Gold9472
09-27-2005, 05:58 PM
Air traffic control systems hackable, GAO warns
FAA defends 'very secure systems'
http://www.msnbc.msn.com/id/9503338/
The 2000 GAO Report
Click Here (http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-252)
The 1998 GAO Report
Click Here (http://www.globalsecurity.org/security/library/report/gao/aimd-98-155.htm)
Updated: 12:02 p.m. ET Sept. 27, 2005
WASHINGTON - High-tech networks that link key parts of the U.S. air traffic control system lack important controls and are potentially vulnerable to hackers and others familiar with how those computer programs work, congressional investigators concluded Monday.
The Government Accountability Office (GAO) said in an update to a 2000 report that the Federal Aviation Administration has made progress in protecting information technology systems and noted the agency's contention that its interconnected networks are secure.
Greg Martin, an FAA spokesman, said separately the investigation was too narrowly focused and the agency has adequate controls in place nationwide.
"They are very secure systems," Martin said. "There is a lot that the (report) failed to take into account."
Martin said any vulnerabilities are countered by several redundancies and other controls built throughout the information-technology architecture.
But the GAO, the investigative arm of Congress, nevertheless disclosed a series of gaps that include outdated security plans, inadequate awareness training, and questions about whether the FAA could detect intruders and keep the system up during a security breach.
"The agency has not adequately managed its networks, software updates, user accounts and passwords and user privileges," the GAO found.
Other information security controls — including physical security and background investigations — also have shortcomings that are not mitigated by special operating systems and custom software.
"The proprietary features of these systems cannot fully protect them from attacks by disgruntled current or former employees who are familiar with these features nor will they keep out more sophisticated hackers," the GAO said.
These networks help provide flight tracking and other information to air traffic controllers and flight crews. They serve hundreds of airport towers, approach control centers and facilities for handling high-altitude traffic.
"Interruptions of service by these systems could have a significant impact on air traffic nationwide," the GAO concluded.
The nation's air traffic system handled more than 46 million flights in 2004. More than 640 million people flew on commercial planes. At any one time, as many as 7,000 aircraft could be in the air.
The GAO review was conducted at FAA headquarters and three other sites.
FAA defends 'very secure systems'
http://www.msnbc.msn.com/id/9503338/
The 2000 GAO Report
Click Here (http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-252)
The 1998 GAO Report
Click Here (http://www.globalsecurity.org/security/library/report/gao/aimd-98-155.htm)
Updated: 12:02 p.m. ET Sept. 27, 2005
WASHINGTON - High-tech networks that link key parts of the U.S. air traffic control system lack important controls and are potentially vulnerable to hackers and others familiar with how those computer programs work, congressional investigators concluded Monday.
The Government Accountability Office (GAO) said in an update to a 2000 report that the Federal Aviation Administration has made progress in protecting information technology systems and noted the agency's contention that its interconnected networks are secure.
Greg Martin, an FAA spokesman, said separately the investigation was too narrowly focused and the agency has adequate controls in place nationwide.
"They are very secure systems," Martin said. "There is a lot that the (report) failed to take into account."
Martin said any vulnerabilities are countered by several redundancies and other controls built throughout the information-technology architecture.
But the GAO, the investigative arm of Congress, nevertheless disclosed a series of gaps that include outdated security plans, inadequate awareness training, and questions about whether the FAA could detect intruders and keep the system up during a security breach.
"The agency has not adequately managed its networks, software updates, user accounts and passwords and user privileges," the GAO found.
Other information security controls — including physical security and background investigations — also have shortcomings that are not mitigated by special operating systems and custom software.
"The proprietary features of these systems cannot fully protect them from attacks by disgruntled current or former employees who are familiar with these features nor will they keep out more sophisticated hackers," the GAO said.
These networks help provide flight tracking and other information to air traffic controllers and flight crews. They serve hundreds of airport towers, approach control centers and facilities for handling high-altitude traffic.
"Interruptions of service by these systems could have a significant impact on air traffic nationwide," the GAO concluded.
The nation's air traffic system handled more than 46 million flights in 2004. More than 640 million people flew on commercial planes. At any one time, as many as 7,000 aircraft could be in the air.
The GAO review was conducted at FAA headquarters and three other sites.