Aircraft are an interesting case where nobody except state actors can really afford to evaluate their security.
White hats and grey hats know the whole area is a minefield, and even a whiff of impropriety can bring the heel of the law down upon you. Airlines and aircraft makers both have a financial conflict of interests, discovering vulnerabilities and deploying fixes in existing aircraft could cost millions.
For NEW aircraft designs there is an incentive to discover and mitigate potential issues, but given aircraft's shelf life that might not be good enough over the long haul.
What can be done? I guess schemes like this one, that bring industry experts together with a real working aircraft and letting them try. But for political reasons even schemes like this could be unpopular if Boeing's shares take a hit and aircraft are grounded for service.
Apparently it's not too hard to evaluate the security, it's just costly to publicize it:
> The initial response from experts [I assume in the aerospace industry?] was, “’We’ve known that for years,’” and, “It’s not a big deal,” Hickey said.
> But in March 2017, at a technical exchange meeting, he said seven airline pilot captains from American Airlines and Delta Air Lines in the room had no clue.
> “All seven of them broke their jaw hitting the table when they said, ‘You guys have known about this for years and haven’t bothered to let us know because we depend on this stuff to be absolutely the bible,'” Hickey said.
> Aircraft are an interesting case where nobody except state actors can really afford to evaluate their security
Would this be true in countries where aircraft manufacturers aren’t also defence contractors? Or even for American non-defence plane makers, e.g. Cessna?
Beechcraft (formerly a Raytheon subdivision) makes utility aircraft (usually variants of civilian models), trainers, and target drones. They also have a light attack variant (AT-6) of one of their trainers, which as far as I know has not managed to get adopted; and have proposed a from-scratch jet-powered light attack aircraft as part of a USAF competition.
EDIT: And they also use this class of commercial jetliners; the main USAF mid-air refueler is a 767 variant, and the military has a dozen or so C-40s (a 737 variant) for logistics and airborne command posts.
Did a bit of not-super-random sampling; the only ones I'm seeing that don't produce for the military are kitplane manufacturers and this lovely oddity: https://en.wikipedia.org/wiki/Terrafugia
(And of those kitplane manufacturers, many of them also make drones for the Army and Navy.)
There is just so much overlap between civilian and military models (much more so than in, say motor vehicles) that the line between military and civilian products gets fuzzy.
White hats and grey hats know the whole area is a minefield, and even a whiff of impropriety can bring the heel of the law down upon you. Airlines and aircraft makers both have a financial conflict of interests, discovering vulnerabilities and deploying fixes in existing aircraft could cost millions.
For NEW aircraft designs there is an incentive to discover and mitigate potential issues, but given aircraft's shelf life that might not be good enough over the long haul.
What can be done? I guess schemes like this one, that bring industry experts together with a real working aircraft and letting them try. But for political reasons even schemes like this could be unpopular if Boeing's shares take a hit and aircraft are grounded for service.