AAA  Mar. 2, 2015 6:30 PM ET
Watchdog: Air traffic control system is a hacking risk
By JOAN LOWY, Associated Press THE ASSOCIATED PRESS STATEMENT OF NEWS VALUES AND PRINCIPLES 
  •       AIM
  •       Share

Buy AP Photo Reprints

(AP) — The nation's system for guiding planes and other aircraft is at "increased and unnecessary risk" of being hacked, according to a report by government watchdog released Monday.

The Federal Aviation Administration has taken steps to protect the air traffic control system from cyber-based threats, but "significant security control weaknesses remain, threatening the agency's ability to ensure the safe and uninterrupted operation," said the report by the Government Accountability Office.

One area of weakness is the ability to prevent and detect unauthorized access to the vast network of computer and communications systems the FAA uses to process and track flights around the world, the report said. The FAA relies on more than 100 of these air traffic systems to direct planes.

There also are inadequate protections to prevent entry into air traffic computer systems from other, less-secure computer systems not directly involved in traffic operations, the report said.

Other problems identified in the report include:

—Security weaknesses identified by the FAA weren't always addressed in a timely way.

—Security control assessments by the agency weren't always comprehensive enough to find weaknesses.

—Shortcomings in monitoring for hacking incidents or unauthorized entries mean the FAA may not be able to "contain, eradicate or recover from incidents."

These weaknesses put the air traffic system "at increased and unnecessary risk of unauthorized access, use or modification that could disrupt air traffic control operations," the report said.

The accountability office made 14 recommendations to the FAA and another three to the Transportation Department.

Keith Washington, a Department of Transportation acting assistant security, said in a letter to the accountability office that the FAA is aware of the importance of the matter and has achieved several milestones in improving its cybersecurity.

FAA officials had no comment. The agency is part of the Transportation Department.

Following the report's release, the chairman and senior Democratic member of the Senate Commerce, Science and Transportation sent a letter to FAA Administer Michael Huerta asking for a "full accounting on the status" of the accountability office's recommendations.

"These vulnerabilities have the potential to compromise the safety and efficiency of the national airspace system, which the traveling public relies on each and every day," said Sens. John Thune, R-S.D., and Bill Nelson, D-Fla. They called the report "troubling."

__

Online:

Government Accountability Office report — http://www.gao.gov/products/GAO-15-221

__

Follow Joan Lowy on Twitter at http://www.twitter.com/AP_Joan_Lowy

Associated Press
  •       AIM
  •       Share



©  Associated Press. All Rights Reserved.