Re: " ineffective and misplaced regulatory oversight,"
"You may well be right. What would you prefer instead?"
I think we'd all prefer and benefit from effective and well focused regulatory oversight.
Part of the problem is that the regulators seem not to have a good feel for where the system boundary should be. In the case of medical devices it's clear that they don't consider the network to be part of the system, yet as any old IT bod knows the network most certainly does matter. We spend a lot of money in IT on network firewalls, network switches, virtualised networks, etc. It is never an afterthought that we throw together after we've put in a load of servers.
With medical devices the regulations prevent you automatically apply OS updates, etc. The regulators approve a fixed hardware design with a fixed software payload; applying updates makes it a "different" device that has not been approved.
So if the 'fixed' nature of the software is so important, how come they're quite happy for these things to be connected to networks that evidently expose them to a grave and real risk of having their software altered by hackers remote installing malware? It's almost as is they're relying on a naive opinion that "no one would ever hack a hospital"... And as I implied in my comment above, if the network provides important functionality, how come the 'fixed' configuration philosophy doesn't extend to the network too?
That is inconsistent, has been demonstrated to be ineffective and the regulations need to be updated. However connecting them up to the Internet has been allowed for so long that it is the de facto rule, and all hospital IT is now structured that way. Regulation that doesn't properly and rapidly account for changes in the world isn't worth having at all.
If they want to keep their "fixed configuration" philisophy then they're going to have to apply that to the network too. This realistically means a closed network not connected to the Internet where there are no USB ports or optical drives available on any machine on the network. I can't see that going down well...
"And when you've sorted medial equipment, avionics regulation is in need of a serious reconnection with reality."
Again the situation there is that the regulators have failed to set a clear system boundary within which their rules apply. They've incorrectly set the system boundary as being the whole aircraft, and regulated within that.
However Boeing and Airbus have both implemented a single aircraft-wide network that carries or is exposed to passenger devices. The FAA/EASA let that happen seemingly without once considering the possible consequences of connecting passenger devices. Connecting them makes them part of the system. Passenger devices cannot be regulated. Thus the system now comprises an approved subsystem (the aircraft) and many unapproved subsystems (the passengers' mobiles, etc). With wildcard devices being part of the system all that regulatory oversight now counts for nothing, for it is no longer the same system that the regulators approved.
Of course they have done testing of the separation of passenger and flight control network data, and they have probably been successful in achieving adequate separation. However, no one can be totally sure of that. In contrast a single successful hack would prove that adequate separation had not been achieved.
Penny Pinching, Pound Foolish
The reasons Boeing and Airbus have for doing that is to economise in off-aircraft communications channels. The flight control avionics, the airline's own systems and the in-flight entertainment need to provide off-aircraft communications for various reasons, and sharing a single sat comm terminal makes it "cheap".
Except it's not cheap. First it creates the situation we have now where no one is quite sure whether or not anyone with a mobile can hack and down an aircraft. That's going to be expensive to put right.
Setting that aside, sharing a sat comm terminal is an incredibly short sighted thing to do. Bandwidth upgrades are clearly going to be a major requirement of airlines competing to provide a better service to paying passengers. That means hardware upgrades.
Upgrading a Shared Sat Comm?
With a shared sat comm terminal that means getting a whole new and improved unit designed, tested, approved by the regulators as still allowing the aircraft to fly safely, and installed. That's an expensive process, largely because of the approvals that have to be gained first. That process has to consider (amongst other things) whether or not it still correctly separates passenger and avionics network data. That will have to be checked differently every time they add new features. Effectively they would be redesigning the approval tests every time the design changes, adding more time and cost.
As any IT bod knows, a system that's exensive and slow to upgrade isn't going to be very profitable.
Upgrading a Separate Sat Comm?
Now imagine if the IFE were a completely separate network (with a data diode connection from the flight control avionics to get data for the moving map display), and had it's own sat comm terminal. That could be upgraded at will with minimal regulatory oversight because it is never going to be critical to safety of flight (at least not once basic EMC and airworthiness approvals are in place). Meanwhile the sat comm terminal for the flight control avionics just sits there, never upgraded because it won't ever need it.
That would be a lot cheaper and quicker to do; across the whole life of the aircraft the airlines would be able to offer a premium service that's always the best, with upgrades being easy to role out. And an added benefit is that it avoids the whole mess we have now.