Report: Air traffic vulnerable to hackers

[InfoSec News <isn () C4I ORG>]

http://www.usatoday.com/life/cyber/tech/cti588.htm

09/27/00- Updated 10:26 AM ET

Congressional review finds 'pervasive weaknesses'
in air traffic computer system security programs

By Blake Morrison, USA TODAY

WASHINGTON  The nation's air-traffic control system could be
vulnerable to hackers because the Federal Aviation Administration has
failed to adequately address ''pervasive weaknesses in its computer
security programs,'' a congressional report to be released Wednesday
contends.

In addition, General Accounting Office (GAO) investigators found the
agency has not performed adequate background checks on computer
experts hired to spot system vulnerabilities or on foreign nationals
hired to tackle Y2K problems.

''As a result,'' the report reads, ''FAA allowed and is continuing to
allow contractors to undertake sensitive assessments of the weaknesses
in its systems without sufficient assurance that the individuals
performing these assessments are reliable and trustworthy.''

The report by the GAO, the investigative arm of Congress, does not
address what sort of problems hackers could create, and FAA officials
downplayed any threats Tuesday. ''We think there are stringent
protections which we're moving to improve daily,'' spokesman Eliot
Brenner said. ''There are multiple layers of protection, and we take
the security of the air-traffic system seriously.''

Members of the House Science Committee have scheduled a hearing for
Wednesday to review FAA efforts to correct the shortcomings, many of
which Brenner said the agency already has taken steps to remedy. Even
so, he said, the FAA ''is in full agreement'' with the report's
recommendations.

The GAO review is the watchdog group's fourth such assessment of the
FAA's computer security system in the past three years. All have
detailed what the GAO calls ''significant'' security problems.

According to the report to be released Wednesday:

FAA officials have allowed background checks for many senior agency
employees with top-secret security clearances to lapse.

''Of 350 headquarters employees with Top Secret clearances,'' the
report reads, ''75 were overdue for reinvestigations.'' One employee
had not been investigated since 1973, the report says.

Officials have failed to inspect and secure ''numerous air-traffic
control facilities.'' Access to the facilities is not being regulated
adequately, the report says, and the FAA continues ''to lack assurance
that it can effectively prevent the loss or damage of its property,
injury of its employees, and compromise of its ability to perform
critical aviation functions.''

The agency ''has made little progress'' in assessing its operating
systems and therefore ''does not know how vulnerable many of its
systems are and has little basis for determining what protective
measures are required.''

Despite the findings, FAA Administrator Jane Garvey is expected to
testify Wednesday that the agency ''has taken the steps necessary to
close the gaps identified by the GAO.''

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".