(Update – great link in John Regehr’s comment)
Apparently, passenger, admin, and air control computers are all connected. Here’s a reassuring comment (emphasis added)
Boeing spokeswoman Lori Gunter said the wording of the FAA document is misleading, and that the plane’s networks don’t completely connect.
The FAA is concerned.
The proposed architecture of the 787 is different from that of
existing production (and retrofitted) airplanes. It allows new kinds of
passenger connectivity to previously isolated data networks connected
to systems that perform functions required for the safe operation of
the airplane. Because of this new passenger connectivity, the proposed
data network design and integration may result in security
vulnerabilities from intentional or unintentional corruption of data
and systems critical to the safety and maintenance of the airplane. The
existing regulations and guidance material did not anticipate this type
of system architecture or electronic access to aircraft systems that
provide flight critical functions.
So we are closer to the first DRM induced fatality!