Information Security News mailing list archives
Report: Air traffic vulnerable to hackers
From: InfoSec News <isn () C4I ORG>
Date: Thu, 28 Sep 2000 03:49:46 -0500
http://www.usatoday.com/life/cyber/tech/cti588.htm 09/27/00- Updated 10:26 AM ET Congressional review finds 'pervasive weaknesses' in air traffic computer system security programs By Blake Morrison, USA TODAY WASHINGTON The nation's air-traffic control system could be vulnerable to hackers because the Federal Aviation Administration has failed to adequately address ''pervasive weaknesses in its computer security programs,'' a congressional report to be released Wednesday contends. In addition, General Accounting Office (GAO) investigators found the agency has not performed adequate background checks on computer experts hired to spot system vulnerabilities or on foreign nationals hired to tackle Y2K problems. ''As a result,'' the report reads, ''FAA allowed and is continuing to allow contractors to undertake sensitive assessments of the weaknesses in its systems without sufficient assurance that the individuals performing these assessments are reliable and trustworthy.'' The report by the GAO, the investigative arm of Congress, does not address what sort of problems hackers could create, and FAA officials downplayed any threats Tuesday. ''We think there are stringent protections which we're moving to improve daily,'' spokesman Eliot Brenner said. ''There are multiple layers of protection, and we take the security of the air-traffic system seriously.'' Members of the House Science Committee have scheduled a hearing for Wednesday to review FAA efforts to correct the shortcomings, many of which Brenner said the agency already has taken steps to remedy. Even so, he said, the FAA ''is in full agreement'' with the report's recommendations. The GAO review is the watchdog group's fourth such assessment of the FAA's computer security system in the past three years. All have detailed what the GAO calls ''significant'' security problems. According to the report to be released Wednesday: FAA officials have allowed background checks for many senior agency employees with top-secret security clearances to lapse. ''Of 350 headquarters employees with Top Secret clearances,'' the report reads, ''75 were overdue for reinvestigations.'' One employee had not been investigated since 1973, the report says. Officials have failed to inspect and secure ''numerous air-traffic control facilities.'' Access to the facilities is not being regulated adequately, the report says, and the FAA continues ''to lack assurance that it can effectively prevent the loss or damage of its property, injury of its employees, and compromise of its ability to perform critical aviation functions.'' The agency ''has made little progress'' in assessing its operating systems and therefore ''does not know how vulnerable many of its systems are and has little basis for determining what protective measures are required.'' Despite the findings, FAA Administrator Jane Garvey is expected to testify Wednesday that the agency ''has taken the steps necessary to close the gaps identified by the GAO.'' ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Report: Air traffic vulnerable to hackers InfoSec News (Sep 28)