FAA Air-Traffic Systems Lack Cyberprotections, GAO Finds
Posted on: Thursday, 20 October 2005, 18:00 CDT
By Rob Thormeyer, GCN Staff
Air-traffic control systems operated by the Federal Aviation Administration contain significant cybersecurity weaknesses and are vulnerable to attack, according to a recent report from the Government Accountability Office.
In the report, GAO concluded that the agency has not completely implemented information security programs that protect its systems from cyberattack.
"FAA has made progress in implementing information security for its air traffic control systems by establishing an agencywide information security program and addressing many of its previously identified security weaknesses; however, it still has significant weaknesses that threaten the integrity, confidentiality and availability of its systems--including weaknesses in controls that are designed to prevent, limit and detect access to those systems," the report said.
FAA officials admit the weaknesses exist, but contend that because parts of their systems are custom-built with older equipment, special-purpose operating systems and proprietary communication interfaces, chances for unauthorized access are limited, according to the report.
"Nevertheless, the proprietary features of these systems do not protect them from attack by disgruntled current or former employees who understand these features, or from more sophisticated hackers," the report added.
GAO recommended that the agency address the following weaknesses: outdated security plans, inadequate security awareness training, inadequate system testing and evaluation programs, limited security incident-detection capabilities and shortcomings in providing service continuity for disruptions in operations.
In response, FAA officials said they will consider the recommendations, but also stated that the report is not indicative of the agency's security systems.
Meanwhile, Rep. Tom Davis (R-Va.), who chairs the House Government Reform Committee that asked for the report, said FAA must address the recommendations. "Given the ever-evolving nature of cyberthreats and the thought of someone with malicious intent accessing FAA's IT systems, complacency is not an option," he said.
Reported By GCN Daily Updates, http://www.gcn.com
(20050926/WIRES Communications_Networking, enterprise_hardware, security, homeland-security, technology-policy, daily-updates/)
Source: Newsbytes
Related Articles
- SAIC Awarded Contract to Support Department of Homeland Security, Federal Emergency Management Agency (FEMA)
- (ISC)2(R)'s Lynn McNulty Inducted into the Information Systems Security Association Hall of Fame
- SAIC Awarded $104 Million Contract by Department of Homeland Security, Federal Emergency Management Agency
- Harris Team Completes Weather and Radar Processor System Transition to FAA Telecommunications Infrastructure Network
- Audit Finds Security Weaknesses at NASA Center
- Bull and NEC Confirm New Industrial Partnership Arrangements in the IT Systems Security Marketplace
- McAfee, Inc. Selected By Continental Airlines for Strategic Approach to System Security
- Stratacache Launches OmniCast 3.0; Terabyte File Capacity, Improved Bandwidth Management, Full TCP/Internet Support, Windows File System Security Highlight List of Improvements
- State of Louisiana's Criminal Justice System Secured With Joint 3Com, TippingPoint Solution; Secure Network Solution Pays Immediate Dividends; Saves Network From Severe Security Breach
- Gates' Comdex Keynote Address Focuses on Spam, Security Weaknesses
 |
 |
User Comments (0)
RSS Feeds