Watchdog: Air traffic control system is a hacking risk

By JOAN LOWY Associated Press WASHINGTON (AP) — The nation’s system for guiding planes and other aircraft is at “increased and unnecessary ris...

By JOAN LOWY
Associated Press

WASHINGTON (AP) — The nation’s system for guiding planes and other aircraft is at “increased and unnecessary risk” of being hacked, according to a report by government watchdog released Monday.

The Federal Aviation Administration has taken steps to protect the air traffic control system from cyber-based threats, but “significant security control weaknesses remain, threatening the agency’s ability to ensure the safe and uninterrupted operation,” said the report by the Government Accountability Office.

One area of weakness is the ability to prevent and detect unauthorized access to the vast network of computer and communications systems the FAA uses to process and track flights around the world, the report said. The FAA relies on more than 100 of these air traffic systems to direct planes.

There also are inadequate protections to prevent entry into air traffic computer systems from other, less-secure computer systems not directly involved in traffic operations, the report said.

Other problems identified in the report include:

–Security weaknesses identified by the FAA weren’t always addressed in a timely way.

–Security control assessments by the agency weren’t always comprehensive enough to find weaknesses.

–Shortcomings in monitoring for hacking incidents or unauthorized entries mean the FAA may not be able to “contain, eradicate or recover from incidents.”

These weaknesses put the air traffic system “at increased and unnecessary risk of unauthorized access, use or modification that could disrupt air traffic control operations,” the report said.

The accountability office made 14 recommendations to the FAA and another three to the Transportation Department.

Keith Washington, a Department of Transportation acting assistant security, said in a letter to the accountability office that the FAA is aware of the importance of the matter and has achieved several milestones in improving its cybersecurity.

FAA officials had no comment. The agency is part of the Transportation Department.

Following the report’s release, the chairman and senior Democratic member of the Senate Commerce, Science and Transportation sent a letter to FAA Administer Michael Huerta asking for a “full accounting on the status” of the accountability office’s recommendations.

“These vulnerabilities have the potential to compromise the safety and efficiency of the national airspace system, which the traveling public relies on each and every day,” said Sens. John Thune, R-S.D., and Bill Nelson, D-Fla. They called the report “troubling.”

__

Online:

Government Accountability Office report — http://www.gao.gov/products/GAO-15-221

__

Follow Joan Lowy on Twitter at http://www.twitter.com/AP_Joan_Lowy

Copyright 2015 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Copyright © 2024 The Associated Press. All rights reserved. This website is not intended for users located within the European Economic Area.

    Stacy Bostjanick and Jennifer Henderson

    Risk and Compliance Exchange 2024: DoD’ Stacy Bostjanick, DCMA’s Jennifer Henderson on finding ‘any means possible’ to help small biz with CMMC

    Read more
    Amelia Brust/Federal News Networkcybersecurity

    How should software producers be held accountable for shoddy cybersecurity products?

    Read more