"Boeing’s Poor Information Security Posture Threatens Passenger Safety, National Security"
Chris Kubecka, a security researcher and critical infrastructure expert, recently gave a presentation at the Aviation Cyber Security conference in London in which she discussed the threat posed by Boeing's inadequate information security practices to aviation safety and national security. According to Kubecka, one or more of Boeing's emails are infected with malware. These infected email servers are also believed to be used to obtain sensitive intellectual property such as software source code. Security failures include the public exposure of Boeing's test development network to the internet, a lack of a TLS certificate to allow encrypted web traffic via HTTPS on Boeing's official website, and more. This article continues to discuss the discoveries made surrounding Boeing's information security practices, the response to these discoveries, Boeing's vulnerability disclosure program, and aviation cybersecurity research.