This post is also available in: עברית (Hebrew)
The country’s air traffic control systems are vulnerable to hackers. This, according to a 42-page document entitled “Information Security: FAA Needs to Address Weaknesses in Air Traffic Control Systems”. The document says that while the FAA has taken steps to decrease vulnerabilities in the air traffic control system, it has not fully addressed problems including those which could make critical computer systems vulnerable to hackers.
“These breaches include weaknesses in controls intended to prevent, limit, and detect unauthorized access to computer resources, such as controls for protecting system boundaries, identifying and authenticating users, authorizing users to access systems, encrypting sensitive data, and auditing and monitoring activity on FAA’s systems,” the GAO (Government Accountability Office) authors wrote.
GAO discovered, for example, that FAA “did not always sufficiently test security controls to determine that they were operating as intended; resolve identified security weaknesses in a timely fashion; or complete or adequately test plans for restoring system operations in the event of a disruption or disaster.”
According to hstoday, the agency’s information security systems and procedures did not meet the requirements of a 2002 law, and its information security strategic plan had not been updated since 2010.
“These shortcomings put (national airspace) systems at increased and unnecessary risk of unauthorized access, use, or modification that could disrupt air traffic control operations,” the report said.
The GAO’s 17 public recommendations include increasing training, do a better job of identifying and fixing problems, strengthening protocols for access control, increasing organizational planning, and keep better records to allow monitoring data traffic to detect unauthorized access.
The FAA agreed with the GAO’s recommendations in a two page letter included in the document and highlighted their efforts to increase cyber security. “The Agency is fully cognizant of the vital requirement to secure the National Airspace System cyber environment as part of the nation’s critical infrastructure,” Keith Washington, the Acting Assistant Secretary for Administration wrote.
“These vulnerabilities have the potential to compromise the safety and efficiency of the national airspace system, which the traveling public relies on each and every day,” said Sens. John Thune (R-SD) and Bill Nelson (D-Fla.).