfabulous, Wikipedia

Updates on Two Recent Qantas Accidents Involving an A330 and a 747

Second Interim Report on Qantas Accident of 7 October 2008
The Australian Transport Safety Bureau (ATSB) released its second interim report about a 7 October 2008 event when a Qantas A330-300 (VH-QPA, Flight 72) experienced an unexpected and rapid change in altitude while the aircraft was in cruise at 37,000 feet. The accident resulted in injuries to 110 passengers and nine crew members.

The first interim report identified two significant safety factors. First, one of the air data computers provided incorrect data that was not detected by the aircraft systems. Second, the aircraft's flight control computers did not process some of the aircraft's attitude data in a specific situation.

The second interim report did not identify the cause of the October 2008 event, but detailed the safety actions that have been taken that would prevent a recurrence of the event, including modifications to the A330's primary flight control computer and changes in flight crew operational procedures.


The ATSB addressed the possible relationship between the October 2008 Qantas A330 event and the June 2009 crash of an Air France A330-200 (F-GZCP, Flight 447). Although both investigations are ongoing, the ATSB pointed out several key differences between the two events:

• The air data computers on the two aircraft were different models, and constructed by different manufacturers.

• The cockpit messages and maintenance fault messages from both flights showed a significantly different sequence and pattern of events, with the maintenance messages that were transmitted by the Air France aircraft prior to the accident showing inconsistencies between the measured airspeeds and the associated consequences on other aircraft systems. No such messages were recorded by by the Qantas aircraft.

• The airspeed sensors (pitot probes), which were a issue of great concern in the Air France Accident, were not an issue in the Qantas accident because they were different airspeed sensor models made by different manufacturers.

Update on Qantas 747 Decompression Event
On 25 July 2008, a Qantas 747-400 (VH-OJK, Flight 30) experienced a rapid decompression while cruising at 29,000 feet after an oxygen cylinder that was part of the emergency oxygen system exploded and blew a hole in the fuselage. In their second interim report on the decompression event, the ATSB reported that there is no evidence of a safety problem with the oxygen bottles of the type involved in the accident.

ATSB reported that among the actions taken by Qantas were a fleet-wide safety inspections of oxygen system installations and a revision of flight crew emergency procedures, including the introduction of a new depressurisation checklist. Also, various tests have not been able to replicate the cylinder failure that initiated the accident.

Additional Information
You can find more details about these three accident investigations, including links to the interim reports from the investigating authorities, at the following pages:
Qantas 747 Depressurization Accident 25 July 2008
Qantas A330 In Flight Upset Accident 7 October 2008
Air France A330 Crash 1 June 2009

How to Protect Your Laptop and Your Computer Data When Going Through Airport Security

The recent arrests of the couple accused of stealing over 1,000 checked bags from the Phoenix airport highlighted one of the baggage theft risks that airline passengers face each time they fly. Another ongoing problem inside the airline terminal is the risks passengers face of having their laptop computer lost, stolen, or damaged.
The two areas of risks are taking the computer through security and inside the airport terminal.

Putting Laptops in Checked Baggage
There is a very simple way to avoid this problem-just don't do it. There is the obvious risk of a lost, damage, or stolen checked bag. Also, airlines often load bags on top of one another in the cargo hold of your flight. Hundreds of pounds of pressure in conjunction with the low temperatures in unheated cargo compartments may lead to cracks or damage to the laptop screen or damage to other components.

Taking the Laptop Through Security
In the US and in most other countries, laptops have to be taken out of its carrying case or out of your carry-on bag as you go through the x-ray scanners at airport security. To protect your laptop, you should do the following:

• Place laptops in a bin by itself before you put it through the x-ray machine.
  
• Keep your laptop in sight at all times. You may be delayed getting through the metal detector or you may be pulled aside for additional screening. If this happens, make sure you keep your laptop in sight. If you are traveling in a group, one thing that you can do is to have the first person through security be the person who takes care of all the laptops.
  
• Reclaim and secure your laptop as quickly as possible once you are through the screening process.

Laptop Security in the Terminal
If you decide to use your laptop during the time before boarding, take the same precautions that you would in any other public space. Don't leave your laptop unattended, and if you the airport has free wi-fi access, avoid doing anything online such as online banking that requires a secure connection.

Other Laptop Security Hints
In addition to protecting your laptop from loss, damage, or theft, you should also take the time to protect the information on the laptop. One way to do that is to separate the data from the laptop. For most users, the information on a laptop is far more valuable than the laptop itself. One easy way to protect against the loss of data is to either backup your data before you travel, or plan to keep any important or sensitive data data separate from the laptop in a device such as a flash drive, CD-ROM, or or external hard drive. Of course, these data storage devices should always be with you or with your carry-on bag, and not in any checked bag.

If you are unwilling or unable to separate the data from the laptop, at least put some kind of password protection on the laptop or on individual files or directories within the laptop.

One way to avoid the hazards and hassles of taking your laptop out for security screening is to use alternative electronic devices. Unlike the situation with laptops, special screening is not required for small data-related devices like Internet enabled phones such as the iPhone or Blackberry, PDAs, flash drives, and other small data-related devices.

Related Resources
Baggage Basics for Checked and Carry-on Items
Carry-on Baggage Advice
Top 10 Baggage Tips
Top Ten Tips for Dealing with Security
Overhead Baggage Risks
Hazardous and Prohibited Baggage Items