Information Security News mailing list archives
Audit scorches DOT security
From: William Knowles <wk () C4I ORG>
Date: Mon, 2 Oct 2000 22:58:17 -0500
http://www.fcw.com/fcw/articles/2000/1002/news-dotsec-10-02-00.asp BY Paula Shaki Trimble 10/02/2000 Information security weaknesses at the Federal Aviation Administration pale in comparison to the network vulnerabilities discovered at other Transportation Department administrations, according to a report released last week by DOTs Office of Inspector General. "I think FAAs in better shape than the rest of the department considerably better shape," said Kenneth Mead, DOTs inspector general, speaking to the House Science Committee Sept. 27. The committee was examining security problems in computers used for air traffic control as well as failures to comply with FAA policies requiring background checks for employees and contractors given access to the systems. The General Accounting Office informed the FAA in December 1999 that the agency had failed to conduct background checks on contractors hired to test and fix mission-critical systems for the Year 2000 rollover, said FAA Administrator Jane Garvey during the hearing. Professional hackers hired later to test the security of critical information technology systems also did not receive proper clearance. In response, the FAA, under the direction of DOTs chief information officer, completed thousands of security clearances for IT contractors, and audited and fixed IT security problems in systems at all FAA facilities. FAAs efforts to improve computer and personnel security could set an example for the rest of the agency, Mead said. During a nine-month review of computer networks at DOT headquarters, the IG found serious weaknesses in the agencys firewall security and lax enforcement of Internet security requirements specified by DOTs CIO. The IG found that unauthorized users within and outside the agency could access private Web sites. However, of the computers the investigators were able to penetrate, none were at the FAA or the U.S. Coast Guard, where DOTs most critical systems are located. George Molaski, DOTs CIO, said he is trying to get the resources allocated at the departmental level to assist the smaller administrations in implementing the required security systems and policy. Molaski has asked for an additional five IT security personnel at headquarters in the departments $1.1 million budget request for fiscal 2001. Although Transportation Secretary Rodney Slater has strived to create a unified DOT, some of the Transportation administrations "still believe its the wild, wild West and they can do what they want," Molaski said. "Security changes the dynamic because were all tied to the same backbone, and a vulnerability on one [administration] affects all the other [administrations]." *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Audit scorches DOT security William Knowles (Oct 02)