[OliverJones]

This GAO report is interesting. Some dopes in the popular press picked up on it saying "passenger wifi is linked to airplane control", because vague mention of that was made in the abstract. But, of course, the report isn't about that at all.

But it's more interesting in its recommendation that the FAA develop a holistic "agency-wide threat model" for its NextGen IP-based air traffic control system.

Haven't we outgrown the idea that the developers of large-scale systems should also be responsible for testing it? Haven't we understood, for a long time now, that developers have blind spots about their own work?

The danger of blind spots is only amplified by large bureaucratic organizations spending tons of money. If the FAA has "a" threat model, won't potential threats lying outside that model get ignored?

Public safety might better served be by a bug-bounty system, or by retaining several teams of outsiders to penetration-test a system like this.

But it will take some serious organization discipline to pull this off. Every software developer knows there's a twinge of embarrassment when the QA test finds a defect. Hopefully the NextGen team will be similarly embarrassed by the most ingenious of their pen-testing teams. And hopefully their organization will have the good sense not to punish them.