Ze plane… ze plane. It’s COTS under the hood

Posted by Ed in Analysis on Aug 23, 2010

We put this out there the other day, but it’s getting some more traction in the industry press: namely, that malware did in fact contribute to the crash of a Spanair flight two years ago.

Now, this fact in and of itself is interesting. But, beyond that, what’s particularly interesting to me about this is how surprised people are by it. A number of folks have asked “how can this happen?” and “why would the warning system from this plane be running some malware-vulnerable OS?” People are just having a really hard time getting their head around the fact that this type of thing could happen.

But I’m of a different camp. I’m less surprised that things like an airplane warning system (or the International Space Station for that matter) are infected by malware – I’m surprised that this type of thing hasn’t happened more often.

Let me put it to you this way: say you are making a new special-purpose system. Like a navigation or other controlling system for an airplane, a control system for a medical instrument like an MRI, or a controlling system for a manufacturing system like a robotic arm. Option A: you can develop all the underlying services that you might need (network stack, access to storage, scheduling, etc.) completely from scratch at a cost of a multi-million dollar investment in development and a multi-year release timeframe. Option B: you develop your special-purpose system on top of a commercial off-the-shelf OS like Windows or Linux which requires relatively little development and puts you years ahead in the cycle. Not to mention that Option is highly error-prone, whereas Option B sits on top of a tested, relatively-reliable foundation. Which do you pick? Yeah, me too.

Look – under the hood, everything runs a COTS OS now. Medical devices? Check. Manufacturing systems? Check. Nuclear power safety devices? You know they do. So much so that the FDA and other regulatory oversight bodies have issued guidance for using COTS components under the hood. My point? The devices that literally keep us alive are now running COTS OS’ – and those COTS OS’ have security problems: malware susceptibility as well as others. The situation is compounded by the fact that some accreditation programs stipulate that patches (security-related or otherwise) violate certification.

Look, I’m not trying to FUD anybody out here. I’m just saying that it’s important to keep in mind what supports these critical systems, understand what the dangers are, and be able to refine accreditation programs as well as other regulation to emphasize better security rather than enforce poor security. Just my two cents.

http://anti-virus-rants.blogspot.com kurt wismer

small nitpick, but you can’t build a special purpose system out of a general purpose system. a system may be *dedicated* to a particular purpose by way of ignoring everything else it can do, but it will never be special purpose – the two computing paradigms are just too different.

totally agree with the observation, though. development costs for an actual special purpose system are just too high compared to throwing some code onto commoditized general purpose hardware.