PDA

View Full Version : Air Traffic Control Systems Hackable, GAO Warns



Gold9472
09-27-2005, 05:58 PM
Air traffic control systems hackable, GAO warns
FAA defends 'very secure systems'

http://www.msnbc.msn.com/id/9503338/

The 2000 GAO Report
Click Here (http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-252)

The 1998 GAO Report
Click Here (http://www.globalsecurity.org/security/library/report/gao/aimd-98-155.htm)

Updated: 12:02 p.m. ET Sept. 27, 2005

WASHINGTON - High-tech networks that link key parts of the U.S. air traffic control system lack important controls and are potentially vulnerable to hackers and others familiar with how those computer programs work, congressional investigators concluded Monday.

The Government Accountability Office (GAO) said in an update to a 2000 report that the Federal Aviation Administration has made progress in protecting information technology systems and noted the agency's contention that its interconnected networks are secure.

Greg Martin, an FAA spokesman, said separately the investigation was too narrowly focused and the agency has adequate controls in place nationwide.

"They are very secure systems," Martin said. "There is a lot that the (report) failed to take into account."

Martin said any vulnerabilities are countered by several redundancies and other controls built throughout the information-technology architecture.

But the GAO, the investigative arm of Congress, nevertheless disclosed a series of gaps that include outdated security plans, inadequate awareness training, and questions about whether the FAA could detect intruders and keep the system up during a security breach.

"The agency has not adequately managed its networks, software updates, user accounts and passwords and user privileges," the GAO found.

Other information security controls — including physical security and background investigations — also have shortcomings that are not mitigated by special operating systems and custom software.

"The proprietary features of these systems cannot fully protect them from attacks by disgruntled current or former employees who are familiar with these features nor will they keep out more sophisticated hackers," the GAO said.

These networks help provide flight tracking and other information to air traffic controllers and flight crews. They serve hundreds of airport towers, approach control centers and facilities for handling high-altitude traffic.

"Interruptions of service by these systems could have a significant impact on air traffic nationwide," the GAO concluded.

The nation's air traffic system handled more than 46 million flights in 2004. More than 640 million people flew on commercial planes. At any one time, as many as 7,000 aircraft could be in the air.

The GAO review was conducted at FAA headquarters and three other sites.

Gold9472
09-27-2005, 06:13 PM
From The 2000 Report

Physical security management and controls at facilities that house ATC
systems are ineffective;
Systems security—for both operational and future systems—are
ineffective, rendering systems vulnerable; and
FAA’s management structure for implementing and enforcing computer
security policy is ineffective.

Gold9472
09-27-2005, 06:49 PM
"But Ptech did, in fact, have access to the design for FAA databases. And not only databases, but every aspect of the IT systems architecture including networks, middleware, interfaces, metadata, and access to all IT components. (http://www.yourbbsucks.com/forum/showthread.php?t=1169)"

Gold9472
09-27-2005, 08:25 PM
Am I crazy?

Gold9472
09-28-2005, 07:30 PM
Hello?

Gold9472
09-29-2005, 08:21 AM
Why won't anyone play with me?

Gold9472
03-03-2006, 07:42 PM
bump

Gold9472
04-11-2006, 06:17 PM
:bigcrying :bigcrying :bigcrying :bigcrying :bigcrying

Why won't anybody play with me?

beltman713
04-11-2006, 07:14 PM
Maybe they don't like the balls you brought to the game.

Gold9472
04-11-2006, 07:15 PM
Maybe they don't like the balls you brought to the game.

I posted this in September of last year...

MikeJr.
04-12-2006, 10:45 AM
I might not post any comments, but Jon I read every damn word you type.

Gold9472
04-12-2006, 10:48 AM
I might not post any comments, but Jon I read every damn word you type.

HA. When EF Hutton talks... people listen.