Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management
    • Networking

    Report: Air Traffic Systems Wide Open to Hacker Attacks

    By
    Ryan Naraine
    -
    September 28, 2005
    Share
    Facebook
    Twitter
    Linkedin

      The nations air traffic control system is wide open to malicious hacker attacks because of “significant weaknesses” in the Federal Aviation Administrations network security maintenance, according to a warning from the U.S. GAO (Government Accountability Office).

      The Congressional watchdogs startling findings formed part of an update to a study first conducted in 2000 into the FAAs information security systems.

      According to the independent GAO, not much has improved in the five years since the original study.

      “Although FAA has made progress in implementing information security by establishing an agency-wide information security program and addressing many of its previously identified security weaknesses, significant information security weaknesses remain that could potentially lead to disruption in aviation operations,” the GAO said in a report released this week.

      The 37-page document pinpointed weaknesses in electronic access controls, physical security and background investigations that “increase the level of risk.”

      These lax controls extend to the managing of computer networks, system and software patches, user accounts and passwords, user rights and the auditing of security-relevant events.

      “A key reason for FAAs weaknesses in information system controls is that it has not yet fully implemented an information security program to ensure that effective controls are established and maintained,” said the GAO, which is a nonpartisan agency that works for Congress.

      The accountability watchdog said effective implementing of the program calls for the assessment of risks, the establishment of appropriate policies and procedures and the implementation of security plans.

      The GAO report found major gaps in the way the FAA handled the security of the air traffic networks.

      “For the systems we reviewed, FAA did not consistently configure network services and devices securely to prevent unauthorized access to and ensure the integrity of computer systems operating on its networks,” the report said.

      /zimages/3/28571.gifTo read more about the GAOs warning about poor federal computer security, click here.

      “We identified weaknesses in the way the agency restricted network access, developed application software, segregated its network, protected information flow and stored the certificates that are used for authentication,” it added.

      The report included specific examples of the lax network security, pointing out that access for system administration “was not always adequately restricted, and unnecessary services were available on several network systems.”

      “As a result, it is at increased risk of unauthorized system access, possibly disrupting aviation operations,” the report added.

      Last year, the FAAs air traffic control system managed more than 46 million flights, accounting for 640 million passengers. In all, the system was used to control about 7,000 civilian and military aircraft at any one time.

      With such a massive responsibility, the GAO found that the FAAs response during the study did not fully address the risks.

      “While acknowledging these weaknesses, agency officials stated that because portions of their systems are custom built and use older equipment with special-purpose operating systems, proprietary communication interfaces, and custom-built software, the possibilities for unauthorized access are limited,” the report noted.

      “Nevertheless, the proprietary features of these systems do not protect them from attack by disgruntled current or former employees, who understand these features, or from more sophisticated hackers.”

      “The complex air traffic control system relies on several interconnected systems. As a result, the weaknesses we identified may increase the risk to other systems,” the GAO said, sidestepping the FAAs defense that individual system vulnerabilities are mitigated by system redundancies and separate access control built into the overall air traffic control system architecture.

      Among other things, the watchdog body recommends that the FAA develop and implement policies and procedures to address as patch management and the reviewing and monitoring of physical access.

      The FAA is urged to review system security plans and enhance the security awareness training program to ensure that all employees and contractors receive information security awareness training, as well as system specific training, and that completion of the training is appropriately reported and tracked.

      The GAO also recommends that a process be developed to ensure that sensitive information is not publicly available on the Internet.

      /zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×