U.S. Air Traffic Control Found Vulnerable
The Federal Aviation Administration (FAA) has agreed to examine computer security at air traffic control centers around the country, following a government audit that found the systems insufficiently secured against cyber attacks.
Auditors found that the FAA hadn't adequately secured computers running at the 20 "en route centers" that direct high-altitude traffic nationwide. "While having limited exposure to the general public, en route center computer systems need to be better protected," reads the report, dated October 1st.
The assessment comes from the Department of Transportation's Office of Inspector General, in a yearly cyber security review required of all federal agencies under the 2002 Federal Information Security Management Act (FISMA). The review covers all of the Department's components, but signles out the FAA for special attention as custodian of the nation's air traffic control -- considered a "critical infrastructure" by presidential directive.
Auditors' other major complaint was that the FAA's security certification process was "limited to developmental systems located at FAA's Technical Center computer laboratory," and overlooked the systems once they were deployed. "FAA needs to commit to reviewing all operational air traffic control systems -- at en route, approach control, and airport terminal facilities," the report reads.