I wasn’t thinking a “we’re pushing an update too bad” kind of thing but more a “hey you have to do this to be allowed to fly, your choice” with the weight of law behind it.
That guide book was genuinely amazing, it was easily the best-written technical document of any kind that I had read.
The security is dialed up to 11 as well. It explicitly calls out the following scenario:
1) The plane is leased.
2) the maintenance is outsourced.
3) The plane at an airport in an "unfriendly" country.
4) The plane is not allowed to take off until it is patched due to an emergency directive.
That scenario is handled, securely!
There is encryption between the plane and the airport WiFi.
The maintenance crew can also plug in to an Ethernet port near the front landing gear.
There is a VPN back to the patch server managed by the airline.
The VPN host certificate is explicitly whitelisted in the plane.
The plane won't accept a patch unless it has been digitally signed by Boeing, the FAA, the Airline, and potentially the manufacturer and the local equivalent of the FAA!)
The pilot has to enter a 4-digit pin code in the plane.
Most of the associated wiring is only physically connected if there is weight on the front landing gear. You can't "hack" a plane in-flight and patch it with malware, the required cabling isn't connected.
I wasn’t thinking a “we’re pushing an update too bad” kind of thing but more a “hey you have to do this to be allowed to fly, your choice” with the weight of law behind it.