Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Transportation Security United States IT

US Air Traffic Control System Is Riddled With Vulnerabilities 60

An anonymous reader writes: A recently released report (PDF) by the U.S. Government Accountability Office has revealed that despite some improvements, the Federal Aviation Administration (FAA) still needs to quash significant security control weaknesses that threaten the agency's ability to ensure the safe and uninterrupted operation of the national airspace system (NAS). The report found that while the "FAA established policies and procedures for controlling access to NAS systems and for configuring its systems securely, and it implemented firewalls and other boundary protection controls to protect the operational NAS environment [...] a significant number of weaknesses remain in the technical controls—including access controls, change controls, and patch management—that protect the confidentiality, integrity, and availability of its air traffic control systems."
This discussion has been archived. No new comments can be posted.

US Air Traffic Control System Is Riddled With Vulnerabilities

Comments Filter:
  • Ya Think? (Score:2, Funny)

    by AltGrendel ( 175092 )
    C'mon now.
    • Re:Ya Think? (Score:4, Informative)

      by digsbo ( 1292334 ) on Wednesday March 04, 2015 @12:43PM (#49181443)
      The FAA is one of a very few government agencies that takes its job seriously and focuses on quality. Honestly I hate government, but the FAA has been effective in promoting safety from the mechanical/traffic perspective. I'd trust them to take IT systems security seriously and delegate the work to competent engineers. Almost can't believe I'm saying this, but it would seem they have good workers.
      • Re:Ya Think? (Score:4, Insightful)

        by pete6677 ( 681676 ) on Wednesday March 04, 2015 @12:49PM (#49181515)

        Is this why the entire nation's ATC system limped along at a severely reduced capacity when a single Chicago facility was taken offline for 3 weeks due to a single contractor cutting a few cables?

        • A few cables? It was a LOT of cables actually and didn't he set a fire too? Also, didn't everybody get on the ground safely? I think they did their job...
          • Re:Ya Think? (Score:4, Insightful)

            by pete6677 ( 681676 ) on Wednesday March 04, 2015 @01:16PM (#49181771)

            Getting everyone on the ground safely is the pilots' job. Keeping planes in the air safely is ATC's job.

            • Re:Ya Think? (Score:4, Informative)

              by sabri ( 584428 ) on Wednesday March 04, 2015 @01:23PM (#49181839)

              Getting everyone on the ground safely is the pilots' job. Keeping planes in the air safely is ATC's job.

              Nope. Once an aircraft is moving on the ground under its own power, the flight has started and the pilot in command has the ultimate responsibility and authority over the safety of the flight. A pilot in command can deviate from any rule, clearance or law to the extent necessary to ensure the safety of the flight. [cornell.edu]

              • Sabri, your information is for general aviation flights operating under Part 91. For air carrier flights, that ultimate responsibility is shared between the pilot and the operator company. Safety, in particular separation of aircraft in the appropriate airspace is also a joint responsibility, that includes the air traffic control service provider.
          • by Zeek40 ( 1017978 )
            Over 10 miles of cable needed to be replace, and yes there was a fire. 18 server racks full of equipment needed to be replaced as well. The fire actually only damaged about 1/4 of the hardware mounted there, but the fire hoses took care of everything the fire didn't.
        • Or when several airports where completely shut down because of a buggy windows update?

          However, i'm not sure the lack of redundancy and failsafes for a specific function is a security issue. I do agre with the question being asked though.

      • I respect the FAA (Score:5, Interesting)

        by sjbe ( 173966 ) on Wednesday March 04, 2015 @12:58PM (#49181607)

        The FAA is one of a very few government agencies that takes its job seriously and focuses on quality.

        They're better than that. Surgeons in operating rooms are cribbing from the FAA for techniques and procedures to improve patient safety. The safety record of the airline industry is quite remarkable and the FAA deserves a huge amount of the credit for that achievement. I've worked as a quality engineer and whatever their other flaws might be, the FAA groks quality and safety as well as any organization I've ever seen.

        I'd trust them to take IT systems security seriously and delegate the work to competent engineers.

        As would I. The only thing I really worry about with the FAA is in keeping Congress from meddling with them too much. They are in my opinion one of the best run agencies in our government. That's not to say they don't have their flaws but on the big picture stuff, especially safety, they do a pretty good job overall even when they don't have all the resources they might.

        Almost can't believe I'm saying this, but it would seem they have good workers.

        Why should it shock you? We have many people in our government who are remarkably competent. I'd be happy to introduce you to some that I know personally. The FAA does not only have good workers but they have a safety first framework and have built a culture and procedures to support that. They also have the advantage of not being a political football for Congress to fight over. A good worker can be put into a system that doesn't work and chances are they will fail. Safety and reliability are NOT about competent people working hard. Those are important things but they will not get the job done unless you also have an organizational framework that supports them properly. The FAA has oversight over the entire process from certifying the airplanes before they even get built, to overseeing the ongoing maintenance and supply, to being able to force private companies to be grounded if they don't do what they are supposed to do when they are supposed to do it. They are able to get into all the corners of the industry that affect safety and they largely do a good job of ensuring that things are done properly like a regulator is suppose to.

      • by Lumpy ( 12016 )

        When they dont have the money they need, they cant do squat. The entire ATC system has been underfunded even before the Reagan years.

  • I like riddles.
  • Almost everyone that has seen the systems in place have know this for over 2 decades.

    It's a mess, an unholy mess that they really need to dump a couple billion into to do a full upgrade and redesign. The whole ATC system is a giant ball of bandaids.

    • Given the results of the government's most recent attempt to build a working website, I'm not sure a complete system could be built for any price.

  • I wonder how much that study cost.
  • by MagickalMyst ( 1003128 ) on Wednesday March 04, 2015 @02:05PM (#49182277)
    is dealing with the malfeasance regarding 9/11.

    Sure, these technical issues are very important and need to be addressed.

    But all of these issues are moot if the diabolical, elite villains are still in power.

    Even if the systems were patched and secure, they could still let another 9/11 happen if they choose to.
    • Even if the systems were patched and secure, they could still let another 9/11 happen if they choose to.

      This is insightful? The FAA has no ability to stop another 9/11. They can't reach out from their radar facilities and stop a nut in a plane from flying into a building. They can issue instructions, but have no way of forcing them to be followed. The controllers who had the flights of 9/11 on radar didn't "let" it happen, they watched it unfold without a way of stopping it.

      What DOES happen now is that anything that is deviating in a significant way from ATC instructions is handed to the Air Force for an in

  • I don't think we needed a report to know this. Last Octobers arson in Chicago was evidence that there are serious vulnerabilities with the FAA.
  • "Cyber-based threats to federal information systems such as those that FAA relies on for its ATC systems are evolving and growing .. Further, the growing interconnectivity among different types of information systems presents increasing opportunities for such attacks."

    Just who in their right minds connect an Air Traffic Control system to the Cybernet?

Genius is ten percent inspiration and fifty percent capital gains.

Working...