The United States’ system for guiding planes and other forms of aircraft is at an increased and unnecessary risk of being hacked.
A new Government Accountability Office report reveals that cybersecurity is “threatening the agency’s ability to ensure the safe and uninterrupted operation of the national airspace system.” The 42-page document entitled “Information Security: FAA Needs to Address Weaknesses in Air Traffic Control Systems” credits the FAA with taking steps to deter malicious hackers but concluded that significant security control weaknesses still remain.
One area of supcetibility, in particular, is the ability to prevent and detect unauthorized access to the vast network of computer and communication systems. These include controls for protecting system boundaries, identifying and authenticating users, authorizing users to access systems, encrypting sensitive data, and monitoring activity on the FAA’s systems, the report states.
The FAA relies on more than 100 of these air traffic systems to direct planes, with air traffic controllers responsible for an average of 2,850 flights at any given moment. As the Washington Post points out, 14,000 controllers work in three different types of facilities: 500 airport control towers that oversee landings and takeoffs; 160 facilities that direct planes to and from cruising altitudes; and 22 centers that supervise aircraft at cruising altitude.
According to the GAO’s latest findings, there are also a number of inadequate safeguards to prevent entry into the air traffic network from other, less-secure computer systems not directly involved in traffic operations. The report goes on to note that threats to the ATC system are on the rise, especially from terrorists, criminals and other foreign governments.
Among the other notable vulnerabilities listed in the report include security weaknesses identified by the FAA weren’t always addressed in timely fashion, control assessments weren’t always comprehensive enough to find weaknesses, and shortcomings in monitoring for hacking incidents or unauthorized entries mean the FAA may not be able to contain, eradicate or recover from incidents.
“These shortcomings put (national airspace) systems at increased and unnecessary risk of unauthorized access, use, or modification that could disrupt air traffic control operations,” the report concludes.
Interested in reading more? Access the entire report here. With the number of cyber attacks on the rise and no apparent end in sight, how can you ensure that your network is indeed protected?