Thu, May 07, 2009
OK, In This Day And Age... Who Isn't?
A report (FI-2009-049) from the Department of Transportation's
office of the Inspector General is raising the alarm over the
potential vulnerabilities of the nations air traffic system to
damage and interference by hackers.
The IG's Office claims that, "we issued our report on Federal
Aviation Administration (FAA) web applications security and
intrusion detection in air traffic control (ATC) systems, requested
by the Ranking Minority Members of the full House Transportation
and Infrastructure Committee and its Aviation Subcommittee. The
objectives of this performance audit were to determine whether (1)
web applications used in supporting ATC operations were properly
secured to prevent unauthorized access to ATC systems, and (2)
FAA’s network intrusion–detection capability was
effective in monitoring ATC cyber–security incidents."
The IG adds that, "We found that web applications used in
supporting ATC systems operations were not properly secured to
prevent attacks or unauthorized access. During the audit, our staff
gained unauthorized access to information stored on web application
computers and an ATC system, and confirmed system vulnerability to
malicious code attacks. In addition, FAA had not established
adequate intrusion–detection capability to monitor and detect
potential cyber security incidents at ATC facilities. The
intrusion–detection system has been deployed to only 11 (out
of hundreds of) ATC facilities. Also, cyber incidents detected were
not remediated in a timely manner."
The report explains a bit more about
their concerns by stating that 'The need to protect ATC systems
from cyber attacks requires enhanced attention because the Federal
Aviation Administration (FAA) has increasingly turned toward the
use of commercial software and Internet Protocol (IP)1-based
technologies to modernize ATC systems. While use of commercial IP
products, such as Web applications,2 has enabled FAA to efficiently
collect and disseminate information to facilitate ATC services, it
inevitably poses a higher security risk to ATC systems than when
they were developed primarily with proprietary software. Now,
attackers can take advantage of software vulnerabilities in
commercial IP products to exploit ATC systems, which is especially
worrisome at a time when the Nation is facing increased threats
from sophisticated nation-state-sponsored cyber attacks.'
More News
A Puff Of Smoke Came Out From The Top Of The Engine Cowling Followed By A Total Loss Of Engine Power On May 9, 2025, about 1020 mountain daylight time, an experimental amateur-buil>[...]
From 2022 (YouTube Edition): Jenny, I’ve Got Your Number... Among the magnificent antique aircraft on display at EAA’s AirVenture 2022 was a 1918 Curtiss Jenny painstak>[...]
Very High Frequency (VHF) The frequency band between 30 and 300 MHz. Portions of this band, 108 to 118 MHz, are used for certain NAVAIDs; 118 to 136 MHz are used for civil air/grou>[...]
“From approximately November 2021 through January 2022, Britton-Harr, acting on behalf of AeroVanti, entered into lease-purchase agreements for five Piaggio-manufactured airc>[...]
From 2008 (YouTube Edition): US Fish and Wildlife Service Chooses The Kodiak To Monitor Waterfowl Populations Waterfowl all over North America may soon have to get used to a new ab>[...]
NTSB Prelim: Lee Aviation LLC JA30 SuperStol
See All